Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-06-12 13:24:25 +00:00
Code Issues Actions Projects Releases Wiki Activity

Pass StoredObject instead of Document to check permission in AuthorizationManager.php

Browse Source
This commit is contained in:
Julie Lenaerts 2024-07-02 15:49:53 +02:00
parent 3262a1dd02
commit 3d7c8596ee
1 changed files with 22 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
src/Bundle/ChillWopiBundle/src/Service/Wopi/AuthorizationManager.php
View File

@ -12,6 +12,8 @@ declare(strict_types=1);
namespace Chill\WopiBundle\Service\Wopi; namespace Chill\WopiBundle\Service\Wopi;
use ChampsLibres\WopiLib\Contract\Entity\Document; use ChampsLibres\WopiLib\Contract\Entity\Document;
use Chill\DocStoreBundle\Repository\StoredObjectRepository;
use Chill\DocStoreBundle\Security\Authorization\StoredObjectRoleEnum;
use Chill\MainBundle\Entity\User; use Chill\MainBundle\Entity\User;
use Lexik\Bundle\JWTAuthenticationBundle\Services\JWTTokenManagerInterface; use Lexik\Bundle\JWTAuthenticationBundle\Services\JWTTokenManagerInterface;
use Psr\Http\Message\RequestInterface; use Psr\Http\Message\RequestInterface;
@ -19,13 +21,18 @@ use Symfony\Component\Security\Core\Security;
class AuthorizationManager implements \ChampsLibres\WopiBundle\Contracts\AuthorizationManagerInterface class AuthorizationManager implements \ChampsLibres\WopiBundle\Contracts\AuthorizationManagerInterface
{ {
public function __construct(private readonly JWTTokenManagerInterface $tokenManager, private readonly Security $security) {} public function __construct(private readonly JWTTokenManagerInterface $tokenManager, private readonly Security $security, private readonly StoredObjectRepository $storedObjectRepository) {}
public function isRestrictedWebViewOnly(string $accessToken, Document $document, RequestInterface $request): bool public function isRestrictedWebViewOnly(string $accessToken, Document $document, RequestInterface $request): bool
{ {
return false; return false;
} }
public function getRelatedStoredObject(Document $document)
{
return $this->storedObjectRepository->findOneBy(['uuid' => $document->getWopiDocId()]);
}
public function isTokenValid(string $accessToken, Document $document, RequestInterface $request): bool public function isTokenValid(string $accessToken, Document $document, RequestInterface $request): bool
{ {
$metadata = $this->tokenManager->parse($accessToken); $metadata = $this->tokenManager->parse($accessToken);
@ -60,12 +67,21 @@ class AuthorizationManager implements \ChampsLibres\WopiBundle\Contracts\Authori
public function userCanPresent(string $accessToken, Document $document, RequestInterface $request): bool public function userCanPresent(string $accessToken, Document $document, RequestInterface $request): bool
{ {
return $this->isTokenValid($accessToken, $document, $request); $storedObject = $this->getRelatedStoredObject($document);
if ($this->security->isGranted(StoredObjectRoleEnum::SEE->value, $storedObject)) {
return $this->isTokenValid($accessToken, $document, $request);
}
return false;
} }
public function userCanRead(string $accessToken, Document $document, RequestInterface $request): bool public function userCanRead(string $accessToken, Document $document, RequestInterface $request): bool
{ {
if ($this->security->isGranted('SEE', $document)) { $storedObject = $this->getRelatedStoredObject($document);
if ($this->security->isGranted(StoredObjectRoleEnum::SEE->value, $storedObject)) {
return $this->isTokenValid($accessToken, $document, $request); return $this->isTokenValid($accessToken, $document, $request);
} }
@ -79,7 +95,9 @@ class AuthorizationManager implements \ChampsLibres\WopiBundle\Contracts\Authori
public function userCanWrite(string $accessToken, Document $document, RequestInterface $request): bool public function userCanWrite(string $accessToken, Document $document, RequestInterface $request): bool
{ {
if ($this->security->isGranted('EDIT', $document)) { $storedObject = $this->getRelatedStoredObject($document);
if ($this->security->isGranted(StoredObjectRoleEnum::EDIT->value, $storedObject)) {
return $this->isTokenValid($accessToken, $document, $request); return $this->isTokenValid($accessToken, $document, $request);
} }