rgutierrez/resq
1
0
Fork 0
Code Issues 126 Pull requests 49 Projects Releases 4 Packages Wiki Activity Actions

Add ACL access voter service

Browse source
This commit is contained in:
Kendrick Chan 2018-01-07 10:05:56 +08:00
parent b38af2e4b5
commit fbbcd89f8d
6 changed files with 67 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
config/packages/security.yaml
View file

@ -38,3 +38,6 @@ security:
# form_login: ~ # form_login: ~
# https://symfony.com/doc/current/cookbook/security/form_login_setup.html # https://symfony.com/doc/current/cookbook/security/form_login_setup.html
access_decision_manager:
strategy: unanimous

4
config/routes.yaml
View file

@ -61,3 +61,7 @@ role_delete:
test_acl: test_acl:
path: /test_acl path: /test_acl
controller: App\Controller\TestController::index controller: App\Controller\TestController::index
test_is_granted:
path: /test_is_granted
controller: App\Controller\TestController::testIsGranted

7
config/services.yaml
View file

@ -26,15 +26,18 @@ services:
# add more service definitions when explicit configuration is needed # add more service definitions when explicit configuration is needed
# please note that last definitions always *replace* previous ones # please note that last definitions always *replace* previous ones
App\Menu\Generator: App\Menu\Generator:
class: App\Menu\Generator
arguments: arguments:
$router: "@router.default" $router: "@router.default"
$cache_dir: "%kernel.cache_dir%" $cache_dir: "%kernel.cache_dir%"
$config_dir: "%kernel.root_dir%/../config" $config_dir: "%kernel.root_dir%/../config"
App\Access\Generator: App\Access\Generator:
class: App\Access\Generator
arguments: arguments:
$router: "@router.default" $router: "@router.default"
$cache_dir: "%kernel.cache_dir%" $cache_dir: "%kernel.cache_dir%"
$config_dir: "%kernel.root_dir%/../config" $config_dir: "%kernel.root_dir%/../config"
App\Access\Voter:
arguments:
$acl_gen: "@App\\Access\\Generator"
tags: ['security.voter']

44
src/Access/Voter.php Normal file
View file

@ -0,0 +1,44 @@
<?php
namespace App\Access;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter as BaseVoter;
class Voter extends BaseVoter
{
protected $acl_gen;
public function __construct(Generator $acl_gen)
{
$this->acl_gen = $acl_gen;
}
protected function supports($attribute, $subject)
{
$acl_data = $this->acl_gen->getACL();
// check if the attribute is in our acl key index
if (isset($acl_data['index'][$attribute]))
return true;
return false;
}
protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
{
$user = $token->getUser();
// check if any of the user's roles have access
$roles = $user->getRoleObjects();
foreach ($roles as $role)
{
// NOTE: ideally, we separate acl from the role object, but this will do for now
if ($role->hasACLAccess($attribute))
return true;
}
return false;
}
}

9
src/Controller/TestController.php
View file

@ -16,4 +16,13 @@ class TestController extends BaseController
return $this->render('home.html.twig', $params); return $this->render('home.html.twig', $params);
} }
public function testIsGranted()
{
$params = $this->initParameters('home');
error_log(print_r($this->isGranted('dashboard.menu'), true));
return $this->render('home.html.twig', $params);
}
} }

2
src/Menu/Generator.php
View file

@ -52,6 +52,8 @@ class Generator
$resources[] = new FileResource($path); $resources[] = new FileResource($path);
// TODO: handle routes changes as well // TODO: handle routes changes as well
// NOTE: need to figure out how to handle route changes or require
// a cache clear for every route change
// process bundle menu // process bundle menu
$this->parseMenu($path, $menu_key); $this->parseMenu($path, $menu_key);