cultuurnet /
udb3-php
| @@ 13-79 (lines=67) @@ | ||
| 10 | use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; |
|
| 11 | use ValueObjects\String\String; |
|
| 12 | ||
| 13 | class Security implements SecurityInterface |
|
| 14 | { |
|
| 15 | /** |
|
| 16 | * @var PermissionQueryInterface |
|
| 17 | */ |
|
| 18 | private $permissionRepository; |
|
| 19 | ||
| 20 | /** |
|
| 21 | * @var TokenStorageInterface |
|
| 22 | */ |
|
| 23 | private $tokenStorage; |
|
| 24 | ||
| 25 | public function __construct( |
|
| 26 | TokenStorageInterface $tokenStorage, |
|
| 27 | PermissionQueryInterface $permissionRepository |
|
| 28 | ) { |
|
| 29 | $this->tokenStorage = $tokenStorage; |
|
| 30 | $this->permissionRepository = $permissionRepository; |
|
| 31 | } |
|
| 32 | ||
| 33 | /** |
|
| 34 | * @inheritdoc |
|
| 35 | */ |
|
| 36 | public function allowsUpdateWithCdbXml(String $eventId) |
|
| 37 | { |
|
| 38 | return $this->currentUiTIDUserCanEditEvent($eventId); |
|
| 39 | } |
|
| 40 | ||
| 41 | /** |
|
| 42 | * @inheritdoc |
|
| 43 | */ |
|
| 44 | public function allowsUpdates(String $eventId) |
|
| 45 | { |
|
| 46 | return $this->currentUiTIDUserCanEditEvent($eventId); |
|
| 47 | } |
|
| 48 | ||
| 49 | /** |
|
| 50 | * @param String $eventId |
|
| 51 | * @return bool |
|
| 52 | */ |
|
| 53 | private function currentUiTIDUserCanEditEvent(String $eventId) |
|
| 54 | { |
|
| 55 | $token = $this->tokenStorage->getToken(); |
|
| 56 | ||
| 57 | if (!$token) { |
|
| 58 | return false; |
|
| 59 | } |
|
| 60 | ||
| 61 | $user = $token->getUser(); |
|
| 62 | ||
| 63 | if ($user instanceof User) { |
|
| 64 | $userId = new String($user->getUid()); |
|
| 65 | } else if ($user instanceof \CultuurNet\UiTIDProvider\User\User) { |
|
| 66 | $userId = new String($user->id); |
|
| 67 | } |
|
| 68 | ||
| 69 | if (!isset($userId)) { |
|
| 70 | return false; |
|
| 71 | } |
|
| 72 | ||
| 73 | $editableEvents = $this->permissionRepository->getEditableEvents( |
|
| 74 | $userId |
|
| 75 | ); |
|
| 76 | ||
| 77 | return in_array($eventId, $editableEvents); |
|
| 78 | } |
|
| 79 | } |
|
| 80 | ||
| @@ 14-80 (lines=67) @@ | ||
| 11 | use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; |
|
| 12 | use ValueObjects\String\String; |
|
| 13 | ||
| 14 | class Security implements SecurityInterface |
|
| 15 | { |
|
| 16 | /** |
|
| 17 | * @var PermissionQueryInterface |
|
| 18 | */ |
|
| 19 | private $permissionRepository; |
|
| 20 | ||
| 21 | /** |
|
| 22 | * @var TokenStorageInterface |
|
| 23 | */ |
|
| 24 | private $tokenStorage; |
|
| 25 | ||
| 26 | public function __construct( |
|
| 27 | TokenStorageInterface $tokenStorage, |
|
| 28 | PermissionQueryInterface $permissionRepository |
|
| 29 | ) { |
|
| 30 | $this->tokenStorage = $tokenStorage; |
|
| 31 | $this->permissionRepository = $permissionRepository; |
|
| 32 | } |
|
| 33 | ||
| 34 | /** |
|
| 35 | * @inheritdoc |
|
| 36 | */ |
|
| 37 | public function allowsUpdateWithCdbXml(String $eventId) |
|
| 38 | { |
|
| 39 | return $this->currentUiTIDUserCanEditPlace($eventId); |
|
| 40 | } |
|
| 41 | ||
| 42 | /** |
|
| 43 | * @inheritdoc |
|
| 44 | */ |
|
| 45 | public function allowsUpdates(String $eventId) |
|
| 46 | { |
|
| 47 | return $this->currentUiTIDUserCanEditPlace($eventId); |
|
| 48 | } |
|
| 49 | ||
| 50 | /** |
|
| 51 | * @param String $placeId |
|
| 52 | * @return bool |
|
| 53 | */ |
|
| 54 | private function currentUiTIDUserCanEditPlace(String $placeId) |
|
| 55 | { |
|
| 56 | $token = $this->tokenStorage->getToken(); |
|
| 57 | ||
| 58 | if (!$token) { |
|
| 59 | return false; |
|
| 60 | } |
|
| 61 | ||
| 62 | $user = $token->getUser(); |
|
| 63 | ||
| 64 | if ($user instanceof User) { |
|
| 65 | $userId = new String($user->getUid()); |
|
| 66 | } else if ($user instanceof \CultuurNet\UiTIDProvider\User\User) { |
|
| 67 | $userId = new String($user->id); |
|
| 68 | } |
|
| 69 | ||
| 70 | if (!isset($userId)) { |
|
| 71 | return false; |
|
| 72 | } |
|
| 73 | ||
| 74 | $editableEvents = $this->permissionRepository->getEditablePlaces( |
|
| 75 | $userId |
|
| 76 | ); |
|
| 77 | ||
| 78 | return in_array($placeId, $editableEvents); |
|
| 79 | } |
|
| 80 | } |
|
| 81 | ||
