useEqutableInterface if possible

KnpLabs · Mar 13, 2013 · 4d1afd6 · 4d1afd6
1 parent 950412f
commit 4d1afd6
Show file tree

Hide file tree

Showing 2 changed files with 83 additions and 1 deletion.
diff --git a/Security/Voter/IsOwnerVoter.php b/Security/Voter/IsOwnerVoter.php
@@ -4,7 +4,10 @@
 
 use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\User\EquatableInterface;
 use Knp\RadBundle\Security\OwnerInterface;
+use Knp\RadBundle\Security\OwnableInterface;
+use Symfony\Component\Security\Core\User\UserInterface;
 
 class IsOwnerVoter implements VoterInterface
 {
@@ -41,7 +44,7 @@ public function vote(TokenInterface $token, $object, array $attributes)
                 return self::ACCESS_ABSTAIN;
             }
 
-            if ($object->getOwner() === $token->getUser()) {
+            if ($this->isOwner($token->getUser(), $object)) {
                 return self::ACCESS_GRANTED;
             }
 
@@ -50,4 +53,13 @@ public function vote(TokenInterface $token, $object, array $attributes)
 
         return self::ACCESS_ABSTAIN;
     }
+
+    private function isOwner(OwnerInterface $owner, OwnableInterface $ownable)
+    {
+        if ($ownable->getOwner() instanceof UserInterface && $owner instanceof EquatableInterface) {
+            return $owner->isEqualTo($ownable->getOwner());
+        }
+
+        return $ownable->getOwner() === $owner;
+    }
 }
diff --git a/spec/Security/Voter/IsOwnerVoter.php b/spec/Security/Voter/IsOwnerVoter.php
@@ -80,4 +80,74 @@ function it_should_abstain_to_vote_for_unkown_attribute($token, $user, $object)
         $object->getOwner()->willReturn($user);
         $this->vote($token, $object, array('IS_TEST'))->shouldReturn(VoterInterface::ACCESS_ABSTAIN);
     }
+
+    /**
+     * @param Knp\RadBundle\Security\OwnableInterface $object
+     * @param Symfony\Component\Security\Core\User\UserInterface $equatableUser
+     * @param Knp\RadBundle\Security\OwnerInterface,Symfony\Component\Security\Core\User\EquatableInterface $user
+     **/
+    function it_should_vote_yes_for_equal_owners($token, $user, $object, $equatableUser)
+    {
+        $token->getUser()->willReturn($user);
+        $object->getOwner()->willReturn($equatableUser);
+        $user->isEqualTo($equatableUser->getWrappedSubject())->willReturn(true);
+
+        $this->vote($token, $object, array('IS_OWNER'))->shouldReturn(VoterInterface::ACCESS_GRANTED);
+    }
+
+    /**
+     * @param Knp\RadBundle\Security\OwnableInterface $object
+     * @param Symfony\Component\Security\Core\User\UserInterface $equatableUser
+     * @param Knp\RadBundle\Security\OwnerInterface,Symfony\Component\Security\Core\User\EquatableInterface $user
+     **/
+    function it_should_vote_no_for_non_equal_owners($token, $user, $object, $equatableUser)
+    {
+        $token->getUser()->willReturn($user);
+        $object->getOwner()->willReturn($equatableUser);
+        $user->isEqualTo($equatableUser->getWrappedSubject())->willReturn(false);
+
+        $this->vote($token, $object, array('IS_OWNER'))->shouldReturn(VoterInterface::ACCESS_DENIED);
+    }
+
+    /**
+     * @param Knp\RadBundle\Security\OwnableInterface $object
+     * @param Symfony\Component\Security\Core\User\UserInterface $equatableUser
+     * @param Knp\RadBundle\Security\OwnerInterface,Symfony\Component\Security\Core\User\EquatableInterface $user
+     **/
+    function it_should_use_isEqualTo_if_possible($token, $user, $object, $equatableUser)
+    {
+        $token->getUser()->willReturn($user);
+        $object->getOwner()->willReturn($equatableUser);
+        $user->isEqualTo($equatableUser->getWrappedSubject())->shouldBeCalled();
+
+        $this->vote($token, $object, array('IS_OWNER'))->shouldReturn(VoterInterface::ACCESS_DENIED);
+    }
+
+    /**
+     * @param Knp\RadBundle\Security\OwnableInterface $object
+     * @param Knp\RadBundle\Security\OwnerInterface $nonEquatableUser
+     * @param Knp\RadBundle\Security\OwnerInterface,Symfony\Component\Security\Core\User\EquatableInterface $user
+     **/
+    function it_should_not_use_isEqualTo_if_no_UserInterface($token, $user, $object, $nonEquatableUser)
+    {
+        $token->getUser()->willReturn($user);
+        $object->getOwner()->willReturn($nonEquatableUser);
+        $user->isEqualTo($nonEquatableUser)->shouldNotBeCalled();
+
+        $this->vote($token, $object, array('IS_OWNER'))->shouldReturn(VoterInterface::ACCESS_DENIED);
+    }
+
+    /**
+     * @param Knp\RadBundle\Security\OwnableInterface $object
+     * @param Symfony\Component\Security\Core\User\UserInterface $equatableUser
+     * @param Knp\RadBundle\Security\OwnerInterface $user
+     **/
+    function it_should_not_use_isEqualTo_if_no_EquatableInterface($token, $user, $object, $equatableUser)
+    {
+        $token->getUser()->willReturn($user);
+        $object->getOwner()->willReturn($equatableUser);
+        $user->isEqualTo($equatableUser)->shouldNotBeCalled();
+
+        $this->vote($token, $object, array('IS_OWNER'))->shouldReturn(VoterInterface::ACCESS_DENIED);
+    }
 }