rgutierrez/resq
1
0
Fork 0
Code Issues 126 Pull requests 49 Projects Releases 4 Packages Wiki Activity Actions

Fix issues and optimize auth voter and entities #194

Browse source
This commit is contained in:
Kendrick Chan 2019-06-05 16:37:37 +08:00
parent 1d93d9f577
commit 8737fbfe26
9 changed files with 42 additions and 24 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
catalyst/api-bundle/Entity/Role.php
View file

@ -20,4 +20,9 @@ class Role extends BaseRole
* @ORM\ManyToMany(targetEntity="User", mappedBy="roles", fetch="EXTRA_LAZY")
*/
protected $users;
public function __construct()
{
parent::__construct();
}
}

11
catalyst/api-bundle/Entity/User.php
View file

@ -53,23 +53,16 @@ class User extends BaseUser implements UserInterface
*/
protected $roles;
// enabled
/**
* @ORM\Column(type="boolean")
*/
protected $enabled;
public function __construct()
{
parent::__construct();
// generate keys
$this->setAPIKey($this->generateAPIKey())
->setSecretKey($this->generateSecretKey());
// set date created
$this->date_create = new DateTime();
$this->roles = new ArrayCollection();
$this->enabled = true;
}
public function getID()

7
catalyst/auth-bundle/Entity/Role.php
View file

@ -4,7 +4,6 @@ namespace Catalyst\AuthBundle\Entity;
use Doctrine\ORM\Mapping as ORM;
use Doctrine\Common\Collections\ArrayCollection;
use Symfony\Component\Validator\Constraints as Assert;
abstract class Role
{
@ -13,19 +12,18 @@ abstract class Role
/**
* @ORM\Id
* @ORM\Column(type="string", length=80)
* @Assert\NotBlank()
*/
protected $id;
/**
* @ORM\Column(type="string", length=80)
* @Assert\NotBlank()
*/
protected $name;
// annotation should be in the extending class
// NOTE: annotation should be in the child class
protected $users;
// array of permissions this role has access to
/**
* @ORM\Column(type="json_array")
*/
@ -78,7 +76,6 @@ abstract class Role
return false;
}
// TODO: shift out ACL stuff to its own class
public function clearACLAttributes()
{
$this->acl_attributes = [];

9
catalyst/auth-bundle/Entity/User.php
View file

@ -2,9 +2,17 @@
namespace Catalyst\AuthBundle\Entity;
use Doctrine\ORM\Mapping as ORM;
// base User class
abstract class User
{
// NOTE: doctrine annotations for roles have to be declared on the child class
protected $roles;
/**
* @ORM\Column(type="boolean")
*/
protected $enabled;
public function __construct()
@ -13,6 +21,7 @@ abstract class User
$this->enabled = true;
}
// array of string roles, needed by symfony
public function getRoles()
{
$str_roles = [];

3
catalyst/auth-bundle/Service/Generator.php
View file

@ -9,8 +9,7 @@ use Symfony\Component\Config\Resource\FileResource;
use Symfony\Component\Routing\RouterInterface;
// NOTES: This class is inherited by the API Bundle and the main site
// NOTE: This class is inherited by the API Bundle and the main site
abstract class Generator
{
protected $router;

20
catalyst/auth-bundle/Service/Voter.php
View file

@ -4,23 +4,33 @@ namespace Catalyst\AuthBundle\Service;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter as BaseVoter;
use Symfony\Component\Security\Core\Security;
// NOTES: This class is inherited by the API Bundle and the main site
// NOTE: This class is inherited by the API Bundle and the main site
abstract class Voter extends BaseVoter
{
protected $acl_gen;
protected $user_class;
protected $security;
public function __construct(Generator $acl_gen)
public function __construct(Security $security, Generator $acl_gen, $user_class)
{
$this->acl_gen = $acl_gen;
$this->user_class = $user_class;
$this->security = $security;
}
protected function supports($attribute, $subject)
{
$acl_data = $this->acl_gen->getACL();
// NOTE: we currently do not check for subject, we'll leave that to other voters
// check if it's using our user class
$user = $this->security->getUser();
if (!($user instanceof $this->user_class))
return false;
// check if the attribute is in our acl key index
$acl_data = $this->acl_gen->getACL();
if (isset($acl_data['index'][$attribute]))
return true;
@ -33,10 +43,8 @@ abstract class Voter extends BaseVoter
// check if any of the user's roles have access
$roles = $user->getRoleObjects();
foreach ($roles as $role)
{
// NOTE: ideally, we separate acl from the role object, but this will do for now
if ($role->hasACLAccess($attribute))
return true;
}

2
config/services.yaml
View file

@ -51,6 +51,7 @@ services:
App\Access\Voter:
arguments:
$acl_gen: "@App\\Access\\Generator"
$user_class: "App\\Entity\\User"
tags: ['security.voter']
App\Service\FileUploader:
@ -108,6 +109,7 @@ services:
Catalyst\APIBundle\Access\Voter:
arguments:
$acl_gen: "@Catalyst\\APIBundle\\Access\\Generator"
$user_class: "Catalyst\\APIBundle\\Entity\\User"
tags: ['security.voter']
Catalyst\APIBundle\Access\Generator:

5
src/Entity/Role.php
View file

@ -20,4 +20,9 @@ class Role extends BaseRole
* @ORM\ManyToMany(targetEntity="User", mappedBy="roles", fetch="EXTRA_LAZY")
*/
protected $users;
public function __construct()
{
parent::__construct();
}
}

4
src/Entity/User.php
View file

@ -107,12 +107,12 @@ class User extends BaseUser implements AdvancedUserInterface, Serializable
public function __construct()
{
$this->roles = new ArrayCollection();
parent::__construct();
$this->hubs = new ArrayCollection();
$this->job_orders_created = new ArrayCollection();
$this->job_orders_assigned = new ArrayCollection();
$this->tickets = new ArrayCollection();
$this->enabled = true;
}
public function getID()