Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-06-12 13:24:25 +00:00
Code Issues Actions Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/master'

Browse Source
This commit is contained in:
Julien Fastré 2018-04-26 12:35:31 +02:00
commit 4cafa93d98
1 changed files with 21 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
Security/Authorization/TaskVoter.php
View File

@ -29,7 +29,7 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Chill\MainBundle\Entity\User; use Chill\MainBundle\Entity\User;
/** /**
* *
* *
* @author Julien Fastré <julien.fastre@champs-libres.coop> * @author Julien Fastré <julien.fastre@champs-libres.coop>
*/ */
@ -38,31 +38,33 @@ class TaskVoter extends AbstractChillVoter implements ProvideRoleHierarchyInterf
const CREATE = 'CHILL_TASK_TASK_CREATE'; const CREATE = 'CHILL_TASK_TASK_CREATE';
const UPDATE = 'CHILL_TASK_TASK_UPDATE'; const UPDATE = 'CHILL_TASK_TASK_UPDATE';
const SHOW = 'CHILL_TASK_TASK_SHOW'; const SHOW = 'CHILL_TASK_TASK_SHOW';
const DELETE = 'CHILL_TASK_TASK_DELETE';
const ROLES = [ const ROLES = [
self::CREATE, self::CREATE,
self::UPDATE, self::UPDATE,
self::SHOW self::SHOW,
self::DELETE
]; ];
/** /**
* *
* @var AuthorizationHelper * @var AuthorizationHelper
*/ */
protected $authorizationHelper; protected $authorizationHelper;
/** /**
* *
* @var AccessDecisionManagerInterface * @var AccessDecisionManagerInterface
*/ */
protected $accessDecisionManager; protected $accessDecisionManager;
/** /**
* *
* @var LoggerInterface * @var LoggerInterface
*/ */
protected $logger; protected $logger;
public function __construct( public function __construct(
AccessDecisionManagerInterface $accessDecisionManager, AccessDecisionManagerInterface $accessDecisionManager,
AuthorizationHelper $authorizationHelper, AuthorizationHelper $authorizationHelper,
@ -72,15 +74,15 @@ class TaskVoter extends AbstractChillVoter implements ProvideRoleHierarchyInterf
$this->authorizationHelper = $authorizationHelper; $this->authorizationHelper = $authorizationHelper;
$this->logger = $logger; $this->logger = $logger;
} }
public function supports($attribute, $subject) public function supports($attribute, $subject)
{ {
return $subject instanceof AbstractTask return $subject instanceof AbstractTask
&& in_array($attribute, self::ROLES); && in_array($attribute, self::ROLES);
} }
/** /**
* *
* @param string $attribute * @param string $attribute
* @param AbstractTask $subject * @param AbstractTask $subject
* @param TokenInterface $token * @param TokenInterface $token
@ -89,28 +91,28 @@ class TaskVoter extends AbstractChillVoter implements ProvideRoleHierarchyInterf
protected function voteOnAttribute($attribute, $subject, TokenInterface $token) protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
{ {
$this->logger->debug(sprintf("Voting from %s class", self::class)); $this->logger->debug(sprintf("Voting from %s class", self::class));
if (!$token->getUser() instanceof User) { if (!$token->getUser() instanceof User) {
return false; return false;
} }
if ($subject->getPerson() === null) { if ($subject->getPerson() === null) {
throw new \LogicException("You should associate a person with task " throw new \LogicException("You should associate a person with task "
. "in order to check autorizations"); . "in order to check autorizations");
} }
if (!$this->accessDecisionManager->decide($token, [PersonVoter::SEE], $subject->getPerson())) { if (!$this->accessDecisionManager->decide($token, [PersonVoter::SEE], $subject->getPerson())) {
return false; return false;
} }
return $this->authorizationHelper->userHasAccess( return $this->authorizationHelper->userHasAccess(
$token->getUser(), $token->getUser(),
$subject, $subject,
$attribute $attribute
); );
} }
public function getRoles() public function getRoles()
{ {
return self::ROLES; return self::ROLES;
@ -122,7 +124,7 @@ class TaskVoter extends AbstractChillVoter implements ProvideRoleHierarchyInterf
'Task' => self::ROLES 'Task' => self::ROLES
]; ];
} }
public function getRolesWithoutScope() public function getRolesWithoutScope()
{ {
return []; return [];