mirror of
https://gitlab.com/Chill-Projet/chill-bundles.git
synced 2025-06-13 13:54:23 +00:00
85 lines
2.4 KiB
PHP
85 lines
2.4 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
/*
|
|
* Chill is a software for social workers
|
|
*
|
|
* For the full copyright and license information, please view
|
|
* the LICENSE file that was distributed with this source code.
|
|
*/
|
|
|
|
namespace Chill\MainBundle\Security;
|
|
|
|
use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
|
|
use Symfony\Component\Security\Core\Role\Role;
|
|
use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
|
|
|
|
use function array_keys;
|
|
use function in_array;
|
|
|
|
/**
|
|
* Helper which traverse all role to find parents.
|
|
*/
|
|
class ParentRoleHelper
|
|
{
|
|
/**
|
|
* The role in a hierarchy, given by the parameter
|
|
* `security.role_hierarchy.roles` from the container.
|
|
*
|
|
* @var string[]
|
|
*/
|
|
protected array $hierarchy;
|
|
|
|
protected RoleHierarchyInterface $roleHierarchy;
|
|
|
|
public function __construct(
|
|
RoleHierarchyInterface $roleHierarchy,
|
|
ParameterBagInterface $parameterBag
|
|
) {
|
|
$this->roleHierarchy = $roleHierarchy;
|
|
$this->hierarchy = $parameterBag->get('security.role_hierarchy.roles');
|
|
}
|
|
|
|
/**
|
|
* Return all the role which give access to the given role. Only the role
|
|
* which are registered into Chill are taken into account.
|
|
*
|
|
* The array contains always the current $role (which give access to himself)
|
|
*
|
|
* @return string[] the role which give access to the given $role
|
|
*/
|
|
public function getParentRoles(string $role): array
|
|
{
|
|
$parentRoles = [$role];
|
|
// transform the roles from role hierarchy from string to Role
|
|
$roles = array_keys($this->hierarchy);
|
|
|
|
foreach ($roles as $r) {
|
|
$childRoles = $this->roleHierarchy->getReachableRoleNames([$r]);
|
|
|
|
if (in_array($role, $childRoles, true)) {
|
|
$parentRoles[] = $r;
|
|
}
|
|
}
|
|
|
|
return $parentRoles;
|
|
}
|
|
|
|
/**
|
|
* Test if a parent role may give access to a given child role.
|
|
*
|
|
* @param string $childRole The role we want to test if he is reachable
|
|
* @param string $parentRole The role which should give access to $childRole
|
|
*
|
|
* @return bool true if the child role is granted by parent role
|
|
*/
|
|
public function isRoleReached($childRole, $parentRole): bool
|
|
{
|
|
$reachableRoles = $this->roleHierarchy
|
|
->getReachableRoleNames([$parentRole]);
|
|
|
|
return in_array($childRole, $reachableRoles, true);
|
|
}
|
|
}
|