Dav: Introduce access control inside de dav controller

src/Bundle/ChillDocStoreBundle/Security/Guard/DavTokenAuthenticationEventSubscriber.php

@@ -0,0 +1,50 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\DocStoreBundle\Security\Guard;
+
+use Chill\DocStoreBundle\Security\Authorization\StoredObjectRoleEnum;
+use Lexik\Bundle\JWTAuthenticationBundle\Event\JWTAuthenticatedEvent;
+use Lexik\Bundle\JWTAuthenticationBundle\Events;
+use Symfony\Component\EventDispatcher\EventSubscriberInterface;
+
+class DavTokenAuthenticationEventSubscriber implements EventSubscriberInterface
+{
+    final public const STORED_OBJECT = 'stored_object';
+    final public const ACTIONS = 'stored_objects_actions';
+
+    public static function getSubscribedEvents(): array
+    {
+        return [
+            Events::JWT_AUTHENTICATED => ['onJWTAuthenticated', 0],
+        ];
+    }
+
+    public function onJWTAuthenticated(JWTAuthenticatedEvent $event): void
+    {
+        $payload = $event->getPayload();
+
+        if (!(array_key_exists('dav', $payload) && 1 === $payload['dav'])) {
+            return;
+        }
+
+        $token = $event->getToken();
+        $token->setAttribute(self::ACTIONS, match ($payload['e']) {
+            0 => StoredObjectRoleEnum::SEE,
+            1 => StoredObjectRoleEnum::EDIT,
+            default => throw new \UnexpectedValueException("unsupported value for e parameter")
+        });
+
+        $token->setAttribute(self::STORED_OBJECT, $payload['so']);
+    }
+
+
+}

src/Bundle/ChillDocStoreBundle/Security/Guard/JWTDavTokenProvider.php

@@ -0,0 +1,41 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\DocStoreBundle\Security\Guard;
+
+use Chill\DocStoreBundle\Entity\StoredObject;
+use Chill\DocStoreBundle\Security\Authorization\StoredObjectRoleEnum;
+use Lexik\Bundle\JWTAuthenticationBundle\Services\JWTTokenManagerInterface;
+use Symfony\Component\Security\Core\Security;
+
+/**
+ * Provide a JWT Token which will be valid for viewing or editing a document
+ */
+final readonly class JWTDavTokenProvider implements JWTDavTokenProviderInterface
+{
+    public function __construct(
+        private JWTTokenManagerInterface $JWTTokenManager,
+        private Security $security,
+    ) {}
+
+    public function createToken(StoredObject $storedObject, StoredObjectRoleEnum $roleEnum): string
+    {
+        return $this->JWTTokenManager->createFromPayload($this->security->getUser(), [
+            'dav' => 1,
+            'e' => match ($roleEnum) {
+                StoredObjectRoleEnum::SEE => 0,
+                StoredObjectRoleEnum::EDIT => 1,
+            },
+            'so' => $storedObject->getUuid(),
+        ]);
+    }
+
+}

src/Bundle/ChillDocStoreBundle/Security/Guard/JWTDavTokenProviderInterface.php

@@ -0,0 +1,23 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\DocStoreBundle\Security\Guard;
+
+use Chill\DocStoreBundle\Entity\StoredObject;
+use Chill\DocStoreBundle\Security\Authorization\StoredObjectRoleEnum;
+
+/**
+ * Provide a JWT Token which will be valid for viewing or editing a document
+ */
+interface JWTDavTokenProviderInterface
+{
+    public function createToken(StoredObject $storedObject, StoredObjectRoleEnum $roleEnum): string;
+}