groove/Part-DB-server
1
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-12-22 19:09:31 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Use the new VoterHelper in voters

Browse source
This commit is contained in:
Jan Böhmer 2023-08-28 22:00:25 +02:00
parent fc6643bd6f
commit 6be55d1837
16 changed files with 146 additions and 162 deletions
Download patch file Download diff file Expand all files Collapse all files

23
src/Security/Voter/UserVoter.php
View file

@ -23,10 +23,19 @@ declare(strict_types=1);
namespace App\Security\Voter;
use App\Entity\UserSystem\User;
use App\Services\UserSystem\PermissionManager;
use App\Services\UserSystem\VoterHelper;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use function in_array;
class UserVoter extends ExtendedVoter
final class UserVoter extends Voter
{
public function __construct(private readonly VoterHelper $helper, private readonly PermissionManager $resolver)
{
}
/**
* Determines if the attribute and subject are supported by this voter.
*
@ -57,8 +66,10 @@ class UserVoter extends ExtendedVoter
*
* @param string $attribute
*/
protected function voteOnUser(string $attribute, $subject, User $user): bool
protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
{
$user = $this->helper->resolveUser($token);
if ($attribute === 'info') {
//Every logged-in user (non-anonymous) can see the info pages of other users
if (!$user->isAnonymousUser()) {
@ -71,9 +82,9 @@ class UserVoter extends ExtendedVoter
//Check if the checked user is the user itself
if (($subject instanceof User) && $subject->getID() === $user->getID() &&
$this->resolver->isValidOperation('self', $attribute)) {
$this->helper->isValidOperation('self', $attribute)) {
//Then we also need to check the self permission
$tmp = $this->resolver->inherit($user, 'self', $attribute) ?? false;
$tmp = $this->helper->isGranted($token, 'self', $attribute);
//But if the self value is not allowed then use just the user value:
if ($tmp) {
return $tmp;
@ -81,8 +92,8 @@ class UserVoter extends ExtendedVoter
}
//Else just check user permission:
if ($this->resolver->isValidOperation('users', $attribute)) {
return $this->resolver->inherit($user, 'users', $attribute) ?? false;
if ($this->helper->isValidOperation('users', $attribute)) {
return $this->helper->isGranted($token, 'users', $attribute);
}
return false;