Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-08-29 11:03:50 +00:00
Code Issues Actions Projects Releases Wiki Activity

Implement context-specific voters for all current entities that can be linked to a document

Browse Source 
For reusability an AbstractStoredObjectVoter was created and a StoredObjectVoterInterface.
A WorkflowDocumentService checks whether the StoredObject is involved in a workflow.
This commit is contained in:
Julie Lenaerts
2024-06-26 13:45:15 +02:00
parent 4607c36b57
commit c06e76a0ee
18 changed files with 456 additions and 88 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/Bundle/ChillDocStoreBundle/Security/Authorization/StoredObjectVoter.php
View File

@@ -48,15 +48,19 @@ class StoredObjectVoter extends Voter
return false;
}
$attributeAsEnum = StoredObjectRoleEnum::from($attribute);
// Loop through context-specific voters
foreach ($this->storedObjectVoters as $storedObjectVoter) {
if ($storedObjectVoter->supports($attribute, $subject)) {
return $storedObjectVoter->voteOnAttribute($attribute, $subject, $token);
if ($storedObjectVoter->supports($attributeAsEnum, $subject)) {
return $storedObjectVoter->voteOnAttribute($attributeAsEnum, $subject, $token);
}
}
// User role-based fallback
if ($this->security->isGranted('ROLE_USER') || $this->security->isGranted('ROLE_ADMIN')) {
// TODO: this maybe considered as a security issue, as all authenticated users can reach a stored object which
// is potentially detached from an existing entity.
return true;
}