45 lines
1.1 KiB
PHP
45 lines
1.1 KiB
PHP
<?php
|
|
|
|
namespace Catalyst\APIBundle\Access;
|
|
|
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
|
use Symfony\Component\Security\Core\Authorization\Voter\Voter as BaseVoter;
|
|
|
|
class Voter extends BaseVoter
|
|
{
|
|
protected $acl_gen;
|
|
|
|
public function __construct(Generator $acl_gen)
|
|
{
|
|
$this->acl_gen = $acl_gen;
|
|
}
|
|
|
|
protected function supports($attribute, $subject)
|
|
{
|
|
$acl_data = $this->acl_gen->getACL();
|
|
|
|
// check if the attribute is in our acl key index
|
|
if (isset($acl_data['index'][$attribute]))
|
|
return true;
|
|
|
|
return false;
|
|
}
|
|
|
|
protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
|
|
{
|
|
$user = $token->getUser();
|
|
|
|
// check if any of the user's roles have access
|
|
$roles = $user->getRoleObjects();
|
|
|
|
foreach ($roles as $role)
|
|
{
|
|
// NOTE: ideally, we separate acl from the role object, but this will do for now
|
|
if ($role->hasACLAccess($attribute))
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
}
|
|
|