mirror of
https://gitlab.com/Chill-Projet/chill-bundles.git
synced 2025-08-23 08:03:49 +00:00
add voter for documents
This commit is contained in:
@@ -19,8 +19,11 @@
|
||||
|
||||
namespace Chill\DocStoreBundle\Security\Authorization;
|
||||
|
||||
use App\Security\Authorization\VoterHelperFactory;
|
||||
use Chill\MainBundle\Security\Authorization\AbstractChillVoter;
|
||||
use Chill\MainBundle\Security\Authorization\AuthorizationHelper;
|
||||
use Chill\MainBundle\Security\Authorization\VoterHelperFactoryInterface;
|
||||
use Chill\MainBundle\Security\Authorization\VoterHelperInterface;
|
||||
use Chill\MainBundle\Security\ProvideRoleHierarchyInterface;
|
||||
use Chill\DocStoreBundle\Entity\PersonDocument;
|
||||
use Chill\MainBundle\Security\Resolver\CenterResolverDispatcher;
|
||||
@@ -31,6 +34,7 @@ use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface
|
||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||
use Symfony\Component\Security\Core\Role\Role;
|
||||
use Psr\Log\LoggerInterface;
|
||||
use Symfony\Component\Security\Core\Security;
|
||||
|
||||
/**
|
||||
*
|
||||
@@ -43,25 +47,22 @@ class PersonDocumentVoter extends AbstractChillVoter implements ProvideRoleHiera
|
||||
const UPDATE = 'CHILL_PERSON_DOCUMENT_UPDATE';
|
||||
const DELETE = 'CHILL_PERSON_DOCUMENT_DELETE';
|
||||
|
||||
protected AuthorizationHelper $authorizationHelper;
|
||||
|
||||
protected AccessDecisionManagerInterface $accessDecisionManager;
|
||||
|
||||
protected LoggerInterface $logger;
|
||||
|
||||
protected CenterResolverDispatcher $centerResolverDispatcher;
|
||||
protected Security $security;
|
||||
protected VoterHelperInterface $voterHelper;
|
||||
|
||||
public function __construct(
|
||||
AccessDecisionManagerInterface $accessDecisionManager,
|
||||
AuthorizationHelper $authorizationHelper,
|
||||
LoggerInterface $logger//,
|
||||
//CenterResolverDispatcher $centerResolverDispatcher
|
||||
)
|
||||
{
|
||||
$this->accessDecisionManager = $accessDecisionManager;
|
||||
$this->authorizationHelper = $authorizationHelper;
|
||||
LoggerInterface $logger,
|
||||
Security $security,
|
||||
VoterHelperFactoryInterface $voterHelperFactory
|
||||
) {
|
||||
$this->logger = $logger;
|
||||
//$this->centerResolverDispatcher = $centerResolverDispatcher;
|
||||
$this->security = $security;
|
||||
$this->voterHelper = $voterHelperFactory
|
||||
->generate(self::class)
|
||||
->addCheckFor(PersonDocument::class, $this->getRoles())
|
||||
->addCheckFor(Person::class, [self::SEE, self::CREATE])
|
||||
->build();
|
||||
}
|
||||
|
||||
public function getRoles()
|
||||
@@ -77,16 +78,7 @@ class PersonDocumentVoter extends AbstractChillVoter implements ProvideRoleHiera
|
||||
|
||||
protected function supports($attribute, $subject)
|
||||
{
|
||||
if (\in_array($attribute, $this->getRoles()) && $subject instanceof PersonDocument) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if ($subject instanceof Person
|
||||
&& \in_array($attribute, [self::CREATE, self::SEE])) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
return $this->voterHelper->supports($attribute, $subject);
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -104,42 +96,12 @@ class PersonDocumentVoter extends AbstractChillVoter implements ProvideRoleHiera
|
||||
return false;
|
||||
}
|
||||
|
||||
$center = $this->centerResolverDispatcher->resolveCenter($subject);
|
||||
|
||||
if ($subject instanceof PersonDocument) {
|
||||
return $this->authorizationHelper->userHasAccess($token->getUser(), $subject, $attribute);
|
||||
|
||||
} elseif ($subject instanceof Person) {
|
||||
return $this->authorizationHelper->userHasAccess($token->getUser(), $subject, $attribute);
|
||||
|
||||
} else {
|
||||
|
||||
// subject is null. We check that at least one center is reachable
|
||||
$centers = $this->authorizationHelper
|
||||
->getReachableCenters($token->getUser(), new Role($attribute));
|
||||
|
||||
return count($centers) > 0;
|
||||
}
|
||||
|
||||
if (!$this->accessDecisionManager->decide($token, [PersonVoter::SEE], $person)) {
|
||||
if ($subject instanceof PersonDocument
|
||||
&& !$this->security->isGranted(PersonVoter::SEE, $subject->getPerson())) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return $this->authorizationHelper->userHasAccess(
|
||||
$token->getUser(),
|
||||
$subject,
|
||||
$attribute
|
||||
);
|
||||
|
||||
}
|
||||
|
||||
protected function isGranted($attribute, $report, $user = null)
|
||||
{
|
||||
if (! $user instanceof User){
|
||||
return false;
|
||||
}
|
||||
|
||||
return $this->helper->userHasAccess($user, $report, $attribute);
|
||||
return $this->voterHelper->voteOnAttribute($attribute, $subject, $token);
|
||||
}
|
||||
|
||||
public function getRolesWithoutScope()
|
||||
|
||||
Reference in New Issue
Block a user