Attempt to make voter work

This commit is contained in:
Julie Lenaerts 2022-02-23 18:07:54 +01:00
parent de0be15fff
commit 7067d4b5bd
4 changed files with 26 additions and 29 deletions

View File

@ -19,6 +19,7 @@ use Psr\Log\LoggerInterface;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\Form\Extension\Core\Type\SubmitType;
use Symfony\Component\Form\Form;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Contracts\Translation\TranslatorInterface;
@ -54,8 +55,8 @@ abstract class AbstractElementController extends Controller
*/
protected function _delete(AbstractElement $element, Request $request, $template, $flashMessage): Response
{
// $this->denyAccessUnlessGranted(BudgetElementVoter::DELETE, $element, 'You are not '
// . 'allowed to delete this family membership');
$this->denyAccessUnlessGranted(BudgetElementVoter::DELETE, $element, 'You are not '
. 'allowed to delete this family membership');
$form = $this->createDeleteForm();
@ -96,7 +97,7 @@ abstract class AbstractElementController extends Controller
*/
protected function _edit(AbstractElement $element, Request $request, $template, $flashOnSuccess): Response
{
// $this->denyAccessUnlessGranted(BudgetElementVoter::UPDATE, $element);
$this->denyAccessUnlessGranted(BudgetElementVoter::UPDATE, $element);
$form = $this->createForm($this->getType(), $element);
$form->add('submit', SubmitType::class);
@ -131,7 +132,7 @@ abstract class AbstractElementController extends Controller
$element = $this->createNewElement()
->setPerson($person);
// $this->denyAccessUnlessGranted(BudgetElementVoter::CREATE, $element);
$this->denyAccessUnlessGranted(BudgetElementVoter::CREATE, $element);
$form = $this->createForm($this->getType(), $element);
$form->add('submit', SubmitType::class);
@ -171,7 +172,7 @@ abstract class AbstractElementController extends Controller
*/
protected function _view(AbstractElement $element, $template)
{
// $this->denyAccessUnlessGranted(BudgetElementVoter::SHOW, $element);
$this->denyAccessUnlessGranted(BudgetElementVoter::SEE, $element);
return $this->render($template, [
'element' => $element,
@ -187,10 +188,8 @@ abstract class AbstractElementController extends Controller
/**
* Creates a form to delete a help request entity by id.
*
* @return \Symfony\Component\Form\Form The form
*/
private function createDeleteForm()
private function createDeleteForm(): Form
{
return $this->createFormBuilder()
->setMethod(Request::METHOD_DELETE)

View File

@ -68,8 +68,8 @@ class ChillBudgetExtension extends Extension implements PrependExtensionInterfac
{
$container->prependExtensionConfig('security', [
'role_hierarchy' => [
BudgetElementVoter::UPDATE => [BudgetElementVoter::SHOW],
BudgetElementVoter::CREATE => [BudgetElementVoter::SHOW],
BudgetElementVoter::UPDATE => [BudgetElementVoter::SEE],
BudgetElementVoter::CREATE => [BudgetElementVoter::SEE],
],
]);
}

View File

@ -15,9 +15,11 @@ use Chill\BudgetBundle\Entity\AbstractElement;
use Chill\MainBundle\Entity\User;
use Chill\MainBundle\Security\Authorization\AbstractChillVoter;
use Chill\MainBundle\Security\Authorization\AuthorizationHelper;
use Chill\MainBundle\Security\Authorization\VoterHelperFactoryInterface;
use Chill\MainBundle\Security\Authorization\VoterHelperInterface;
use Chill\MainBundle\Security\ProvideRoleHierarchyInterface;
use Chill\PersonBundle\Entity\Person;
use Symfony\Component\Security\Core\Role\Role;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use function in_array;
@ -30,22 +32,24 @@ class BudgetElementVoter extends AbstractChillVoter implements ProvideRoleHierar
public const ROLES = [
self::CREATE,
self::DELETE,
self::SHOW,
self::SEE,
self::UPDATE,
];
public const SHOW = 'CHILL_BUDGET_ELEMENT_SHOW';
public const SEE = 'CHILL_BUDGET_ELEMENT_SEE';
public const UPDATE = 'CHILL_BUDGET_ELEMENT_UPDATE';
/**
* @var AuthorizationHelper
*/
protected $authorizationHelper;
protected VoterHelperInterface $voter;
public function __construct(AuthorizationHelper $authorizationHelper)
public function __construct(VoterHelperFactoryInterface $voterFactory)
{
$this->authorizationHelper = $authorizationHelper;
$this->voter = $voterFactory
->generate(self::class)
->addCheckFor(AbstractElement::class, self::ROLES)
->addCheckFor(null, [self::CREATE])
->build();
}
public function getRoles(): array
@ -66,18 +70,13 @@ class BudgetElementVoter extends AbstractChillVoter implements ProvideRoleHierar
protected function supports($attribute, $subject)
{
return (in_array($attribute, self::ROLES, true) && $subject instanceof AbstractElement)
|| ($subject instanceof Person && in_array($attribute, [self::SHOW, self::CREATE], true));
|| ($subject instanceof Person && in_array($attribute, [self::SEE, self::CREATE], true));
}
protected function voteOnAttribute($attribute, $subject, \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token)
protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
{
$user = $token->getUser();
if (false === $user instanceof User) {
return false;
}
return $this->voter->voteOnAttribute($attribute, $subject, $token);
return $this->authorizationHelper
->userHasAccess($user, $subject, new Role($attribute));
}
}

View File

@ -1,7 +1,6 @@
services:
Chill\BudgetBundle\Security\Authorization\BudgetElementVoter:
arguments:
$authorizationHelper: '@Chill\MainBundle\Security\Authorization\AuthorizationHelper'
autowire: true
tags:
- { name: chill.role }
- { name: security.voter }