rgutierrez/resq
1
0
Fork 0
Code Issues 126 Pull requests 49 Projects Releases 4 Packages Wiki Activity Actions

Fix issues and optimize auth voter and entities #194

Browse source
This commit is contained in:
Kendrick Chan 2019-06-05 16:37:37 +08:00
parent 1d93d9f577
commit 8737fbfe26
9 changed files with 42 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
catalyst/api-bundle/Entity/Role.php
View file

@ -20,4 +20,9 @@ class Role extends BaseRole
* @ORM\ManyToMany(targetEntity="User", mappedBy="roles", fetch="EXTRA_LAZY") * @ORM\ManyToMany(targetEntity="User", mappedBy="roles", fetch="EXTRA_LAZY")
*/ */
protected $users; protected $users;
public function __construct()
{
parent::__construct();
}
} }

11
catalyst/api-bundle/Entity/User.php
View file

@ -53,23 +53,16 @@ class User extends BaseUser implements UserInterface
*/ */
protected $roles; protected $roles;
// enabled
/**
* @ORM\Column(type="boolean")
*/
protected $enabled;
public function __construct() public function __construct()
{ {
parent::__construct();
// generate keys // generate keys
$this->setAPIKey($this->generateAPIKey()) $this->setAPIKey($this->generateAPIKey())
->setSecretKey($this->generateSecretKey()); ->setSecretKey($this->generateSecretKey());
// set date created // set date created
$this->date_create = new DateTime(); $this->date_create = new DateTime();
$this->roles = new ArrayCollection();
$this->enabled = true;
} }
public function getID() public function getID()

7
catalyst/auth-bundle/Entity/Role.php
View file

@ -4,7 +4,6 @@ namespace Catalyst\AuthBundle\Entity;
use Doctrine\ORM\Mapping as ORM; use Doctrine\ORM\Mapping as ORM;
use Doctrine\Common\Collections\ArrayCollection; use Doctrine\Common\Collections\ArrayCollection;
use Symfony\Component\Validator\Constraints as Assert;
abstract class Role abstract class Role
{ {
@ -13,19 +12,18 @@ abstract class Role
/** /**
* @ORM\Id * @ORM\Id
* @ORM\Column(type="string", length=80) * @ORM\Column(type="string", length=80)
* @Assert\NotBlank()
*/ */
protected $id; protected $id;
/** /**
* @ORM\Column(type="string", length=80) * @ORM\Column(type="string", length=80)
* @Assert\NotBlank()
*/ */
protected $name; protected $name;
// annotation should be in the extending class // NOTE: annotation should be in the child class
protected $users; protected $users;
// array of permissions this role has access to
/** /**
* @ORM\Column(type="json_array") * @ORM\Column(type="json_array")
*/ */
@ -78,7 +76,6 @@ abstract class Role
return false; return false;
} }
// TODO: shift out ACL stuff to its own class
public function clearACLAttributes() public function clearACLAttributes()
{ {
$this->acl_attributes = []; $this->acl_attributes = [];

9
catalyst/auth-bundle/Entity/User.php
View file

@ -2,9 +2,17 @@
namespace Catalyst\AuthBundle\Entity; namespace Catalyst\AuthBundle\Entity;
use Doctrine\ORM\Mapping as ORM;
// base User class
abstract class User abstract class User
{ {
// NOTE: doctrine annotations for roles have to be declared on the child class
protected $roles; protected $roles;
/**
* @ORM\Column(type="boolean")
*/
protected $enabled; protected $enabled;
public function __construct() public function __construct()
@ -13,6 +21,7 @@ abstract class User
$this->enabled = true; $this->enabled = true;
} }
// array of string roles, needed by symfony
public function getRoles() public function getRoles()
{ {
$str_roles = []; $str_roles = [];

3
catalyst/auth-bundle/Service/Generator.php
View file

@ -9,8 +9,7 @@ use Symfony\Component\Config\Resource\FileResource;
use Symfony\Component\Routing\RouterInterface; use Symfony\Component\Routing\RouterInterface;
// NOTES: This class is inherited by the API Bundle and the main site // NOTE: This class is inherited by the API Bundle and the main site
abstract class Generator abstract class Generator
{ {
protected $router; protected $router;

20
catalyst/auth-bundle/Service/Voter.php
View file

@ -4,23 +4,33 @@ namespace Catalyst\AuthBundle\Service;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter as BaseVoter; use Symfony\Component\Security\Core\Authorization\Voter\Voter as BaseVoter;
use Symfony\Component\Security\Core\Security;
// NOTES: This class is inherited by the API Bundle and the main site // NOTE: This class is inherited by the API Bundle and the main site
abstract class Voter extends BaseVoter abstract class Voter extends BaseVoter
{ {
protected $acl_gen; protected $acl_gen;
protected $user_class;
protected $security;
public function __construct(Generator $acl_gen) public function __construct(Security $security, Generator $acl_gen, $user_class)
{ {
$this->acl_gen = $acl_gen; $this->acl_gen = $acl_gen;
$this->user_class = $user_class;
$this->security = $security;
} }
protected function supports($attribute, $subject) protected function supports($attribute, $subject)
{ {
$acl_data = $this->acl_gen->getACL(); // NOTE: we currently do not check for subject, we'll leave that to other voters
// check if it's using our user class
$user = $this->security->getUser();
if (!($user instanceof $this->user_class))
return false;
// check if the attribute is in our acl key index // check if the attribute is in our acl key index
$acl_data = $this->acl_gen->getACL();
if (isset($acl_data['index'][$attribute])) if (isset($acl_data['index'][$attribute]))
return true; return true;
@ -33,10 +43,8 @@ abstract class Voter extends BaseVoter
// check if any of the user's roles have access // check if any of the user's roles have access
$roles = $user->getRoleObjects(); $roles = $user->getRoleObjects();
foreach ($roles as $role) foreach ($roles as $role)
{ {
// NOTE: ideally, we separate acl from the role object, but this will do for now
if ($role->hasACLAccess($attribute)) if ($role->hasACLAccess($attribute))
return true; return true;
} }

2
config/services.yaml
View file

@ -51,6 +51,7 @@ services:
App\Access\Voter: App\Access\Voter:
arguments: arguments:
$acl_gen: "@App\\Access\\Generator" $acl_gen: "@App\\Access\\Generator"
$user_class: "App\\Entity\\User"
tags: ['security.voter'] tags: ['security.voter']
App\Service\FileUploader: App\Service\FileUploader:
@ -108,6 +109,7 @@ services:
Catalyst\APIBundle\Access\Voter: Catalyst\APIBundle\Access\Voter:
arguments: arguments:
$acl_gen: "@Catalyst\\APIBundle\\Access\\Generator" $acl_gen: "@Catalyst\\APIBundle\\Access\\Generator"
$user_class: "Catalyst\\APIBundle\\Entity\\User"
tags: ['security.voter'] tags: ['security.voter']
Catalyst\APIBundle\Access\Generator: Catalyst\APIBundle\Access\Generator:

5
src/Entity/Role.php
View file

@ -20,4 +20,9 @@ class Role extends BaseRole
* @ORM\ManyToMany(targetEntity="User", mappedBy="roles", fetch="EXTRA_LAZY") * @ORM\ManyToMany(targetEntity="User", mappedBy="roles", fetch="EXTRA_LAZY")
*/ */
protected $users; protected $users;
public function __construct()
{
parent::__construct();
}
} }

4
src/Entity/User.php
View file

@ -107,12 +107,12 @@ class User extends BaseUser implements AdvancedUserInterface, Serializable
public function __construct() public function __construct()
{ {
$this->roles = new ArrayCollection(); parent::__construct();
$this->hubs = new ArrayCollection(); $this->hubs = new ArrayCollection();
$this->job_orders_created = new ArrayCollection(); $this->job_orders_created = new ArrayCollection();
$this->job_orders_assigned = new ArrayCollection(); $this->job_orders_assigned = new ArrayCollection();
$this->tickets = new ArrayCollection(); $this->tickets = new ArrayCollection();
$this->enabled = true;
} }
public function getID() public function getID()