OpencachingDeutschland /
oc-server3
| @@ 11-60 (lines=50) @@ | ||
| 8 | use Symfony\Component\Security\Core\Authorization\Voter\Voter; |
|
| 9 | use Symfony\Component\Security\Core\User\UserInterface; // ?? |
|
| 10 | ||
| 11 | class CachesVoter extends Voter |
|
| 12 | { |
|
| 13 | /** |
|
| 14 | * @var AccessDecisionManagerInterface |
|
| 15 | */ |
|
| 16 | private $accessDecisionManager; |
|
| 17 | ||
| 18 | public function __construct(AccessDecisionManagerInterface $accessDecisionManager) |
|
| 19 | { |
|
| 20 | $this->accessDecisionManager = $accessDecisionManager; |
|
| 21 | } |
|
| 22 | ||
| 23 | protected function supports($attribute, $subject): bool |
|
| 24 | { |
|
| 25 | return in_array($attribute, ['CAN_VIEW']) |
|
| 26 | && ($subject instanceof CachesEntity || $subject === CachesEntity::class); |
|
| 27 | } |
|
| 28 | ||
| 29 | protected function voteOnAttribute($attribute, $subject, TokenInterface $token) |
|
| 30 | { |
|
| 31 | $user = $token->getUser(); |
|
| 32 | // if the user is anonymous, do not grant access |
|
| 33 | if (!$user instanceof UserInterface) { |
|
| 34 | return false; |
|
| 35 | } |
|
| 36 | ||
| 37 | $grantingRoles = [ |
|
| 38 | 'ROLE_SUPER_ADMIN', |
|
| 39 | 'ROLE_ADMIN', |
|
| 40 | 'ROLE_SUPPORT_HEAD', |
|
| 41 | 'ROLE_SOCIAL_HEAD', |
|
| 42 | 'ROLE_DEVELOPER_HEAD', |
|
| 43 | ]; |
|
| 44 | ||
| 45 | foreach ($grantingRoles as $grantingRole) { |
|
| 46 | if ($this->accessDecisionManager->decide($token, [$grantingRole])) { |
|
| 47 | return true; |
|
| 48 | } |
|
| 49 | } |
|
| 50 | ||
| 51 | switch ($attribute) { |
|
| 52 | case 'CAN_VIEW': |
|
| 53 | // logic to determine if the user can EDIT |
|
| 54 | // return true or false |
|
| 55 | break; |
|
| 56 | } |
|
| 57 | ||
| 58 | return false; |
|
| 59 | } |
|
| 60 | } |
|
| 61 | ||
| @@ 11-60 (lines=50) @@ | ||
| 8 | use Symfony\Component\Security\Core\Authorization\Voter\Voter; |
|
| 9 | use Symfony\Component\Security\Core\User\UserInterface; |
|
| 10 | ||
| 11 | class UserVoter extends Voter |
|
| 12 | { |
|
| 13 | /** |
|
| 14 | * @var AccessDecisionManagerInterface |
|
| 15 | */ |
|
| 16 | private $accessDecisionManager; |
|
| 17 | ||
| 18 | public function __construct(AccessDecisionManagerInterface $accessDecisionManager) |
|
| 19 | { |
|
| 20 | $this->accessDecisionManager = $accessDecisionManager; |
|
| 21 | } |
|
| 22 | ||
| 23 | protected function supports($attribute, $subject): bool |
|
| 24 | { |
|
| 25 | return in_array($attribute, ['CAN_VIEW']) |
|
| 26 | && ($subject instanceof UserEntity || $subject === UserEntity::class); |
|
| 27 | } |
|
| 28 | ||
| 29 | protected function voteOnAttribute($attribute, $subject, TokenInterface $token) |
|
| 30 | { |
|
| 31 | $user = $token->getUser(); |
|
| 32 | // if the user is anonymous, do not grant access |
|
| 33 | if (!$user instanceof UserInterface) { |
|
| 34 | return false; |
|
| 35 | } |
|
| 36 | ||
| 37 | $grantingRoles = [ |
|
| 38 | 'ROLE_SUPER_ADMIN', |
|
| 39 | 'ROLE_ADMIN', |
|
| 40 | 'ROLE_SUPPORT_HEAD', |
|
| 41 | 'ROLE_SOCIAL_HEAD', |
|
| 42 | 'ROLE_DEVELOPER_HEAD', |
|
| 43 | ]; |
|
| 44 | ||
| 45 | foreach ($grantingRoles as $grantingRole) { |
|
| 46 | if ($this->accessDecisionManager->decide($token, [$grantingRole])) { |
|
| 47 | return true; |
|
| 48 | } |
|
| 49 | } |
|
| 50 | ||
| 51 | switch ($attribute) { |
|
| 52 | case 'CAN_VIEW': |
|
| 53 | // logic to determine if the user can EDIT |
|
| 54 | // return true or false |
|
| 55 | break; |
|
| 56 | } |
|
| 57 | ||
| 58 | return false; |
|
| 59 | } |
|
| 60 | } |
|
| 61 | ||
