This repository has been archived by the owner on Sep 16, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 16
/
ResourcePathVoter.php
77 lines (63 loc) · 2.11 KB
/
ResourcePathVoter.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
<?php
/*
* This file is part of the Symfony CMF package.
*
* (c) 2011-2017 Symfony CMF
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Symfony\Cmf\Bundle\ResourceRestBundle\Security;
use Symfony\Cmf\Bundle\ResourceRestBundle\Controller\ResourceController;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
/**
* @author Wouter de Jong <wouter@wouterj.nl>
*/
class ResourcePathVoter extends Voter
{
private $accessDecisionManager;
private $accessMap;
public function __construct(AccessDecisionManagerInterface $accessDecisionManager, array $accessMap)
{
$this->accessDecisionManager = $accessDecisionManager;
$this->accessMap = $accessMap;
}
/**
* {@inheritdoc}
*/
protected function supports($attribute, $subject)
{
return in_array($attribute, [ResourceController::ROLE_RESOURCE_READ, ResourceController::ROLE_RESOURCE_WRITE])
&& is_array($subject) && isset($subject['repository_name']) && isset($subject['path']);
}
/**
* {@inheritdoc}
*/
protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
{
foreach ($this->accessMap as $rule) {
if (!$this->ruleMatches($rule, $attribute, $subject)) {
continue;
}
if ($this->accessDecisionManager->decide($token, $rule['require'])) {
return true;
}
}
return false;
}
private function ruleMatches($rule, $attribute, $subject)
{
if (!in_array($attribute, $rule['attributes'])) {
return false;
}
if (null !== $rule['repository'] && $rule['repository'] !== $subject['repository_name']) {
return false;
}
if (!preg_match('{'.$rule['pattern'].'}', $subject['path'])) {
return false;
}
return true;
}
}