1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
namespace DH\AuditorBundle\Security; |
4
|
|
|
|
5
|
|
|
use DH\Auditor\Provider\Doctrine\Configuration; |
6
|
|
|
use DH\Auditor\Security\RoleCheckerInterface; |
7
|
|
|
use DH\Auditor\User\UserInterface; |
8
|
|
|
use Symfony\Component\Security\Core\Security; |
9
|
|
|
|
10
|
|
|
class RoleChecker implements RoleCheckerInterface |
11
|
|
|
{ |
12
|
|
|
/** |
13
|
|
|
* @var Security |
14
|
|
|
*/ |
15
|
|
|
private $security; |
16
|
|
|
|
17
|
|
|
/** |
18
|
|
|
* @var Configuration |
19
|
|
|
*/ |
20
|
|
|
private $configuration; |
21
|
|
|
|
22
|
|
|
public function __construct(Security $security, Configuration $configuration) |
23
|
|
|
{ |
24
|
|
|
$this->security = $security; |
25
|
|
|
$this->configuration = $configuration; |
26
|
|
|
} |
27
|
|
|
|
28
|
|
|
public function __invoke(string $entity, string $scope): bool |
29
|
|
|
{ |
30
|
|
|
$userProvider = $this->configuration->getUserProvider(); |
31
|
|
|
$user = null === $userProvider ? null : $userProvider(); |
32
|
|
|
$security = null === $userProvider ? null : $this->security; |
33
|
|
|
|
34
|
|
|
if (!($user instanceof UserInterface) || !($security instanceof Security)) { |
35
|
|
|
// If no security defined or no user identified, consider access granted |
36
|
|
|
return true; |
37
|
|
|
} |
38
|
|
|
|
39
|
|
|
$entities = $this->configuration->getEntities(); |
40
|
|
|
$roles = $entities[$entity]['roles'] ?? null; |
41
|
|
|
|
42
|
|
|
if (null === $roles) { |
43
|
|
|
// If no roles are configured, consider access granted |
44
|
|
|
return true; |
45
|
|
|
} |
46
|
|
|
|
47
|
|
|
if (!\array_key_exists($scope, $roles)) { |
48
|
|
|
// If no roles for the given scope are configured, consider access granted |
49
|
|
|
return true; |
50
|
|
|
} |
51
|
|
|
|
52
|
|
|
// roles are defined for the give scope |
53
|
|
|
foreach ($roles[$scope] as $role) { |
54
|
|
|
if ($security->isGranted($role)) { |
55
|
|
|
// role granted => access granted |
56
|
|
|
return true; |
57
|
|
|
} |
58
|
|
|
} |
59
|
|
|
|
60
|
|
|
// access denied |
61
|
|
|
return false; |
62
|
|
|
} |
63
|
|
|
} |
64
|
|
|
|