vendor/sulu/sulu/src/Sulu/Component/Security/Authorization/SecurityContextVoter.php line 22

Open in your IDE?
  1. <?php
  2. /*
  3.  * This file is part of Sulu.
  4.  *
  5.  * (c) Sulu GmbH
  6.  *
  7.  * This source file is subject to the MIT license that is bundled
  8.  * with this source code in the file LICENSE.
  9.  */
  10. namespace Sulu\Component\Security\Authorization;
  11. use Sulu\Bundle\SecurityBundle\Entity\User;
  12. use Sulu\Component\Security\Authorization\AccessControl\AccessControlManagerInterface;
  13. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  14. use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
  15. /**
  16.  * Checks the Sulu security.
  17.  */
  18. class SecurityContextVoter implements VoterInterface
  19. {
  20.     /**
  21.      * The permissions available, defined by config.
  22.      *
  23.      * @var array
  24.      */
  25.     private $permissions;
  26.     /**
  27.      * @var AccessControlManagerInterface
  28.      */
  29.     private $accessControlManager;
  30.     public function __construct(AccessControlManagerInterface $accessControlManager$permissions)
  31.     {
  32.         $this->accessControlManager $accessControlManager;
  33.         $this->permissions $permissions;
  34.     }
  35.     public function supportsAttribute($attribute)
  36.     {
  37.         return \in_array($attribute, \array_keys($this->permissions));
  38.     }
  39.     public function supportsClass($class)
  40.     {
  41.         return SecurityCondition::class === $class || \is_subclass_of($classSecurityCondition::class);
  42.     }
  43.     public function vote(TokenInterface $token$object, array $attributes)
  44.     {
  45.         /** @var User $user */
  46.         $user $token->getUser();
  47.         if (!\is_object($object) ||
  48.             !$this->supportsClass(\get_class($object))
  49.         ) {
  50.             return VoterInterface::ACCESS_ABSTAIN;
  51.         }
  52.         $userPermissions $this->accessControlManager->getUserPermissions($object$user);
  53.         if (=== \count($userPermissions)) {
  54.             return VoterInterface::ACCESS_DENIED;
  55.         }
  56.         // only if all attributes are granted the access is granted
  57.         foreach ($attributes as $attribute) {
  58.             if (isset($userPermissions[$attribute]) && !$userPermissions[$attribute]) {
  59.                 return VoterInterface::ACCESS_DENIED;
  60.             }
  61.         }
  62.         return VoterInterface::ACCESS_GRANTED;
  63.     }
  64. }