Merge pull request #19 from SimLibaud/feature/js-client

Add Javascript module which allows to generate links depending on user routes access rules

Author: SimLibaud

.gitignore

@@ -1,3 +1,5 @@
 composer.lock
 vendor/*
-
+node_modules/*
+yarn.lock
+yarn-error.log

Controller/ExportJsSecuredRoutesController.php

@@ -0,0 +1,79 @@
+<?php
+declare(strict_types=1);
+
+namespace Sil\RouteSecurityBundle\Controller;
+
+use Sil\RouteSecurityBundle\Exception\LogicException;
+use Sil\RouteSecurityBundle\Security\AccessControl;
+use Symfony\Component\Cache\Adapter\FilesystemAdapter;
+use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Contracts\Cache\ItemInterface;
+use Twig\Environment;
+
+class ExportJsSecuredRoutesController
+{
+    /** @var AccessControl */
+    private $accessControl;
+
+    /** @var TokenStorageInterface */
+    private $tokenStorage;
+
+    /** @var Environment */
+    private $twig;
+
+    /** @var string */
+    private $cacheDir;
+
+    /**
+     * @param AccessControl $accessControl
+     * @param TokenStorageInterface $tokenStorage
+     * @param Environment $twig
+     * @param string $cacheDir
+     */
+    public function __construct(AccessControl $accessControl, TokenStorageInterface $tokenStorage, Environment $twig, string $cacheDir)
+    {
+        $this->accessControl = $accessControl;
+        $this->tokenStorage = $tokenStorage;
+        $this->twig = $twig;
+        $this->cacheDir = $cacheDir;
+    }
+
+    /**
+     * @return Response
+     * @throws \Psr\Cache\InvalidArgumentException
+     */
+    public function exportAction()
+    {
+        if (null === $this->tokenStorage->getToken()) {
+            throw new LogicException('Unable to retrive the current user. The token storage does not contain security token.');
+        }
+
+        if (false === $this->tokenStorage->getToken()->getUser() instanceof UserInterface) {
+            throw new LogicException(sprintf('The security token must containt an User object that implements %s', UserInterface::class));
+        }
+
+        $user = $this->tokenStorage->getToken()->getUser();
+
+        $cacheKey = md5($user->getUsername().json_encode($user->getRoles()));
+
+        $cache = new FilesystemAdapter('sil_route_security_bundle', 0, $this->cacheDir);
+
+        $securedRoutesWithUserPermission = $cache->get($cacheKey, function (ItemInterface $item) use ($user){
+            $item->expiresAfter(3600);
+
+            $securedRoutesWithUserPermission = [];
+            foreach ($this->accessControl->getAllSecuredRoutes() as $route) {
+                $securedRoutesWithUserPermission[$route] = $this->accessControl->hasUserAccessToRoute($user, $route);
+            }
+
+            return $securedRoutesWithUserPermission;
+        });
+
+        return new Response($this->twig->render(
+            '@SilRouteSecurity/secured_routes.js.twig',
+            ['securedRoutes' => $securedRoutesWithUserPermission]
+        ), 200, ['Content-Type' => 'application/javascript']);
+    }
+}

README.md

@@ -1,8 +1,7 @@
 [![Scrutinizer Code Quality](https://scrutinizer-ci.com/g/SimLibaud/SilRouteSecurityBundle/badges/quality-score.png?b=master)](https://scrutinizer-ci.com/g/SimLibaud/SilRouteSecurityBundle/?branch=master)
 [![Build Status](https://scrutinizer-ci.com/g/SimLibaud/SilRouteSecurityBundle/badges/build.png?b=master)](https://scrutinizer-ci.com/g/SimLibaud/SilRouteSecurityBundle/build-status/master)
 [![Code Coverage](https://scrutinizer-ci.com/g/SimLibaud/SilRouteSecurityBundle/badges/coverage.png?b=master)](https://scrutinizer-ci.com/g/SimLibaud/SilRouteSecurityBundle/?branch=master)
-[![SensioLabsInsight](https://insight.sensiolabs.com/projects/fbed9290-6c11-4461-b386-cf0cb46fc43e/mini.png)](https://insight.sensiolabs.com/projects/fbed9290-6c11-4461-b386-cf0cb46fc43e)
-
+[![SymfonyInsight](https://insight.symfony.com/projects/0fe7d7d4-60ff-4f1c-a12f-c99d6510fafb/mini.svg)](https://insight.symfony.com/projects/0fe7d7d4-60ff-4f1c-a12f-c99d6510fafb)
 # SilRouteSecurityBundle
 
 This bundle provide a way to secure accesses to all routes of your application and adapt the view according to the logged user.
@@ -38,6 +37,16 @@ public function registerBundles()
 }
 ```
 
+## Add routes configuration
+
+Routes are only required if you want to use the Javascript part of this bundle.
+
+```yaml
+# app/config/routes/sil_route_security.yaml
+sil_route_security:
+    resource: "@SilRouteSecurityBundle/Resources/config/routing.yaml"
+```
+
 # Configuration
 
 You can configure the bundle under the `sil_route_security` key. 
@@ -120,7 +129,11 @@ For exemple, you can inject this service into your `UserFormType` to configure t
 
 # Adapt template view
 
-The bundle expose 3 twig functions that allow you to generate view according to the roles of user.
+The bundle expose :
+* Twig functions that allow you to generate view according to the roles of user.
+* Javascript object that allow you to generate view according to the roles of user.
+
+## Twig
 
 #### `hasUserAccessToRoute`
 
@@ -168,6 +181,35 @@ The bundle expose 3 twig functions that allow you to generate view according to
 {% endif %}
 ```
 
+## Javascript
+
+### Installation
+
+To load it globally, add the following line to your template:
+
+```html
+<script type="text/javascript" src="{{ asset('bundles/silroutesecurity/js/sil_route_security.min.js') }}"></script>
+<script src="{{ path('sil_route_security.export_js_secured_routes') }}"></script>
+```
+
+### Usage
+
+```javascript
+if (SilRouteSecurity.hasUserAccessToRoute('name_of_route')) {
+    console.log('Current authenticated user has access to route')
+}
+
+if (SilRouteSecurity.hasUserAccessToRoutes(['name_of_route_1', 'name_of_route_2'])) {
+    console.log('Current authenticated user has access to all routes')
+}
+
+if (SilRouteSecurity.hasUserAccessAtLeastOneRoute(['name_of_route_1', 'name_of_route_2'])) {
+    console.log('Current authenticated user has access to one of this routes')
+}
+```
+
+
+
 # Access denied behavior
 
 When user access to secured route and does not have the right, an `AccessDeniedException` is throw. The framework will convert it to a 403 response.

Resources/config/routing.yaml

@@ -0,0 +1,4 @@
+sil_route_security.export_js_secured_routes:
+    path:  /sil-route-security/export-js-secured-routes.js
+    defaults: { _controller: sil_route_security.controller.export_js_secured_routes::exportAction }
+    methods:  [GET]

Resources/config/services.xml

@@ -44,5 +44,13 @@
         </service>
         <service id="Sil\RouteSecurityBundle\Role\RolesProvider" alias="sil_route_security.roles_provider"/>
 
+        <service id="sil_route_security.controller.export_js_secured_routes" class="Sil\RouteSecurityBundle\Controller\ExportJsSecuredRoutesController">
+            <argument type="service" id="sil_route_security.access_control"></argument>
+            <argument type="service" id="security.untracked_token_storage"></argument>
+            <argument type="service" id="twig" />
+            <argument>%kernel.cache_dir%</argument>
+            <tag name="controller.service_arguments"></tag>
+        </service>
+
     </services>
 </container>

Resources/js/sil_route_security.js

@@ -0,0 +1,50 @@
+const SilRouteSecurity = {
+    allSecuredRoutesWithCurrentUserIsAccess: {},
+
+    /**
+     * @param {String} route
+     * @param {Boolean} hasAccess
+     * @return {Object} SilRouteSecurity
+     */
+    addSecuredRoutes: function(route, hasAccess) {
+        this.allSecuredRoutesWithCurrentUserIsAccess[route] = hasAccess
+    },
+
+    /**
+     * @param {String} route
+     * @return {Boolean}
+     */
+    hasUserAccessToRoute: function(route) {
+        return this.allSecuredRoutesWithCurrentUserIsAccess.hasOwnProperty(route)
+            ? this.allSecuredRoutesWithCurrentUserIsAccess[route]
+            : true
+    },
+
+    /**
+     * @param {Array} route
+     * @return {Boolean}
+     */
+    hasUserAccessAtLeastOneRoute: function(routes) {
+        for(let x = 0; x < routes.length; x++) {
+            if (this.hasUserAccessToRoute(routes[x])) {
+                return true
+            }
+        }
+
+        return false
+    },
+
+    /**
+     * @param {Array} route
+     * @return {Boolean}
+     */
+    hasUserAccessToRoutes: function(routes) {
+        for(let x = 0; x < routes.length; x++) {
+            if (!this.hasUserAccessToRoute(routes[x])) {
+                return false
+            }
+        }
+
+        return true
+    }
+}

Resources/public/js/sil_route_security.min.js

@@ -0,0 +1,4 @@
+// List of secured routes and associated permissions for current authenticated user
+{% for securedRoute, hasUserAccess in securedRoutes %}
+SilRouteSecurity.addSecuredRoutes('{{ securedRoute }}', {{ hasUserAccess ? 'true': 'false' }});
+{% endfor %}

Resources/views/secured_routes.js.twig

@@ -0,0 +1,61 @@
+<?php
+declare(strict_types=1);
+
+namespace Sil\RouteSecurityBundle\Tests\Controller;
+
+
+use Sil\RouteSecurityBundle\Tests\WebTestCase;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+class ExportJsSecuredRoutesControllerTest extends WebTestCase
+{
+    public function testWithUnauthenticatedUser()
+    {
+        $client  = static::createClient();
+
+        $crawler  = $client->request('GET', '/sil-route-security/export-js-secured-routes.js');
+        $response = $client->getResponse();
+
+        $this->assertEquals(500, $response->getStatusCode());
+    }
+
+    public function testWithUserHasAccessToRoute()
+    {
+        $client  = static::createClient();
+
+        $user = $this->createMock(UserInterface::class);
+        $user->method('getRoles')->willReturn(['ROLE_APP_SECURED_ROUTE_TEST']);
+        $client->loginUser($user);
+
+        $crawler  = $client->request('GET', '/sil-route-security/export-js-secured-routes.js');
+        $response = $client->getResponse();
+
+        $this->assertEquals(200, $response->getStatusCode());
+        $this->assertEquals(<<<JAVASCRIPT
+// List of secured routes and associated permissions for current authenticated user
+SilRouteSecurity.addSecuredRoutes('app_secured_route_test', true);
+
+JAVASCRIPT
+       , $response->getContent());
+    }
+
+    public function testWithUserHasNotAccessToRoute()
+    {
+        $client  = static::createClient();
+
+        $user = $this->createMock(UserInterface::class);
+        $user->method('getRoles')->willReturn([]);
+        $client->loginUser($user);
+
+        $crawler  = $client->request('GET', '/sil-route-security/export-js-secured-routes.js');
+        $response = $client->getResponse();
+
+        $this->assertEquals(200, $response->getStatusCode());
+        $this->assertEquals(<<<JAVASCRIPT
+// List of secured routes and associated permissions for current authenticated user
+SilRouteSecurity.addSecuredRoutes('app_secured_route_test', false);
+
+JAVASCRIPT
+            , $response->getContent());
+    }
+}

Tests/Controller/ExportJsSecuredRoutesControllerTest.php

@@ -0,0 +1,63 @@
+<?php
+declare(strict_types=1);
+
+namespace Sil\RouteSecurityBundle\Tests\Fixtures;
+
+use Symfony\Component\Config\Loader\LoaderInterface;
+use Symfony\Component\HttpKernel\Kernel;
+
+/**
+ * App Test Kernel for functional tests.
+ */
+class AppKernel extends Kernel
+{
+    public function __construct($environment, $debug)
+    {
+        parent::__construct($environment, $debug);
+    }
+
+    public function registerBundles()
+    {
+        return array(
+            new \Symfony\Bundle\FrameworkBundle\FrameworkBundle(),
+            new \Symfony\Bundle\TwigBundle\TwigBundle(),
+            new \Sil\RouteSecurityBundle\SilRouteSecurityBundle(),
+            new \Symfony\Bundle\SecurityBundle\SecurityBundle()
+        );
+    }
+
+    public function getRootDir()
+    {
+        return __DIR__;
+    }
+
+    public function getProjectDir()
+    {
+        return __DIR__.'/../';
+    }
+
+    public function getCacheDir()
+    {
+        return sys_get_temp_dir().'/'.Kernel::VERSION.'/sil-route-security/cache/'.$this->environment;
+    }
+
+    public function getLogDir()
+    {
+        return sys_get_temp_dir().'/'.Kernel::VERSION.'/sil-route-security/logs';
+    }
+
+    public function registerContainerConfiguration(LoaderInterface $loader)
+    {
+        $loader->load(__DIR__.'/config/base_config.yaml');
+    }
+
+    public function serialize()
+    {
+        return serialize(array($this->getEnvironment(), $this->isDebug()));
+    }
+
+    public function unserialize($str)
+    {
+        call_user_func_array(array($this, '__construct'), unserialize($str));
+    }
+}