Check ACL on default task

2025-06-07 18:44:08 +00:00 · 2018-04-25 21:16:16 +02:00 · 2018-04-25 21:16:16 +02:00 · 46db1b7389
commit 46db1b7389
parent c99583b665
2 changed files with 66 additions and 1 deletions
--- a/Resources/config/services/workflow.yml
+++ b/Resources/config/services/workflow.yml
@ -3,4 +3,10 @@ services:
    
    Chill\TaskBundle\Workflow\Definition\DefaultTaskDefinition:
        tags:
-            - { name: 'chill_task.workflow_definition' }
+            - { name: 'chill_task.workflow_definition' }
+            
+    Chill\TaskBundle\Workflow\Event\DefaultTaskGuardEvent:
+        arguments:
+            - '@Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface'
+        tags:
+            - { name: kernel.event_subscriber }
--- a/Workflow/Event/DefaultTaskGuardEvent.php
+++ b/Workflow/Event/DefaultTaskGuardEvent.php
@ -0,0 +1,59 @@
+<?php
+/*
+ * Copyright (C) 2018 Champs Libres Cooperative <info@champs-libres.coop>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+namespace Chill\TaskBundle\Workflow\Event;
+
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+use Symfony\Component\Workflow\Event\GuardEvent;
+use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
+use Chill\TaskBundle\Security\Authorization\TaskVoter;
+
+/**
+ * 
+ *
+ * @author Julien Fastré <julien.fastre@champs-libres.coop>
+ */
+class DefaultTaskGuardEvent implements EventSubscriberInterface
+{
+    public static function getSubscribedEvents(): array
+    {
+        return [
+            'workflow.task_default.guard' => [
+                'checkACL'
+            ]
+        ];
+    }
+    
+    /**
+     *
+     * @var AuthorizationCheckerInterface
+     */
+    protected $authorizationChecker;
+    
+    public function __construct(AuthorizationCheckerInterface $authorizationChecker)
+    {
+        $this->authorizationChecker = $authorizationChecker;
+    }
+    
+    public function checkACL(GuardEvent $event)
+    {
+        if (FALSE === $this->authorizationChecker->isGranted(TaskVoter::UPDATE, 
+            $event->getSubject())) {
+            $event->setBlocked(true);
+        }
+    }
+}