|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
* Voter deciding, if the provided object is |
|
4
|
|
|
*/ |
|
5
|
|
|
namespace Graviton\SecurityBundle\Voter; |
|
6
|
|
|
|
|
7
|
|
|
use GravitonDyn\ContractBundle\Document\Contract; |
|
8
|
|
|
use Symfony\Component\Security\Core\Authorization\Voter\AbstractVoter; |
|
9
|
|
|
use Symfony\Component\Security\Core\User\UserInterface; |
|
10
|
|
|
|
|
11
|
|
|
/** |
|
12
|
|
|
* @author List of contributors <https://github.com/libgraviton/graviton/graphs/contributors> |
|
13
|
|
|
* @license http://opensource.org/licenses/gpl-license.php GNU Public License |
|
14
|
|
|
* @link http://swisscom.ch |
|
15
|
|
|
*/ |
|
16
|
|
|
class OwnContextVoter extends AbstractVoter |
|
|
|
|
|
|
17
|
|
|
{ |
|
18
|
|
|
/** |
|
19
|
|
|
* Return an array of supported classes. This will be called by supportsClass |
|
20
|
|
|
* |
|
21
|
|
|
* @return array an array of supported classes, i.e. array('Acme\DemoBundle\Model\Product') |
|
|
|
|
|
|
22
|
|
|
*/ |
|
23
|
1 |
|
protected function getSupportedClasses() |
|
24
|
|
|
{ |
|
25
|
|
|
return array( |
|
26
|
1 |
|
'GravitonDyn\AccountBundle\Document\Account', |
|
27
|
1 |
|
'GravitonDyn\CustomerBundle\Document\Customer', |
|
28
|
1 |
|
); |
|
29
|
|
|
} |
|
30
|
|
|
|
|
31
|
|
|
/** |
|
32
|
|
|
* Return an array of supported attributes. This will be called by supportsAttribute |
|
33
|
|
|
* |
|
34
|
|
|
* @return array an array of supported attributes, i.e. array('CREATE', 'READ') |
|
|
|
|
|
|
35
|
|
|
*/ |
|
36
|
1 |
|
protected function getSupportedAttributes() |
|
37
|
|
|
{ |
|
38
|
|
|
return array( |
|
39
|
1 |
|
'VIEW', |
|
40
|
1 |
|
'CREATE', |
|
41
|
1 |
|
'EDIT', |
|
42
|
1 |
|
'DELETE', |
|
43
|
1 |
|
); |
|
44
|
|
|
} |
|
45
|
|
|
|
|
46
|
|
|
/** |
|
47
|
|
|
* Perform a single access check operation on a given attribute, object and (optionally) user |
|
48
|
|
|
* It is safe to assume that $attribute and $object's class pass supportsAttribute/supportsClass |
|
49
|
|
|
* $user can be one of the following: |
|
50
|
|
|
* a UserInterface object (fully authenticated user) |
|
51
|
|
|
* a string (anonymously authenticated user) |
|
52
|
|
|
* |
|
53
|
|
|
* @param string $attribute The attribute to be checked against. |
|
54
|
|
|
* @param object $object The object the access shall be granted for. |
|
55
|
|
|
* @param UserInterface|string $user The user asking for permission. |
|
|
|
|
|
|
56
|
|
|
* |
|
57
|
|
|
* @return bool |
|
58
|
|
|
*/ |
|
59
|
3 |
|
protected function isGranted($attribute, $object, $user = null) |
|
60
|
|
|
{ |
|
61
|
3 |
|
if (null === $user || !($user instanceof \Graviton\SecurityBundle\Entities\SecurityContract)) { |
|
62
|
2 |
|
return false; |
|
63
|
|
|
} |
|
64
|
|
|
|
|
65
|
|
|
/** @var \GravitonDyn\ContractBundle\Document\Contract $contract */ |
|
66
|
1 |
|
$contract = $user->getContract(); |
|
67
|
|
|
|
|
68
|
1 |
|
return $this->grantByAccount($contract, $object) |
|
69
|
1 |
|
|| $this->grantByCustomer($contract, $object); |
|
70
|
|
|
} |
|
71
|
|
|
|
|
72
|
|
|
|
|
73
|
|
|
/** |
|
74
|
|
|
* Determines, if the given object is of type Account and if it in the set of accounts related to the contract. |
|
75
|
|
|
* |
|
76
|
|
|
* @param Contract $contract The current contract identified by provided the access token. |
|
77
|
|
|
* @param mixed $object The object to be handled |
|
78
|
|
|
* |
|
79
|
|
|
* @return bool |
|
80
|
|
|
*/ |
|
81
|
3 |
|
protected function grantByAccount(Contract $contract, $object) |
|
|
|
|
|
|
82
|
|
|
{ |
|
83
|
3 |
|
if ($object instanceof \GravitonDyn\AccountBundle\Document\Account) { |
|
84
|
1 |
|
return $contract->getAccount()->contains($object); |
|
85
|
|
|
} |
|
86
|
|
|
|
|
87
|
2 |
|
return false; |
|
88
|
|
|
} |
|
89
|
|
|
|
|
90
|
|
|
/** |
|
91
|
|
|
* Determines, if the given object is of type Customer and if it is related to the contract. |
|
92
|
|
|
* |
|
93
|
|
|
* @param Contract $contract The current contract identified by provided the access token. |
|
94
|
|
|
* @param mixed $object The object to be handled |
|
95
|
|
|
* |
|
96
|
|
|
* @return bool |
|
97
|
|
|
*/ |
|
98
|
3 |
|
protected function grantByCustomer(Contract $contract, $object) |
|
|
|
|
|
|
99
|
|
|
{ |
|
100
|
3 |
|
if ($object instanceof \GravitonDyn\CustomerBundle\Document\Customer) { |
|
101
|
1 |
|
return $contract->getCustomer() == $object; |
|
102
|
|
|
} |
|
103
|
|
|
|
|
104
|
2 |
|
return false; |
|
105
|
|
|
} |
|
106
|
|
|
} |
|
107
|
|
|
|
libgraviton /
graviton
Loading history...
This class, trait or interface has been deprecated. The supplier of the file has supplied an explanatory message.
The explanatory message should give you some clue as to whether and when the type will be removed from the class and what other constant to use instead.