vendor/ibexa/core/src/lib/MVC/Symfony/Security/Authorization/Voter/CoreVoter.php line 14

Open in your IDE?
  1. <?php
  3. /**
  4. * @copyright Copyright (C) Ibexa AS. All rights reserved.
  5. * @license For full copyright and license information view LICENSE file distributed with this source code.
  6. */
  7. namespace Ibexa\Core\MVC\Symfony\Security\Authorization\Voter;
  9. use Ibexa\Contracts\Core\Repository\PermissionResolver;
  10. use Ibexa\Core\MVC\Symfony\Security\Authorization\Attribute as AuthorizationAttribute;
  11. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  12. use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
  14. class CoreVoter implements VoterInterface
  15. {
  16. /** @var \Ibexa\Contracts\Core\Repository\PermissionResolver */
  17. private $permissionResolver;
  19. public function __construct(PermissionResolver $permissionResolver)
  20. {
  21. $this->permissionResolver = $permissionResolver;
  22. }
  24. /**
  25. * Checks if the voter supports the given attribute.
  26. *
  27. * @param string $attribute An attribute
  28. *
  29. * @return bool true if this Voter supports the attribute, false otherwise
  30. */
  31. public function supportsAttribute($attribute)
  32. {
  33. return $attribute instanceof AuthorizationAttribute && empty($attribute->limitations);
  34. }
  36. /**
  37. * Checks if the voter supports the given class.
  38. *
  39. * @param string $class A class name
  40. *
  41. * @return true if this Voter can process the class
  42. */
  43. public function supportsClass($class)
  44. {
  45. return true;
  46. }
  48. /**
  49. * Returns the vote for the given parameters.
  50. *
  51. * This method must return one of the following constants:
  52. * ACCESS_GRANTED, ACCESS_DENIED, or ACCESS_ABSTAIN.
  53. *
  54. * @param \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token A TokenInterface instance
  55. * @param object $object The object to secure
  56. * @param array $attributes An array of attributes associated with the method being invoked
  57. *
  58. * @return int either ACCESS_GRANTED, ACCESS_ABSTAIN, or ACCESS_DENIED
  59. */
  60. public function vote(TokenInterface $token, $object, array $attributes)
  61. {
  62. foreach ($attributes as $attribute) {
  63. if ($this->supportsAttribute($attribute)) {
  64. if ($this->permissionResolver->hasAccess($attribute->module, $attribute->function) === false) {
  65. return VoterInterface::ACCESS_DENIED;
  66. }
  68. return VoterInterface::ACCESS_GRANTED;
  69. }
  70. }
  72. return VoterInterface::ACCESS_ABSTAIN;
  73. }
  74. }
  76. class_alias(CoreVoter::class, 'eZ\Publish\Core\MVC\Symfony\Security\Authorization\Voter\CoreVoter');