|
1
|
|
|
<?php |
|
2
|
|
|
/** |
|
3
|
|
|
* Voter deciding, if the provided object is |
|
4
|
|
|
*/ |
|
5
|
|
|
namespace Graviton\SecurityBundle\Voter; |
|
6
|
|
|
|
|
7
|
|
|
use GravitonDyn\ContractBundle\Document\Contract; |
|
8
|
|
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; |
|
9
|
|
|
use Symfony\Component\Security\Core\Authorization\Voter\Voter; |
|
10
|
|
|
|
|
11
|
|
|
/** |
|
12
|
|
|
* @author List of contributors <https://github.com/libgraviton/graviton/graphs/contributors> |
|
13
|
|
|
* @license http://opensource.org/licenses/gpl-license.php GNU Public License |
|
14
|
|
|
* @link http://swisscom.ch |
|
15
|
|
|
*/ |
|
16
|
|
|
class OwnContextVoter extends Voter |
|
17
|
|
|
{ |
|
18
|
|
|
|
|
19
|
|
|
/** |
|
20
|
|
|
* supported classes |
|
21
|
|
|
* |
|
22
|
|
|
* @var array |
|
23
|
|
|
*/ |
|
24
|
|
|
protected $supportedClasses = [ |
|
25
|
|
|
'GravitonDyn\AccountBundle\Document\Account', |
|
26
|
|
|
'GravitonDyn\CustomerBundle\Document\Customer', |
|
27
|
|
|
]; |
|
28
|
|
|
|
|
29
|
|
|
/** |
|
30
|
|
|
* supported attributes |
|
31
|
|
|
* |
|
32
|
|
|
* @var array |
|
33
|
|
|
*/ |
|
34
|
|
|
protected $supportedAttributes = [ |
|
35
|
|
|
'VIEW', |
|
36
|
|
|
'CREATE', |
|
37
|
|
|
'EDIT', |
|
38
|
|
|
'DELETE' |
|
39
|
|
|
]; |
|
40
|
|
|
|
|
41
|
|
|
/** |
|
42
|
|
|
* Determines if the attribute and subject are supported by this voter. |
|
43
|
|
|
* |
|
44
|
|
|
* @param string $attribute An attribute |
|
45
|
|
|
* @param mixed $subject The subject to secure, e.g. an object the user wants to access or any other PHP type |
|
46
|
|
|
* |
|
47
|
|
|
* @return bool True if the attribute and subject are supported, false otherwise |
|
48
|
|
|
*/ |
|
49
|
|
|
protected function supports($attribute, $subject) |
|
50
|
|
|
{ |
|
51
|
|
|
return (isset($this->supportedAttributes[$attribute]) && isset($this->supportedClasses[$subject])); |
|
52
|
|
|
} |
|
53
|
|
|
|
|
54
|
|
|
/** |
|
55
|
|
|
* Perform a single access check operation on a given attribute, subject and token. |
|
56
|
|
|
* It is safe to assume that $attribute and $subject already passed the "supports()" method check. |
|
57
|
|
|
* |
|
58
|
|
|
* @param string $attribute attribute |
|
59
|
|
|
* @param mixed $subject subject |
|
60
|
|
|
* @param TokenInterface $token token |
|
61
|
|
|
* |
|
62
|
|
|
* @return bool |
|
63
|
|
|
*/ |
|
64
|
4 |
|
protected function voteOnAttribute($attribute, $subject, TokenInterface $token) |
|
65
|
|
|
{ |
|
66
|
4 |
|
$user = $token->getUser(); |
|
67
|
|
|
|
|
68
|
4 |
|
if (null === $user || !($user instanceof \Graviton\SecurityBundle\Entities\SecurityContract)) { |
|
69
|
2 |
|
return false; |
|
70
|
|
|
} |
|
71
|
|
|
|
|
72
|
|
|
/** @var \GravitonDyn\ContractBundle\Document\Contract $contract */ |
|
73
|
2 |
|
$contract = $user->getContract(); |
|
74
|
|
|
|
|
75
|
2 |
|
return $this->grantByAccount($contract, $subject) |
|
76
|
2 |
|
|| $this->grantByCustomer($contract, $subject); |
|
77
|
|
|
} |
|
78
|
|
|
|
|
79
|
|
|
/** |
|
80
|
|
|
* Determines, if the given object is of type Account and if it in the set of accounts related to the contract. |
|
81
|
|
|
* |
|
82
|
|
|
* @param Contract $contract The current contract identified by provided the access token. |
|
83
|
|
|
* @param mixed $object The object to be handled |
|
84
|
|
|
* |
|
85
|
|
|
* @return bool |
|
86
|
|
|
*/ |
|
87
|
6 |
|
protected function grantByAccount(Contract $contract, $object) |
|
|
|
|
|
|
88
|
|
|
{ |
|
89
|
6 |
|
if ($object instanceof \GravitonDyn\AccountBundle\Document\Account) { |
|
90
|
2 |
|
return $contract->getAccount()->contains($object); |
|
91
|
|
|
} |
|
92
|
|
|
|
|
93
|
4 |
|
return false; |
|
94
|
|
|
} |
|
95
|
|
|
|
|
96
|
|
|
/** |
|
97
|
|
|
* Determines, if the given object is of type Customer and if it is related to the contract. |
|
98
|
|
|
* |
|
99
|
|
|
* @param Contract $contract The current contract identified by provided the access token. |
|
100
|
|
|
* @param mixed $object The object to be handled |
|
101
|
|
|
* |
|
102
|
|
|
* @return bool |
|
103
|
|
|
*/ |
|
104
|
6 |
|
protected function grantByCustomer(Contract $contract, $object) |
|
|
|
|
|
|
105
|
|
|
{ |
|
106
|
6 |
|
if ($object instanceof \GravitonDyn\CustomerBundle\Document\Customer) { |
|
107
|
2 |
|
return $contract->getCustomer() == $object; |
|
108
|
|
|
} |
|
109
|
|
|
|
|
110
|
4 |
|
return false; |
|
111
|
|
|
} |
|
112
|
|
|
} |
|
113
|
|
|
|
libgraviton /
graviton
Loading history...
This check examines a number of code elements and verifies that they conform to the given naming conventions.
You can set conventions for local variables, abstract classes, utility classes, constant, properties, methods, parameters, interfaces, classes, exceptions and special methods.