|
1
|
|
|
<?php |
|
2
|
|
|
/* For licensing terms, see /license.txt */ |
|
3
|
|
|
|
|
4
|
|
|
namespace Chamilo\CoreBundle\Security\Authorization\Voter; |
|
5
|
|
|
|
|
6
|
|
|
use Chamilo\CoreBundle\Entity\Manager\CourseManager; |
|
7
|
|
|
use Chamilo\CourseBundle\Entity\CGroupInfo; |
|
8
|
|
|
use Chamilo\CourseBundle\Entity\Manager\GroupManager; |
|
9
|
|
|
use Chamilo\UserBundle\Entity\User; |
|
10
|
|
|
use Doctrine\ORM\EntityManager; |
|
11
|
|
|
use Symfony\Component\DependencyInjection\ContainerInterface; |
|
12
|
|
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; |
|
13
|
|
|
use Symfony\Component\Security\Core\Authorization\AuthorizationChecker; |
|
14
|
|
|
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface; |
|
15
|
|
|
use Symfony\Component\Security\Core\Authorization\Voter\Voter; |
|
16
|
|
|
use Symfony\Component\Security\Core\User\UserInterface; |
|
17
|
|
|
|
|
18
|
|
|
/** |
|
19
|
|
|
* Class GroupVoter. |
|
20
|
|
|
* |
|
21
|
|
|
* @package Chamilo\CoreBundle\Security\Authorization\Voter |
|
22
|
|
|
*/ |
|
23
|
|
|
class GroupVoter extends Voter |
|
24
|
|
|
{ |
|
25
|
|
|
public const VIEW = 'VIEW'; |
|
26
|
|
|
public const EDIT = 'EDIT'; |
|
27
|
|
|
public const DELETE = 'DELETE'; |
|
28
|
|
|
|
|
29
|
|
|
private $entityManager; |
|
30
|
|
|
private $courseManager; |
|
31
|
|
|
private $groupManager; |
|
32
|
|
|
private $authorizationChecker; |
|
33
|
|
|
private $container; |
|
34
|
|
|
|
|
35
|
|
|
/** |
|
36
|
|
|
* @param EntityManager $entityManager |
|
37
|
|
|
* @param CourseManager $courseManager |
|
38
|
|
|
* @param GroupManager $groupManager |
|
39
|
|
|
* @param AuthorizationCheckerInterface $authorizationChecker |
|
40
|
|
|
* @param ContainerInterface $container |
|
41
|
|
|
*/ |
|
42
|
|
|
public function __construct( |
|
43
|
|
|
EntityManager $entityManager, |
|
44
|
|
|
CourseManager $courseManager, |
|
45
|
|
|
GroupManager $groupManager, |
|
46
|
|
|
AuthorizationCheckerInterface $authorizationChecker, |
|
47
|
|
|
ContainerInterface $container |
|
48
|
|
|
) { |
|
49
|
|
|
$this->entityManager = $entityManager; |
|
50
|
|
|
$this->courseManager = $courseManager; |
|
51
|
|
|
$this->groupManager = $groupManager; |
|
52
|
|
|
$this->authorizationChecker = $authorizationChecker; |
|
53
|
|
|
$this->container = $container; |
|
54
|
|
|
} |
|
55
|
|
|
|
|
56
|
|
|
/** |
|
57
|
|
|
* @return AuthorizationCheckerInterface |
|
58
|
|
|
*/ |
|
59
|
|
|
public function getAuthorizationChecker() |
|
60
|
|
|
{ |
|
61
|
|
|
return $this->authorizationChecker; |
|
62
|
|
|
} |
|
63
|
|
|
|
|
64
|
|
|
/** |
|
65
|
|
|
* @return EntityManager |
|
66
|
|
|
*/ |
|
67
|
|
|
public function getEntityManager() |
|
68
|
|
|
{ |
|
69
|
|
|
return $this->entityManager; |
|
70
|
|
|
} |
|
71
|
|
|
|
|
72
|
|
|
/** |
|
73
|
|
|
* @return CourseManager |
|
74
|
|
|
*/ |
|
75
|
|
|
public function getCourseManager() |
|
76
|
|
|
{ |
|
77
|
|
|
return $this->courseManager; |
|
78
|
|
|
} |
|
79
|
|
|
|
|
80
|
|
|
/** |
|
81
|
|
|
* @return GroupManager |
|
82
|
|
|
*/ |
|
83
|
|
|
public function getGroupManager() |
|
84
|
|
|
{ |
|
85
|
|
|
return $this->groupManager; |
|
86
|
|
|
} |
|
87
|
|
|
|
|
88
|
|
|
/** |
|
89
|
|
|
* {@inheritdoc} |
|
90
|
|
|
*/ |
|
91
|
|
|
protected function supports($attribute, $subject): bool |
|
92
|
|
|
{ |
|
93
|
|
|
$options = [ |
|
94
|
|
|
self::VIEW, |
|
95
|
|
|
self::EDIT, |
|
96
|
|
|
self::DELETE, |
|
97
|
|
|
]; |
|
98
|
|
|
|
|
99
|
|
|
// if the attribute isn't one we support, return false |
|
100
|
|
|
if (!in_array($attribute, $options)) { |
|
101
|
|
|
return false; |
|
102
|
|
|
} |
|
103
|
|
|
|
|
104
|
|
|
// only vote on Post objects inside this voter |
|
105
|
|
|
if (!$subject instanceof CGroupInfo) { |
|
106
|
|
|
return false; |
|
107
|
|
|
} |
|
108
|
|
|
|
|
109
|
|
|
return true; |
|
110
|
|
|
} |
|
111
|
|
|
|
|
112
|
|
|
/** |
|
113
|
|
|
* {@inheritdoc} |
|
114
|
|
|
*/ |
|
115
|
|
|
protected function voteOnAttribute($attribute, $group, TokenInterface $token): bool |
|
116
|
|
|
{ |
|
117
|
|
|
$user = $token->getUser(); |
|
118
|
|
|
|
|
119
|
|
|
// make sure there is a user object (i.e. that the user is logged in) |
|
120
|
|
|
if (!$user instanceof UserInterface) { |
|
121
|
|
|
return false; |
|
122
|
|
|
} |
|
123
|
|
|
|
|
124
|
|
|
if ($group == false) { |
|
125
|
|
|
return false; |
|
126
|
|
|
} |
|
127
|
|
|
|
|
128
|
|
|
$authChecker = $this->getAuthorizationChecker(); |
|
129
|
|
|
|
|
130
|
|
|
// Admins have access to everything |
|
131
|
|
|
if ($authChecker->isGranted('ROLE_ADMIN')) { |
|
132
|
|
|
return true; |
|
133
|
|
|
} |
|
134
|
|
|
|
|
135
|
|
|
$groupInfo = [ |
|
136
|
|
|
'id' => $group->getId(), |
|
137
|
|
|
'session_id' => 0, |
|
138
|
|
|
'status' => $group->getStatus(), |
|
139
|
|
|
]; |
|
140
|
|
|
|
|
141
|
|
|
// Legacy |
|
142
|
|
|
return \GroupManager::userHasAccessToBrowse($user->getId(), $groupInfo); |
|
143
|
|
|
|
|
144
|
|
|
switch ($attribute) { |
|
|
|
|
|
|
145
|
|
|
case self::VIEW: |
|
146
|
|
|
if (!$group->hasUserInCourse($user, $course)) { |
|
147
|
|
|
$user->addRole('ROLE_CURRENT_SESSION_COURSE_STUDENT'); |
|
148
|
|
|
|
|
149
|
|
|
return true; |
|
150
|
|
|
} |
|
151
|
|
|
|
|
152
|
|
|
break; |
|
153
|
|
|
case self::EDIT: |
|
154
|
|
|
case self::DELETE: |
|
155
|
|
|
if (!$session->hasCoachInCourseWithStatus($user, $course)) { |
|
156
|
|
|
$user->addRole('ROLE_CURRENT_SESSION_COURSE_TEACHER'); |
|
157
|
|
|
|
|
158
|
|
|
return true; |
|
159
|
|
|
} |
|
160
|
|
|
break; |
|
161
|
|
|
} |
|
162
|
|
|
dump("You don't have access to this group!!"); |
|
|
|
|
|
|
163
|
|
|
|
|
164
|
|
|
return false; |
|
165
|
|
|
} |
|
166
|
|
|
} |
|
167
|
|
|
|
chamilo /
chamilo-lms
Loading history...
This check looks for unreachable code. It uses sophisticated control flow analysis techniques to find statements which will never be executed.
Unreachable code is most often the result of
return,dieorexitstatements that have been added for debug purposes.In the above example, the last
return falsewill never be executed, because a return statement has already been met in every possible execution path.