Part-DB-server/src/Security/Voter/PermissionVoter.php

<?php
/**
 * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
 *
 * Copyright (C) 2019 - 2022 Jan Böhmer (https://github.com/jbtronics)
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as published
 * by the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <https://www.gnu.org/licenses/>.
 */

declare(strict_types=1);

namespace App\Security\Voter;

use App\Entity\UserSystem\User;
use App\Services\UserSystem\VoterHelper;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;

/**
 * This voter allows you to directly check permissions from the permission structure, without passing an object.
 * This use the syntax like "@permission.op"
 * However you should use the "normal" object based voters if possible, because they are needed for a future ACL system.
 * @phpstan-extends Voter<non-empty-string, null>
 */
final class PermissionVoter extends Voter
{
    public function __construct(private readonly VoterHelper $helper)
    {

    }

    protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool
    {
        $attribute = ltrim($attribute, '@');
        [$perm, $op] = explode('.', $attribute);

        return $this->helper->isGranted($token, $perm, $op);
    }

    public function supportsAttribute(string $attribute): bool
    {
        //Check if the attribute has the form '@permission.operation'
        return preg_match('#^@\\w+\\.\\w+$#', $attribute) === 1;
    }

    /**
     * Determines if the attribute and subject are supported by this voter.
     *
     * @param  string  $attribute An attribute
     * @param mixed  $subject   The subject to secure, e.g. an object the user wants to access or any other PHP type
     *
     * @return bool True if the attribute and subject are supported, false otherwise
     */
    protected function supports(string $attribute, mixed $subject): bool
    {
        //Check if the attribute has the form @permission.operation
        if (preg_match('#^@\\w+\\.\\w+$#', $attribute)) {
            $attribute = ltrim($attribute, '@');
            [$perm, $op] = explode('.', $attribute);

            $valid = $this->helper->isValidOperation($perm, $op);

            //if an invalid operation is encountered, throw an exception so the developer knows it
            if(!$valid) {
                throw new \RuntimeException('Encountered invalid permission operation "'.$op.'" for permission "'.$perm.'"!');
            }

            return true;
        }

        return false;
    }
}
Added permission checking for part price edit page. 2019-09-13 17:46:26 +02:00			`<?php`
Changed license to AGPL3+ 2020-02-22 18:14:36 +01:00			`/**`
			`* This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).`
			`*`
Removed old GPLv2 copyright header 2022-11-29 22:28:53 +01:00			`* Copyright (C) 2019 - 2022 Jan Böhmer (https://github.com/jbtronics)`
Changed license to AGPL3+ 2020-02-22 18:14:36 +01:00			`*`
			`* This program is free software: you can redistribute it and/or modify`
			`* it under the terms of the GNU Affero General Public License as published`
			`* by the Free Software Foundation, either version 3 of the License, or`
			`* (at your option) any later version.`
			`*`
			`* This program is distributed in the hope that it will be useful,`
			`* but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`* GNU Affero General Public License for more details.`
			`*`
			`* You should have received a copy of the GNU Affero General Public License`
			`* along with this program. If not, see <https://www.gnu.org/licenses/>.`
			`*/`
Applied code style rules to src/ 2020-01-05 15:46:58 +01:00
			`declare(strict_types=1);`

Added permission checking for part price edit page. 2019-09-13 17:46:26 +02:00			`namespace App\Security\Voter;`

			`use App\Entity\UserSystem\User;`
Added system to restrict permissions based on API token level 2023-08-28 21:20:59 +02:00			`use App\Services\UserSystem\VoterHelper;`
			`use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;`
			`use Symfony\Component\Security\Core\Authorization\Voter\Voter;`
Added permission checking for part price edit page. 2019-09-13 17:46:26 +02:00
			`/**`
			`* This voter allows you to directly check permissions from the permission structure, without passing an object.`
[EventLog] Added permission checking and link in tools tree. 2020-01-25 23:17:06 +01:00			`* This use the syntax like "@permission.op"`
Added permission checking for part price edit page. 2019-09-13 17:46:26 +02:00			`* However you should use the "normal" object based voters if possible, because they are needed for a future ACL system.`
Added phpstan template annotations to Voters to fix phpstan issues 2024-02-19 00:01:16 +01:00			`* @phpstan-extends Voter<non-empty-string, null>`
Added permission checking for part price edit page. 2019-09-13 17:46:26 +02:00			`*/`
Use the new VoterHelper in voters 2023-08-28 22:00:25 +02:00			`final class PermissionVoter extends Voter`
Added permission checking for part price edit page. 2019-09-13 17:46:26 +02:00			`{`
Added system to restrict permissions based on API token level 2023-08-28 21:20:59 +02:00			`public function __construct(private readonly VoterHelper $helper)`
			`{`

			`}`

			`protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool`
Added permission checking for part price edit page. 2019-09-13 17:46:26 +02:00			`{`
			`$attribute = ltrim($attribute, '@');`
			`[$perm, $op] = explode('.', $attribute);`
Added an PHP CS fixer config file and applied it to files. We now use the same the same style as the symfony project, and it allows us to simply fix the style by executing php_cs_fixer fix in the project root. 2019-11-09 00:47:20 +01:00
Added system to restrict permissions based on API token level 2023-08-28 21:20:59 +02:00			`return $this->helper->isGranted($token, $perm, $op);`
Added permission checking for part price edit page. 2019-09-13 17:46:26 +02:00			`}`

Allow to cache support status of voters This should increase the performance a bit 2023-08-28 23:06:37 +02:00			`public function supportsAttribute(string $attribute): bool`
			`{`
			`//Check if the attribute has the form '@permission.operation'`
			`return preg_match('#^@\\w+\\.\\w+$#', $attribute) === 1;`
			`}`

Added permission checking for part price edit page. 2019-09-13 17:46:26 +02:00			`/**`
			`* Determines if the attribute and subject are supported by this voter.`
			`*`
Fixed some deprecations. 2022-08-14 19:09:07 +02:00			`* @param string $attribute An attribute`
Added an PHP CS fixer config file and applied it to files. We now use the same the same style as the symfony project, and it allows us to simply fix the style by executing php_cs_fixer fix in the project root. 2019-11-09 00:47:20 +01:00			`* @param mixed $subject The subject to secure, e.g. an object the user wants to access or any other PHP type`
Added permission checking for part price edit page. 2019-09-13 17:46:26 +02:00			`*`
			`* @return bool True if the attribute and subject are supported, false otherwise`
			`*/`
Fixed further inspection issues 2024-03-03 20:33:24 +01:00			`protected function supports(string $attribute, mixed $subject): bool`
Added permission checking for part price edit page. 2019-09-13 17:46:26 +02:00			`{`
			`//Check if the attribute has the form @permission.operation`
Applied symplify rules to codebase. 2020-01-05 22:49:00 +01:00			`if (preg_match('#^@\\w+\\.\\w+$#', $attribute)) {`
Added permission checking for part price edit page. 2019-09-13 17:46:26 +02:00			`$attribute = ltrim($attribute, '@');`
			`[$perm, $op] = explode('.', $attribute);`
Added an PHP CS fixer config file and applied it to files. We now use the same the same style as the symfony project, and it allows us to simply fix the style by executing php_cs_fixer fix in the project root. 2019-11-09 00:47:20 +01:00
Use the new VoterHelper in voters 2023-08-28 22:00:25 +02:00			`$valid = $this->helper->isValidOperation($perm, $op);`
Improved access control for part lists. 2022-10-31 23:10:21 +01:00
			`//if an invalid operation is encountered, throw an exception so the developer knows it`
Fixed some exception about non existing part_attachments permission 2022-11-02 23:20:30 +01:00			`if(!$valid) {`
			`throw new \RuntimeException('Encountered invalid permission operation "'.$op.'" for permission "'.$perm.'"!');`
			`}`
Improved access control for part lists. 2022-10-31 23:10:21 +01:00
			`return true;`
Added permission checking for part price edit page. 2019-09-13 17:46:26 +02:00			`}`

			`return false;`
			`}`
Added an PHP CS fixer config file and applied it to files. We now use the same the same style as the symfony project, and it allows us to simply fix the style by executing php_cs_fixer fix in the project root. 2019-11-09 00:47:20 +01:00			`}`