Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-09-03 13:33:48 +00:00
Code Issues Actions Projects Releases Wiki Activity

wip.. adapt EventVoter to sf3

Browse Source
This commit is contained in:
Tchama
2019-01-17 16:21:35 +01:00
parent c235fb75a7
commit 15ff92257c
5 changed files with 103 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

117
Security/Authorization/EventVoter.php
View File

@@ -9,6 +9,10 @@ use Chill\MainBundle\Security\ProvideRoleHierarchyInterface;
use Chill\EventBundle\Entity\Event;
use Chill\MainBundle\Security\Authorization\AuthorizationHelper;
use Chill\MainBundle\Entity\User;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
use Psr\Log\LoggerInterface;
/**
* Description of EventVoter
@@ -18,53 +22,114 @@ use Chill\MainBundle\Entity\User;
*/
class EventVoter extends AbstractChillVoter implements ProvideRoleHierarchyInterface
{
const SEE = 'CHILL_EVENT_SEE';
const SEE_DETAILS = 'CHILL_EVENT_SEE_DETAILS';
const CREATE = 'CHILL_EVENT_CREATE';
const UPDATE = 'CHILL_EVENT_UPDATE';
const ROLES = [
self::SEE,
self::SEE_DETAILS,
self::CREATE,
self::UPDATE
];
/**
* @var AuthorizationHelper
*/
protected $authorizationHelper;
public function __construct(AuthorizationHelper $helper)
/**
* @var AccessDecisionManagerInterface
*/
protected $accessDecisionManager;
/**
* @var LoggerInterface
*/
protected $logger;
public function __construct(
AccessDecisionManagerInterface $accessDecisionManager,
AuthorizationHelper $authorizationHelper,
LoggerInterface $logger
)
{
$this->authorizationHelper = $helper;
$this->accessDecisionManager = $accessDecisionManager;
$this->authorizationHelper = $authorizationHelper;
$this->logger = $logger;
}
protected function getSupportedAttributes()
public function supports($attribute, $subject)
{
return array(self::SEE, self::SEE_DETAILS,
self::CREATE, self::UPDATE);
return ($subject instanceof Event && in_array($attribute, self::ROLES))
||
($subject instanceof Person && \in_array($attribute, [ self::CREATE, self::SEE ]))
||
(NULL === $subject && $attribute === self::SEE )
;
}
protected function getSupportedClasses()
/**
*
* @param string $attribute
* @param Event $subject
* @param TokenInterface $token
* @return boolean
*/
protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
{
return array(Event::class);
}
protected function isGranted($attribute, $event, $user = null)
{
if (!$user instanceof User) {
return false;
}
$this->logger->debug(sprintf("Voting from %s class", self::class));
return $this->authorizationHelper->userHasAccess($user, $event, $attribute);
if (!$token->getUser() instanceof User) {
return false;
}
if ($subject instanceof Event) {
if ($subject->getPerson() === null) {
throw new \LogicException("You should associate a person with event "
. "in order to check autorizations");
}
$person = $subject->getPerson();
} elseif ($subject instanceof Person) {
$person = $subject;
} else {
// subject is null. We check that at least one center is reachable
$centers = $this->authorizationHelper->getReachableCenters($token->getUser(), new Role($attribute));
return count($centers) > 0;
}
if (!$this->accessDecisionManager->decide($token, [PersonVoter::SEE], $person)) {
return false;
}
return $this->authorizationHelper->userHasAccess(
$token->getUser(),
$subject,
$attribute
);
}
public function getRoles()
{
return $this->getSupportedAttributes();
return self::ROLES;
}
public function getRolesWithHierarchy()
{
return [
'Event' => self::ROLES
];
}
public function getRolesWithoutScope()
{
return null;
return [];
}
public function getRolesWithHierarchy()
{
return [ 'Event' => $this->getRoles() ];
}
}