Skip to content

IBX-10170: Introduced AccessCheckController contract #111

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Jul 10, 2025
Merged

IBX-10170: Introduced AccessCheckController contract #111

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
293d4b0
IBX-10170: Introduced AccessCheckController contract
ViniTou Jun 18, 2025
51b55b0
IBX-10170: renamed to RestrictedControllerInterface
ViniTou Jun 24, 2025
cf2acf3
IBX-10170: Make access check work with all types of controller refere…
ViniTou Jun 24, 2025
0daae07
cs fix
ViniTou Jun 24, 2025
10124be
added phpdoc
ViniTou Jun 24, 2025
2ba7b59
moved from ControllerArgumentsEvent to ControllerEvent
ViniTou Jul 1, 2025
0e801fb
applied cr remarks
ViniTou Jul 4, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 0 additions & 4 deletions src/bundle/Controller/Controller.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,8 +12,4 @@

abstract class Controller extends AbstractController
{
public function performAccessCheck(): void
{
$this->denyAccessUnlessGranted('IS_AUTHENTICATED_REMEMBERED');
}
}
6 changes: 5 additions & 1 deletion src/bundle/Controller/PasswordChangeController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,8 @@

use Exception;
use Ibexa\Contracts\Core\Repository\UserService;
use Ibexa\Contracts\User\Controller\AccessCheckController;
use Ibexa\Contracts\User\Controller\AuthenticatedRememberedCheckTrait;
use Ibexa\Core\MVC\Symfony\SiteAccess;
use Ibexa\User\ExceptionHandler\ActionResultHandler;
use Ibexa\User\Form\Factory\FormFactory;
Expand All @@ -20,8 +22,10 @@
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;

class PasswordChangeController extends Controller
class PasswordChangeController extends Controller implements AccessCheckController
{
use AuthenticatedRememberedCheckTrait;

private ActionResultHandler $actionResultHandler;

private UserService $userService;
Expand Down
6 changes: 5 additions & 1 deletion src/bundle/Controller/UserInvitationController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@

namespace Ibexa\Bundle\User\Controller;

use Ibexa\Contracts\User\Controller\AccessCheckController;
use Ibexa\Contracts\User\Controller\AuthenticatedRememberedCheckTrait;
use Ibexa\Contracts\User\Invitation\Exception\InvitationAlreadyExistsException;
use Ibexa\Contracts\User\Invitation\Exception\UserAlreadyExistsException;
use Ibexa\Contracts\User\Invitation\InvitationCreateStruct;
Expand All @@ -20,8 +22,10 @@
use Symfony\Component\Form\FormFactoryInterface;
use Symfony\Component\HttpFoundation\Request;

final class UserInvitationController extends Controller
final class UserInvitationController extends Controller implements AccessCheckController
{
use AuthenticatedRememberedCheckTrait;

private InvitationService $invitationService;

private InvitationSender $mailSender;
Expand Down
6 changes: 5 additions & 1 deletion src/bundle/Controller/UserSettingsController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,8 @@
namespace Ibexa\Bundle\User\Controller;

use Ibexa\Contracts\Core\Repository\PermissionResolver;
use Ibexa\Contracts\User\Controller\AccessCheckController;
use Ibexa\Contracts\User\Controller\AuthenticatedRememberedCheckTrait;
use Ibexa\User\ExceptionHandler\ActionResultHandler;
use Ibexa\User\Form\Data\UserSettingUpdateData;
use Ibexa\User\Form\Factory\FormFactory;
Expand All @@ -24,8 +26,10 @@
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;

class UserSettingsController extends Controller
class UserSettingsController extends Controller implements AccessCheckController
{
use AuthenticatedRememberedCheckTrait;

private FormFactory $formFactory;

private SubmitHandler $submitHandler;
Expand Down
1 change: 0 additions & 1 deletion src/bundle/Resources/config/services/controllers.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@ services:
Ibexa\Bundle\User\Controller\Controller:
calls:
- [setContainer , ['@Psr\Container\ContainerInterface']]
- [performAccessCheck, []]

Ibexa\Bundle\User\Controller\PasswordResetController:
calls:
Expand Down
14 changes: 14 additions & 0 deletions src/contracts/Controller/AccessCheckController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
<?php

/**
* @copyright Copyright (C) Ibexa AS. All rights reserved.
* @license For full copyright and license information view LICENSE file distributed with this source code.
*/
declare(strict_types=1);

namespace Ibexa\Contracts\User\Controller;

interface AccessCheckController
{
public function performAccessCheck(): void;
}
17 changes: 17 additions & 0 deletions src/contracts/Controller/AuthenticatedRememberedCheckTrait.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
<?php

/**
* @copyright Copyright (C) Ibexa AS. All rights reserved.
* @license For full copyright and license information view LICENSE file distributed with this source code.
*/
declare(strict_types=1);

namespace Ibexa\Contracts\User\Controller;

trait AuthenticatedRememberedCheckTrait
{
public function performAccessCheck(): void
{
$this->denyAccessUnlessGranted('IS_AUTHENTICATED_REMEMBERED');
}
}
31 changes: 31 additions & 0 deletions src/lib/EventListener/PerformAccessCheckSubscriber.php
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
<?php

/**
* @copyright Copyright (C) Ibexa AS. All rights reserved.
* @license For full copyright and license information view LICENSE file distributed with this source code.
*/
declare(strict_types=1);

namespace Ibexa\User\EventListener;

use Ibexa\Contracts\User\Controller\AccessCheckController;
use Symfony\Component\EventDispatcher\EventSubscriberInterface;
use Symfony\Component\HttpKernel\Event\ControllerArgumentsEvent;

final class PerformAccessCheckSubscriber implements EventSubscriberInterface
{
public function onControllerArgumentsEvent(ControllerArgumentsEvent $event): void
{
$controller = $event->getController();
if (is_array($controller) && $controller[0] instanceof AccessCheckController) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm pretty sure this can also be an invoke'able object (with __invoke method). While we ourselves never use controllers like that, there is nothing stoping someone else from doing so - since it's in Contracts namespace.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was just moving this from admin-ui, but you are right - fixed.
Also, string callables with static methods are also possible so I tried to handle those as well.

$controller[0]->performAccessCheck();
}
}

public static function getSubscribedEvents(): array
{
return [
ControllerArgumentsEvent::class => 'onControllerArgumentsEvent',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Isn't kernel.controller event more appropriate?

This event is dispatched after the controller has been resolved but before executing it. It's useful to initialize things later needed by the controller...

kernel.controller_arguments has a different purpose.

This event is dispatched just before a controller is called. It's useful to configure the arguments that are going to be passed to the controller.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not sure, it could be to early and arguments for controller are still not set. @adamwojs , did you tried mentioned one?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I checked this out, and it seems that everything is working properly wirh kernel.controller.

2ba7b59

];
}
}
Loading