Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-07-02 23:16:13 +00:00
Code Issues Actions Projects Releases Wiki Activity

sf4 deprecations: new supports and voteOnAttribute methods implemented in ParticipationVoter

Browse Source
This commit is contained in:
nobohan 2020-07-23 12:34:53 +02:00
parent da682c22bc
commit c8c76e5a8d
3 changed files with 96 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Resources/config/services/authorization.yml
View File

@ -12,7 +12,9 @@ services:
chill_event.event_participation: chill_event.event_participation:
class: Chill\EventBundle\Security\Authorization\ParticipationVoter class: Chill\EventBundle\Security\Authorization\ParticipationVoter
arguments: arguments:
- "@security.access.decision_manager"
- "@chill.main.security.authorization.helper" - "@chill.main.security.authorization.helper"
- "@logger"
tags: tags:
- { name: chill.role } - { name: chill.role }
- { name: security.voter } - { name: security.voter }

3
Security/Authorization/EventVoter.php
View File

@ -1,6 +1,6 @@
<?php <?php
/* /*
* Copyright (C) 2018 Champs Libres Cooperative <info@champs-libres.coop> * Copyright (C) 2020 Champs Libres Cooperative <info@champs-libres.coop>
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by * it under the terms of the GNU Affero General Public License as published by
@ -27,6 +27,7 @@ use Chill\PersonBundle\Entity\Person;
use Chill\PersonBundle\Security\Authorization\PersonVoter; use Chill\PersonBundle\Security\Authorization\PersonVoter;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface; use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
use Symfony\Component\Security\Core\Role\Role;
use Psr\Log\LoggerInterface; use Psr\Log\LoggerInterface;
/** /**

124
Security/Authorization/ParticipationVoter.php
View File

@ -1,7 +1,6 @@
<?php <?php
/* /*
* Copyright (C) 2016 Champs-Libres <info@champs-libres.coop> * Copyright (C) 2020 Champs-Libres <info@champs-libres.coop>
* *
* This program is free software: you can redistribute it and/or modify * This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by * it under the terms of the GNU Affero General Public License as published by
@ -24,6 +23,12 @@ use Chill\MainBundle\Security\Authorization\AbstractChillVoter;
use Chill\MainBundle\Security\Authorization\AuthorizationHelper; use Chill\MainBundle\Security\Authorization\AuthorizationHelper;
use Chill\EventBundle\Entity\Participation; use Chill\EventBundle\Entity\Participation;
use Chill\MainBundle\Entity\User; use Chill\MainBundle\Entity\User;
use Chill\PersonBundle\Entity\Person;
use Chill\PersonBundle\Security\Authorization\PersonVoter;
use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Role\Role;
use Psr\Log\LoggerInterface;
/** /**
* *
@ -32,56 +37,111 @@ use Chill\MainBundle\Entity\User;
*/ */
class ParticipationVoter extends AbstractChillVoter implements ProvideRoleHierarchyInterface class ParticipationVoter extends AbstractChillVoter implements ProvideRoleHierarchyInterface
{ {
const SEE = 'CHILL_EVENT_PARTICIPATION_SEE';
const SEE_DETAILS = 'CHILL_EVENT_PARTICIPATION_SEE_DETAILS';
const CREATE = 'CHILL_EVENT_PARTICIPATION_CREATE';
const UPDATE = 'CHILL_EVENT_PARTICIPATION_UPDATE';
const ROLES = [
self::SEE,
self::SEE_DETAILS,
self::CREATE,
self::UPDATE
];
/** /**
*
* @var AuthorizationHelper * @var AuthorizationHelper
*/ */
protected $authorizationHelper; protected $authorizationHelper;
const CREATE = 'CHILL_EVENT_PARTICIPATION_CREATE'; /**
const UPDATE = 'CHILL_EVENT_PARTICIPATION_UPDATE'; * @var AccessDecisionManagerInterface
*/
public function __construct(AuthorizationHelper $helper) protected $accessDecisionManager;
/**
* @var LoggerInterface
*/
protected $logger;
public function __construct(
AccessDecisionManagerInterface $accessDecisionManager,
AuthorizationHelper $authorizationHelper,
LoggerInterface $logger
)
{ {
$this->authorizationHelper = $helper; $this->accessDecisionManager = $accessDecisionManager;
} $this->authorizationHelper = $authorizationHelper;
$this->logger = $logger;
protected function getSupportedAttributes()
{
return array(
self::CREATE, self::UPDATE
);
} }
protected function getSupportedClasses() public function supports($attribute, $subject)
{ {
return array( return ($subject instanceof Participation && in_array($attribute, self::ROLES))
Participation::class ||
); ($subject instanceof Person && \in_array($attribute, [ self::CREATE, self::SEE ]))
||
(NULL === $subject && $attribute === self::SEE )
;
} }
protected function isGranted($attribute, $participation, $user = null) /**
*
* @param string $attribute
* @param Participation $subject
* @param TokenInterface $token
* @return boolean
*/
protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
{ {
if (!$user instanceof User) { $this->logger->debug(sprintf("Voting from %s class", self::class));
if (!$token->getUser() instanceof User) {
return false; return false;
} }
return $this->authorizationHelper->userHasAccess($user, $participation, $attribute); if ($subject instanceof Participation) {
return $this->authorizationHelper->userHasAccess($token->getUser(), $subject, $attribute);
} elseif ($subject instanceof Person) {
return $this->authorizationHelper->userHasAccess($token->getUser(), $subject, $attribute);
} else {
// subject is null. We check that at least one center is reachable
$centers = $this->authorizationHelper
->getReachableCenters($token->getUser(), new Role($attribute));
return count($centers) > 0;
}
if (!$this->accessDecisionManager->decide($token, [PersonVoter::SEE], $person)) {
return false;
}
return $this->authorizationHelper->userHasAccess(
$token->getUser(),
$subject,
$attribute
);
} }
public function getRoles() public function getRoles()
{ {
return $this->getSupportedAttributes(); return self::ROLES;
}
public function getRolesWithHierarchy()
{
return [
'Event' => self::ROLES
];
} }
public function getRolesWithoutScope() public function getRolesWithoutScope()
{ {
return null; return [];
}
public function getRolesWithHierarchy()
{
return [ 'Event' => $this->getRoles() ];
} }
} }