54 lines
1.4 KiB
PHP
54 lines
1.4 KiB
PHP
<?php
|
|
|
|
namespace Catalyst\AuthBundle\Service;
|
|
|
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
|
use Symfony\Component\Security\Core\Authorization\Voter\Voter as BaseVoter;
|
|
use Symfony\Component\Security\Core\Security;
|
|
|
|
class Voter extends BaseVoter
|
|
{
|
|
protected $acl_gen;
|
|
protected $user_class;
|
|
protected $security;
|
|
|
|
public function __construct(Security $security, Generator $acl_gen, $user_class)
|
|
{
|
|
$this->acl_gen = $acl_gen;
|
|
$this->user_class = $user_class;
|
|
$this->security = $security;
|
|
}
|
|
|
|
protected function supports($attribute, $subject)
|
|
{
|
|
// NOTE: we currently do not check for subject, we'll leave that to other voters
|
|
|
|
// check if it's using our user class
|
|
$user = $this->security->getUser();
|
|
if (!($user instanceof $this->user_class))
|
|
return false;
|
|
|
|
// check if the attribute is in our acl key index
|
|
$acl_data = $this->acl_gen->getACL();
|
|
if (isset($acl_data['index'][$attribute]))
|
|
return true;
|
|
|
|
return false;
|
|
}
|
|
|
|
protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
|
|
{
|
|
$user = $token->getUser();
|
|
|
|
// check if any of the user's roles have access
|
|
$roles = $user->getRoleObjects();
|
|
foreach ($roles as $role)
|
|
{
|
|
if ($role->hasACLAccess($attribute))
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
}
|
|
|