Add ACL access voter service

2018-01-07 10:05:56 +08:00 · 2018-01-07 10:05:56 +08:00 · fbbcd89f8d
commit fbbcd89f8d
parent b38af2e4b5
6 changed files with 67 additions and 2 deletions
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@ -38,3 +38,6 @@ security:

            # form_login: ~
            # https://symfony.com/doc/current/cookbook/security/form_login_setup.html
+
+    access_decision_manager:
+        strategy: unanimous
--- a/config/routes.yaml
+++ b/config/routes.yaml
@ -61,3 +61,7 @@ role_delete:
 test_acl:
    path: /test_acl
    controller: App\Controller\TestController::index
+
+test_is_granted:
+    path: /test_is_granted
+    controller: App\Controller\TestController::testIsGranted
--- a/config/services.yaml
+++ b/config/services.yaml
@ -26,15 +26,18 @@ services:
    # add more service definitions when explicit configuration is needed
    # please note that last definitions always *replace* previous ones
    App\Menu\Generator:
-        class: App\Menu\Generator
        arguments:
            $router: "@router.default"
            $cache_dir: "%kernel.cache_dir%"
            $config_dir: "%kernel.root_dir%/../config"

    App\Access\Generator:
-        class: App\Access\Generator
        arguments:
            $router: "@router.default"
            $cache_dir: "%kernel.cache_dir%"
            $config_dir: "%kernel.root_dir%/../config"
+
+    App\Access\Voter:
+        arguments:
+            $acl_gen: "@App\\Access\\Generator"
+        tags: ['security.voter']
--- a/src/Access/Voter.php
+++ b/src/Access/Voter.php
@ -0,0 +1,44 @@
+<?php
+
+namespace App\Access;
+
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\Voter as BaseVoter;
+
+class Voter extends BaseVoter
+{
+    protected $acl_gen;
+
+    public function __construct(Generator $acl_gen)
+    {
+        $this->acl_gen = $acl_gen;
+    }
+
+    protected function supports($attribute, $subject)
+    {
+        $acl_data = $this->acl_gen->getACL();
+
+        // check if the attribute is in our acl key index
+        if (isset($acl_data['index'][$attribute]))
+            return true;
+
+        return false;
+    }
+
+    protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
+    {
+        $user = $token->getUser();
+
+        // check if any of the user's roles have access
+        $roles = $user->getRoleObjects();
+
+        foreach ($roles as $role)
+        {
+            // NOTE: ideally, we separate acl from the role object, but this will do for now
+            if ($role->hasACLAccess($attribute))
+                return true;
+        }
+
+        return false;
+    }
+}
--- a/src/Controller/TestController.php
+++ b/src/Controller/TestController.php
@ -16,4 +16,13 @@ class TestController extends BaseController

        return $this->render('home.html.twig', $params);
    }
+
+    public function testIsGranted()
+    {
+        $params = $this->initParameters('home');
+
+        error_log(print_r($this->isGranted('dashboard.menu'), true));
+
+        return $this->render('home.html.twig', $params);
+    }
 }
--- a/src/Menu/Generator.php
+++ b/src/Menu/Generator.php
@ -52,6 +52,8 @@ class Generator
                $resources[] = new FileResource($path);

                // TODO: handle routes changes as well
+                // NOTE: need to figure out how to handle route changes or require
+                //       a cache clear for every route change

                // process bundle menu
                $this->parseMenu($path, $menu_key);