|
1
|
|
|
<?php |
|
2
|
|
|
/* For licensing terms, see /license.txt */ |
|
3
|
|
|
|
|
4
|
|
|
namespace Chamilo\CoreBundle\Security\Authorization\Voter; |
|
5
|
|
|
|
|
6
|
|
|
use Chamilo\CoreBundle\Entity\Course; |
|
7
|
|
|
use Chamilo\CoreBundle\Entity\Manager\CourseManager; |
|
8
|
|
|
use Chamilo\UserBundle\Entity\User; |
|
9
|
|
|
use Doctrine\ORM\EntityManager; |
|
10
|
|
|
use Symfony\Component\DependencyInjection\ContainerInterface; |
|
11
|
|
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; |
|
12
|
|
|
use Symfony\Component\Security\Core\Authorization\Voter\Voter as AbstractVoter; |
|
13
|
|
|
use Symfony\Component\Security\Core\User\UserInterface; |
|
14
|
|
|
|
|
15
|
|
|
/** |
|
16
|
|
|
* Class CourseVoter |
|
17
|
|
|
* @package Chamilo\CoreBundle\Security\Authorization\Voter |
|
18
|
|
|
*/ |
|
19
|
|
|
class CourseVoter extends AbstractVoter |
|
20
|
|
|
{ |
|
21
|
|
|
const VIEW = 'VIEW'; |
|
22
|
|
|
const EDIT = 'EDIT'; |
|
23
|
|
|
const DELETE = 'DELETE'; |
|
24
|
|
|
|
|
25
|
|
|
private $entityManager; |
|
26
|
|
|
private $courseManager; |
|
27
|
|
|
private $container; |
|
28
|
|
|
|
|
29
|
|
|
/** |
|
30
|
|
|
* @param EntityManager $entityManager |
|
31
|
|
|
* @param CourseManager $courseManager |
|
32
|
|
|
* @param ContainerInterface $container |
|
33
|
|
|
*/ |
|
34
|
|
|
public function __construct( |
|
35
|
|
|
EntityManager $entityManager, |
|
|
|
|
|
|
36
|
|
|
CourseManager $courseManager, |
|
37
|
|
|
ContainerInterface $container |
|
38
|
|
|
) { |
|
39
|
|
|
$this->entityManager = $entityManager; |
|
40
|
|
|
$this->courseManager = $courseManager; |
|
41
|
|
|
$this->container = $container; |
|
42
|
|
|
} |
|
43
|
|
|
|
|
44
|
|
|
/** |
|
45
|
|
|
* @return EntityManager |
|
46
|
|
|
*/ |
|
47
|
|
|
public function getEntityManager() |
|
48
|
|
|
{ |
|
49
|
|
|
return $this->entityManager; |
|
50
|
|
|
} |
|
51
|
|
|
|
|
52
|
|
|
/** |
|
53
|
|
|
* @return CourseManager |
|
54
|
|
|
*/ |
|
55
|
|
|
public function getCourseManager() |
|
56
|
|
|
{ |
|
57
|
|
|
return $this->courseManager; |
|
58
|
|
|
} |
|
59
|
|
|
|
|
60
|
|
|
/** |
|
61
|
|
|
* @inheritdoc |
|
62
|
|
|
*/ |
|
63
|
|
View Code Duplication |
protected function supports($attribute, $subject) |
|
64
|
|
|
{ |
|
65
|
|
|
$options = [ |
|
66
|
|
|
self::VIEW, |
|
67
|
|
|
self::EDIT, |
|
68
|
|
|
self::DELETE |
|
69
|
|
|
]; |
|
70
|
|
|
|
|
71
|
|
|
// if the attribute isn't one we support, return false |
|
72
|
|
|
if (!in_array($attribute, $options)) { |
|
73
|
|
|
return false; |
|
74
|
|
|
} |
|
75
|
|
|
|
|
76
|
|
|
// only vote on Post objects inside this voter |
|
77
|
|
|
if (!$subject instanceof Course) { |
|
78
|
|
|
return false; |
|
79
|
|
|
} |
|
80
|
|
|
|
|
81
|
|
|
return true; |
|
82
|
|
|
} |
|
83
|
|
|
|
|
84
|
|
|
/** |
|
85
|
|
|
* @inheritdoc |
|
86
|
|
|
*/ |
|
87
|
|
|
protected function voteOnAttribute($attribute, $course, TokenInterface $token) |
|
88
|
|
|
{ |
|
89
|
|
|
$user = $token->getUser(); |
|
90
|
|
|
// Anons can enter a course depending of the course visibility |
|
91
|
|
|
/*if (!$user instanceof UserInterface) { |
|
92
|
|
|
return false; |
|
93
|
|
|
}*/ |
|
94
|
|
|
|
|
95
|
|
|
$authChecker = $this->container->get('security.authorization_checker'); |
|
96
|
|
|
|
|
97
|
|
|
// Admins have access to everything |
|
98
|
|
|
if ($authChecker->isGranted('ROLE_ADMIN')) { |
|
99
|
|
|
|
|
100
|
|
|
return true; |
|
101
|
|
|
} |
|
102
|
|
|
|
|
103
|
|
|
// Course is active? |
|
104
|
|
|
if (!$course->isActive()) { |
|
105
|
|
|
|
|
106
|
|
|
return false; |
|
107
|
|
|
} |
|
108
|
|
|
|
|
109
|
|
|
switch ($attribute) { |
|
110
|
|
|
case self::VIEW: |
|
111
|
|
|
// "Open to the world" no need to check if user is registered |
|
112
|
|
|
if ($course->isPublic()) { |
|
113
|
|
|
|
|
114
|
|
|
return true; |
|
115
|
|
|
} |
|
116
|
|
|
|
|
117
|
|
|
// Other course visibility need to have a user set |
|
118
|
|
|
if (!$user instanceof UserInterface) { |
|
119
|
|
|
return false; |
|
120
|
|
|
} |
|
121
|
|
|
|
|
122
|
|
|
// User is subscribed in the course no matter if is teacher/student |
|
123
|
|
|
if ($course->hasUser($user)) { |
|
124
|
|
|
|
|
125
|
|
|
$user->addRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_STUDENT); |
|
126
|
|
|
|
|
127
|
|
|
return true; |
|
128
|
|
|
} |
|
129
|
|
|
|
|
130
|
|
|
break; |
|
131
|
|
|
case self::EDIT: |
|
132
|
|
|
case self::DELETE: |
|
133
|
|
|
// Only teacher can edit/delete stuff |
|
134
|
|
|
if ($course->hasTeacher($user)) { |
|
135
|
|
|
$user->addRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_TEACHER); |
|
136
|
|
|
|
|
137
|
|
|
return true; |
|
138
|
|
|
} |
|
139
|
|
|
break; |
|
140
|
|
|
} |
|
141
|
|
|
|
|
142
|
|
|
return false; |
|
143
|
|
|
} |
|
144
|
|
|
} |
|
145
|
|
|
|
chamilo /
chamilo-lms
The
EntityManagermight become unusable for example if a transaction is rolled back and it gets closed. Let’s assume that somewhere in your application, or in a third-party library, there is code such as the following:If that code throws an exception and the
EntityManageris closed. Any other code which depends on the same instance of theEntityManagerduring this request will fail.On the other hand, if you instead inject the
ManagerRegistry, thegetManager()method guarantees that you will always get a usable manager instance.