vendor/ibexa/core/src/lib/MVC/Symfony/Security/Authorization/Voter/ValueObjectVoter.php line 17

Open in your IDE?
  1. <?php
  3. /**
  4. * @copyright Copyright (C) Ibexa AS. All rights reserved.
  5. * @license For full copyright and license information view LICENSE file distributed with this source code.
  6. */
  7. namespace Ibexa\Core\MVC\Symfony\Security\Authorization\Voter;
  9. use Ibexa\Contracts\Core\Repository\PermissionResolver;
  10. use Ibexa\Core\MVC\Symfony\Security\Authorization\Attribute as AuthorizationAttribute;
  11. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  12. use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
  14. /**
  15. * Voter to test access to a ValueObject from Repository (e.g. Content, Location...).
  16. */
  17. class ValueObjectVoter implements VoterInterface
  18. {
  19. /** @var \Ibexa\Contracts\Core\Repository\PermissionResolver */
  20. private $permissionResolver;
  22. public function __construct(PermissionResolver $permissionResolver)
  23. {
  24. $this->permissionResolver = $permissionResolver;
  25. }
  27. public function supportsAttribute($attribute)
  28. {
  29. return $attribute instanceof AuthorizationAttribute && isset($attribute->limitations['valueObject']);
  30. }
  32. public function supportsClass($class)
  33. {
  34. return true;
  35. }
  37. /**
  38. * Returns the vote for the given parameters.
  39. * Checks if user has access to a given action on a given value object.
  40. *
  41. * $attributes->limitations is a hash that contains:
  42. * - 'valueObject' - The {@see \Ibexa\Contracts\Core\Repository\Values\ValueObject} to check access on. e.g. Location or Content.
  43. * - 'targets' - The location, parent or "assignment" value object, or an array of the same.
  44. *
  45. * This method must return one of the following constants:
  46. * ACCESS_GRANTED, ACCESS_DENIED, or ACCESS_ABSTAIN.
  47. *
  48. * @see \Ibexa\Contracts\Core\Repository\PermissionResolver::canUser()
  49. *
  50. * @param \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token A TokenInterface instance
  51. * @param object $object The object to secure
  52. * @param array $attributes An array of attributes associated with the method being invoked
  53. *
  54. * @return int either ACCESS_GRANTED, ACCESS_ABSTAIN, or ACCESS_DENIED
  55. */
  56. public function vote(TokenInterface $token, $object, array $attributes)
  57. {
  58. foreach ($attributes as $attribute) {
  59. if ($this->supportsAttribute($attribute)) {
  60. $targets = isset($attribute->limitations['targets']) ? $attribute->limitations['targets'] : [];
  61. if (
  62. $this->permissionResolver->canUser(
  63. $attribute->module,
  64. $attribute->function,
  65. $attribute->limitations['valueObject'],
  66. $targets
  67. ) === false
  68. ) {
  69. return VoterInterface::ACCESS_DENIED;
  70. }
  72. return VoterInterface::ACCESS_GRANTED;
  73. }
  74. }
  76. return VoterInterface::ACCESS_ABSTAIN;
  77. }
  78. }
  80. class_alias(ValueObjectVoter::class, 'eZ\Publish\Core\MVC\Symfony\Security\Authorization\Voter\ValueObjectVoter');