From fbbcd89f8d2e7a524c12355dd68eb175e2eeb031 Mon Sep 17 00:00:00 2001 From: Kendrick Chan Date: Sun, 7 Jan 2018 10:05:56 +0800 Subject: [PATCH] Add ACL access voter service --- config/packages/security.yaml | 3 +++ config/routes.yaml | 4 +++ config/services.yaml | 7 +++-- src/Access/Voter.php | 44 +++++++++++++++++++++++++++++++ src/Controller/TestController.php | 9 +++++++ src/Menu/Generator.php | 2 ++ 6 files changed, 67 insertions(+), 2 deletions(-) create mode 100644 src/Access/Voter.php diff --git a/config/packages/security.yaml b/config/packages/security.yaml index b76941e6..e2ee49a9 100644 --- a/config/packages/security.yaml +++ b/config/packages/security.yaml @@ -38,3 +38,6 @@ security: # form_login: ~ # https://symfony.com/doc/current/cookbook/security/form_login_setup.html + + access_decision_manager: + strategy: unanimous diff --git a/config/routes.yaml b/config/routes.yaml index 8ec676af..5fd332f7 100644 --- a/config/routes.yaml +++ b/config/routes.yaml @@ -61,3 +61,7 @@ role_delete: test_acl: path: /test_acl controller: App\Controller\TestController::index + +test_is_granted: + path: /test_is_granted + controller: App\Controller\TestController::testIsGranted diff --git a/config/services.yaml b/config/services.yaml index 6d6cf31a..b2fb58f4 100644 --- a/config/services.yaml +++ b/config/services.yaml @@ -26,15 +26,18 @@ services: # add more service definitions when explicit configuration is needed # please note that last definitions always *replace* previous ones App\Menu\Generator: - class: App\Menu\Generator arguments: $router: "@router.default" $cache_dir: "%kernel.cache_dir%" $config_dir: "%kernel.root_dir%/../config" App\Access\Generator: - class: App\Access\Generator arguments: $router: "@router.default" $cache_dir: "%kernel.cache_dir%" $config_dir: "%kernel.root_dir%/../config" + + App\Access\Voter: + arguments: + $acl_gen: "@App\\Access\\Generator" + tags: ['security.voter'] diff --git a/src/Access/Voter.php b/src/Access/Voter.php new file mode 100644 index 00000000..b61ea968 --- /dev/null +++ b/src/Access/Voter.php @@ -0,0 +1,44 @@ +acl_gen = $acl_gen; + } + + protected function supports($attribute, $subject) + { + $acl_data = $this->acl_gen->getACL(); + + // check if the attribute is in our acl key index + if (isset($acl_data['index'][$attribute])) + return true; + + return false; + } + + protected function voteOnAttribute($attribute, $subject, TokenInterface $token) + { + $user = $token->getUser(); + + // check if any of the user's roles have access + $roles = $user->getRoleObjects(); + + foreach ($roles as $role) + { + // NOTE: ideally, we separate acl from the role object, but this will do for now + if ($role->hasACLAccess($attribute)) + return true; + } + + return false; + } +} diff --git a/src/Controller/TestController.php b/src/Controller/TestController.php index 04eb7c11..b195035a 100644 --- a/src/Controller/TestController.php +++ b/src/Controller/TestController.php @@ -16,4 +16,13 @@ class TestController extends BaseController return $this->render('home.html.twig', $params); } + + public function testIsGranted() + { + $params = $this->initParameters('home'); + + error_log(print_r($this->isGranted('dashboard.menu'), true)); + + return $this->render('home.html.twig', $params); + } } diff --git a/src/Menu/Generator.php b/src/Menu/Generator.php index 17e4d121..0e3a2707 100644 --- a/src/Menu/Generator.php +++ b/src/Menu/Generator.php @@ -52,6 +52,8 @@ class Generator $resources[] = new FileResource($path); // TODO: handle routes changes as well + // NOTE: need to figure out how to handle route changes or require + // a cache clear for every route change // process bundle menu $this->parseMenu($path, $menu_key);