Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-06-14 06:14:23 +00:00
Code Issues Actions Projects Releases Wiki Activity

wip.. adapt EventVoter to sf3

Browse Source
This commit is contained in:
Tchama 2019-01-17 16:21:35 +01:00
parent c235fb75a7
commit 15ff92257c
5 changed files with 103 additions and 47 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
Menu/PersonMenuBuilder.php
View File

@ -2,21 +2,15 @@
namespace Chill\EventBundle\Menu; namespace Chill\EventBundle\Menu;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
use Symfony\Component\Translation\TranslatorInterface; use Symfony\Component\Translation\TranslatorInterface;
use Symfony\Component\Security\Core\Role\Role; use Symfony\Component\Security\Core\Role\Role;
use Knp\Menu\MenuItem; use Knp\Menu\MenuItem;
use Chill\MainBundle\Routing\LocalMenuBuilderInterface; use Chill\MainBundle\Routing\LocalMenuBuilderInterface;
use Chill\MainBundle\Security\Authorization\AuthorizationHelper;
use Chill\EventBundle\Security\Authorization\EventVoter; use Chill\EventBundle\Security\Authorization\EventVoter;
class PersonMenuBuilder implements LocalMenuBuilderInterface class PersonMenuBuilder implements LocalMenuBuilderInterface
{ {
/**
*
* @var TokenStorageInterface
*/
protected $tokenStorage;
/** /**
* *
@ -26,18 +20,16 @@ class PersonMenuBuilder implements LocalMenuBuilderInterface
/** /**
* *
* @var AuthorizationHelper * @var AuthorizationCheckerInterface
*/ */
protected $authorizationHelper; protected $authorizationChecker;
public function __construct( public function __construct(
AuthorizationHelper $authorizationHelper, AuthorizationCheckerInterface $authorizationChecker,
TokenStorageInterface $tokenStorage,
TranslatorInterface $translator TranslatorInterface $translator
) { ) {
$this->tokenStorage = $tokenStorage; $this->authorizationChecker = $authorizationChecker;
$this->translator = $translator; $this->translator = $translator;
$this->authorizationHelper = $authorizationHelper;
} }
@ -46,11 +38,7 @@ class PersonMenuBuilder implements LocalMenuBuilderInterface
/* @var $person \Chill\PersonBundle\Entity\Person */ /* @var $person \Chill\PersonBundle\Entity\Person */
$person = $parameters['person']; $person = $parameters['person'];
$user = $this->tokenStorage->getToken()->getUser(); if ($this->authorizationChecker->isGranted(EventVoter::SEE, $person)) {
$roleSee = new Role(EventVoter::SEE);
// ASK use authorizationHelper or authorizationChecker ??
if ($this->authorizationHelper->userHasAccess($user, $person, $roleSee)) {
$menu->addChild($this->translator->trans('Events participation'), [ $menu->addChild($this->translator->trans('Events participation'), [
'route' => 'chill_event__list_by_person', 'route' => 'chill_event__list_by_person',

2
Resources/config/services/authorization.yml
View File

@ -2,7 +2,9 @@ services:
chill_event.event_voter: chill_event.event_voter:
class: Chill\EventBundle\Security\Authorization\EventVoter class: Chill\EventBundle\Security\Authorization\EventVoter
arguments: arguments:
- "@security.access.decision_manager"
- "@chill.main.security.authorization.helper" - "@chill.main.security.authorization.helper"
- "@logger"
tags: tags:
- { name: chill.role } - { name: chill.role }
- { name: security.voter } - { name: security.voter }

3
Resources/config/services/menu.yml
View File

@ -1,8 +1,7 @@
services: services:
Chill\EventBundle\Menu\PersonMenuBuilder: Chill\EventBundle\Menu\PersonMenuBuilder:
arguments: arguments:
$authorizationHelper: '@Chill\MainBundle\Security\Authorization\AuthorizationHelper' $authorizationChecker: '@Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface'
$tokenStorage: '@Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface'
$translator: '@Symfony\Component\Translation\TranslatorInterface' $translator: '@Symfony\Component\Translation\TranslatorInterface'
tags: tags:
- { name: 'chill.menu_builder' } - { name: 'chill.menu_builder' }

4
Resources/views/Event/listByPerson.html.twig
View File

@ -50,7 +50,8 @@
<td> <td>
<ul class="record_actions"> <ul class="record_actions">
<li> <li>
{% if is_granted('CHILL_EVENT_SEE_DETAILS', participation.event) %} #} {#
{% if is_granted('CHILL_EVENT_SEE_DETAILS', participation.event) %}
<a href="{{ path('chill_event__event_show', { 'event_id' : participation.event.id } ) }}" class="sc-button black"> <a href="{{ path('chill_event__event_show', { 'event_id' : participation.event.id } ) }}" class="sc-button black">
{{ 'See'|trans }} {{ 'See'|trans }}
</a> </a>
@ -65,6 +66,7 @@
{{ 'Edit'|trans }} {{ 'Edit'|trans }}
</a> </a>
{% endif %} {% endif %}
#}
</li> </li>
</ul> </ul>
</td> </td>

117
Security/Authorization/EventVoter.php
View File

@ -9,6 +9,10 @@ use Chill\MainBundle\Security\ProvideRoleHierarchyInterface;
use Chill\EventBundle\Entity\Event; use Chill\EventBundle\Entity\Event;
use Chill\MainBundle\Security\Authorization\AuthorizationHelper; use Chill\MainBundle\Security\Authorization\AuthorizationHelper;
use Chill\MainBundle\Entity\User; use Chill\MainBundle\Entity\User;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
use Psr\Log\LoggerInterface;
/** /**
* Description of EventVoter * Description of EventVoter
@ -18,53 +22,114 @@ use Chill\MainBundle\Entity\User;
*/ */
class EventVoter extends AbstractChillVoter implements ProvideRoleHierarchyInterface class EventVoter extends AbstractChillVoter implements ProvideRoleHierarchyInterface
{ {
const SEE = 'CHILL_EVENT_SEE'; const SEE = 'CHILL_EVENT_SEE';
const SEE_DETAILS = 'CHILL_EVENT_SEE_DETAILS'; const SEE_DETAILS = 'CHILL_EVENT_SEE_DETAILS';
const CREATE = 'CHILL_EVENT_CREATE'; const CREATE = 'CHILL_EVENT_CREATE';
const UPDATE = 'CHILL_EVENT_UPDATE'; const UPDATE = 'CHILL_EVENT_UPDATE';
const ROLES = [
self::SEE,
self::SEE_DETAILS,
self::CREATE,
self::UPDATE
];
/**
* @var AuthorizationHelper
*/
protected $authorizationHelper; protected $authorizationHelper;
public function __construct(AuthorizationHelper $helper) /**
* @var AccessDecisionManagerInterface
*/
protected $accessDecisionManager;
/**
* @var LoggerInterface
*/
protected $logger;
public function __construct(
AccessDecisionManagerInterface $accessDecisionManager,
AuthorizationHelper $authorizationHelper,
LoggerInterface $logger
)
{ {
$this->authorizationHelper = $helper; $this->accessDecisionManager = $accessDecisionManager;
$this->authorizationHelper = $authorizationHelper;
$this->logger = $logger;
} }
protected function getSupportedAttributes() public function supports($attribute, $subject)
{ {
return array(self::SEE, self::SEE_DETAILS, return ($subject instanceof Event && in_array($attribute, self::ROLES))
self::CREATE, self::UPDATE); ||
($subject instanceof Person && \in_array($attribute, [ self::CREATE, self::SEE ]))
||
(NULL === $subject && $attribute === self::SEE )
;
} }
protected function getSupportedClasses() /**
*
* @param string $attribute
* @param Event $subject
* @param TokenInterface $token
* @return boolean
*/
protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
{ {
return array(Event::class); $this->logger->debug(sprintf("Voting from %s class", self::class));
}
protected function isGranted($attribute, $event, $user = null)
{
if (!$user instanceof User) {
return false;
}
return $this->authorizationHelper->userHasAccess($user, $event, $attribute); if (!$token->getUser() instanceof User) {
return false;
}
if ($subject instanceof Event) {
if ($subject->getPerson() === null) {
throw new \LogicException("You should associate a person with event "
. "in order to check autorizations");
}
$person = $subject->getPerson();
} elseif ($subject instanceof Person) {
$person = $subject;
} else {
// subject is null. We check that at least one center is reachable
$centers = $this->authorizationHelper->getReachableCenters($token->getUser(), new Role($attribute));
return count($centers) > 0;
}
if (!$this->accessDecisionManager->decide($token, [PersonVoter::SEE], $person)) {
return false;
}
return $this->authorizationHelper->userHasAccess(
$token->getUser(),
$subject,
$attribute
);
} }
public function getRoles() public function getRoles()
{ {
return $this->getSupportedAttributes(); return self::ROLES;
}
public function getRolesWithHierarchy()
{
return [
'Event' => self::ROLES
];
} }
public function getRolesWithoutScope() public function getRolesWithoutScope()
{ {
return null; return [];
} }
public function getRolesWithHierarchy()
{
return [ 'Event' => $this->getRoles() ];
}
} }