mirror of
https://gitlab.com/Chill-Projet/chill-bundles.git
synced 2025-06-07 18:44:08 +00:00
Attempt to make voter work
This commit is contained in:
parent
de0be15fff
commit
7067d4b5bd
@ -19,6 +19,7 @@ use Psr\Log\LoggerInterface;
|
||||
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
|
||||
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
|
||||
use Symfony\Component\Form\Extension\Core\Type\SubmitType;
|
||||
use Symfony\Component\Form\Form;
|
||||
use Symfony\Component\HttpFoundation\Request;
|
||||
use Symfony\Component\HttpFoundation\Response;
|
||||
use Symfony\Contracts\Translation\TranslatorInterface;
|
||||
@ -54,8 +55,8 @@ abstract class AbstractElementController extends Controller
|
||||
*/
|
||||
protected function _delete(AbstractElement $element, Request $request, $template, $flashMessage): Response
|
||||
{
|
||||
// $this->denyAccessUnlessGranted(BudgetElementVoter::DELETE, $element, 'You are not '
|
||||
// . 'allowed to delete this family membership');
|
||||
$this->denyAccessUnlessGranted(BudgetElementVoter::DELETE, $element, 'You are not '
|
||||
. 'allowed to delete this family membership');
|
||||
|
||||
$form = $this->createDeleteForm();
|
||||
|
||||
@ -96,7 +97,7 @@ abstract class AbstractElementController extends Controller
|
||||
*/
|
||||
protected function _edit(AbstractElement $element, Request $request, $template, $flashOnSuccess): Response
|
||||
{
|
||||
// $this->denyAccessUnlessGranted(BudgetElementVoter::UPDATE, $element);
|
||||
$this->denyAccessUnlessGranted(BudgetElementVoter::UPDATE, $element);
|
||||
|
||||
$form = $this->createForm($this->getType(), $element);
|
||||
$form->add('submit', SubmitType::class);
|
||||
@ -131,7 +132,7 @@ abstract class AbstractElementController extends Controller
|
||||
$element = $this->createNewElement()
|
||||
->setPerson($person);
|
||||
|
||||
// $this->denyAccessUnlessGranted(BudgetElementVoter::CREATE, $element);
|
||||
$this->denyAccessUnlessGranted(BudgetElementVoter::CREATE, $element);
|
||||
|
||||
$form = $this->createForm($this->getType(), $element);
|
||||
$form->add('submit', SubmitType::class);
|
||||
@ -171,7 +172,7 @@ abstract class AbstractElementController extends Controller
|
||||
*/
|
||||
protected function _view(AbstractElement $element, $template)
|
||||
{
|
||||
// $this->denyAccessUnlessGranted(BudgetElementVoter::SHOW, $element);
|
||||
$this->denyAccessUnlessGranted(BudgetElementVoter::SEE, $element);
|
||||
|
||||
return $this->render($template, [
|
||||
'element' => $element,
|
||||
@ -187,10 +188,8 @@ abstract class AbstractElementController extends Controller
|
||||
|
||||
/**
|
||||
* Creates a form to delete a help request entity by id.
|
||||
*
|
||||
* @return \Symfony\Component\Form\Form The form
|
||||
*/
|
||||
private function createDeleteForm()
|
||||
private function createDeleteForm(): Form
|
||||
{
|
||||
return $this->createFormBuilder()
|
||||
->setMethod(Request::METHOD_DELETE)
|
||||
|
@ -68,8 +68,8 @@ class ChillBudgetExtension extends Extension implements PrependExtensionInterfac
|
||||
{
|
||||
$container->prependExtensionConfig('security', [
|
||||
'role_hierarchy' => [
|
||||
BudgetElementVoter::UPDATE => [BudgetElementVoter::SHOW],
|
||||
BudgetElementVoter::CREATE => [BudgetElementVoter::SHOW],
|
||||
BudgetElementVoter::UPDATE => [BudgetElementVoter::SEE],
|
||||
BudgetElementVoter::CREATE => [BudgetElementVoter::SEE],
|
||||
],
|
||||
]);
|
||||
}
|
||||
|
@ -15,9 +15,11 @@ use Chill\BudgetBundle\Entity\AbstractElement;
|
||||
use Chill\MainBundle\Entity\User;
|
||||
use Chill\MainBundle\Security\Authorization\AbstractChillVoter;
|
||||
use Chill\MainBundle\Security\Authorization\AuthorizationHelper;
|
||||
use Chill\MainBundle\Security\Authorization\VoterHelperFactoryInterface;
|
||||
use Chill\MainBundle\Security\Authorization\VoterHelperInterface;
|
||||
use Chill\MainBundle\Security\ProvideRoleHierarchyInterface;
|
||||
use Chill\PersonBundle\Entity\Person;
|
||||
use Symfony\Component\Security\Core\Role\Role;
|
||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||
|
||||
use function in_array;
|
||||
|
||||
@ -30,22 +32,24 @@ class BudgetElementVoter extends AbstractChillVoter implements ProvideRoleHierar
|
||||
public const ROLES = [
|
||||
self::CREATE,
|
||||
self::DELETE,
|
||||
self::SHOW,
|
||||
self::SEE,
|
||||
self::UPDATE,
|
||||
];
|
||||
|
||||
public const SHOW = 'CHILL_BUDGET_ELEMENT_SHOW';
|
||||
public const SEE = 'CHILL_BUDGET_ELEMENT_SEE';
|
||||
|
||||
public const UPDATE = 'CHILL_BUDGET_ELEMENT_UPDATE';
|
||||
|
||||
/**
|
||||
* @var AuthorizationHelper
|
||||
*/
|
||||
protected $authorizationHelper;
|
||||
protected VoterHelperInterface $voter;
|
||||
|
||||
public function __construct(AuthorizationHelper $authorizationHelper)
|
||||
public function __construct(VoterHelperFactoryInterface $voterFactory)
|
||||
{
|
||||
$this->authorizationHelper = $authorizationHelper;
|
||||
$this->voter = $voterFactory
|
||||
->generate(self::class)
|
||||
->addCheckFor(AbstractElement::class, self::ROLES)
|
||||
->addCheckFor(null, [self::CREATE])
|
||||
->build();
|
||||
|
||||
}
|
||||
|
||||
public function getRoles(): array
|
||||
@ -66,18 +70,13 @@ class BudgetElementVoter extends AbstractChillVoter implements ProvideRoleHierar
|
||||
protected function supports($attribute, $subject)
|
||||
{
|
||||
return (in_array($attribute, self::ROLES, true) && $subject instanceof AbstractElement)
|
||||
|| ($subject instanceof Person && in_array($attribute, [self::SHOW, self::CREATE], true));
|
||||
|| ($subject instanceof Person && in_array($attribute, [self::SEE, self::CREATE], true));
|
||||
}
|
||||
|
||||
protected function voteOnAttribute($attribute, $subject, \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token)
|
||||
protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
|
||||
{
|
||||
$user = $token->getUser();
|
||||
|
||||
if (false === $user instanceof User) {
|
||||
return false;
|
||||
}
|
||||
return $this->voter->voteOnAttribute($attribute, $subject, $token);
|
||||
|
||||
return $this->authorizationHelper
|
||||
->userHasAccess($user, $subject, new Role($attribute));
|
||||
}
|
||||
}
|
||||
|
@ -1,7 +1,6 @@
|
||||
services:
|
||||
Chill\BudgetBundle\Security\Authorization\BudgetElementVoter:
|
||||
arguments:
|
||||
$authorizationHelper: '@Chill\MainBundle\Security\Authorization\AuthorizationHelper'
|
||||
autowire: true
|
||||
tags:
|
||||
- { name: chill.role }
|
||||
- { name: security.voter }
|
||||
|
Loading…
x
Reference in New Issue
Block a user