-
Notifications
You must be signed in to change notification settings - Fork 13
/
SecurityParticipant.php
97 lines (83 loc) · 2.59 KB
/
SecurityParticipant.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
<?php
/*
* Copyright (c) 2015 KUBO Atsuhiro <kubo@iteman.jp>,
* All rights reserved.
*
* This file is part of PHPMentorsWorkflowerBundle.
*
* This program and the accompanying materials are made available under
* the terms of the BSD 2-Clause License which accompanies this
* distribution, and is available at http://opensource.org/licenses/BSD-2-Clause
*/
namespace PHPMentors\WorkflowerBundle\Workflow\Participant;
use PHPMentors\Workflower\Workflow\Participant\ParticipantInterface;
use PHPMentors\Workflower\Workflow\Resource\ResourceInterface;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Symfony\Component\Security\Core\Authorization\Voter\RoleHierarchyVoter;
use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
use Symfony\Component\Security\Core\User\UserInterface;
class SecurityParticipant implements ParticipantInterface
{
/**
* @var RoleHierarchyVoter
*/
private $roleHierarchyVoter;
/**
* @var TokenStorageInterface
*/
private $tokenStorage;
/**
* @var ResourceInterface
*/
private $user;
/**
* @param RoleHierarchyVoter $roleHierarchyVoter
* @param TokenStorageInterface $tokenStorage
*/
public function __construct(RoleHierarchyVoter $roleHierarchyVoter, TokenStorageInterface $tokenStorage)
{
$this->roleHierarchyVoter = $roleHierarchyVoter;
$this->tokenStorage = $tokenStorage;
}
/**
* {@inheritDoc}
*/
public function hasRole($role)
{
assert($this->tokenStorage->getToken() !== null);
$result = $this->roleHierarchyVoter->vote($this->tokenStorage->getToken(), $this->getResource(), array($role));
if ($result == VoterInterface::ACCESS_ABSTAIN) {
throw new ParticipantException(sprintf('Checking whether the participant has role "%s" cannot be decided for some reason.', $role));
}
return $result == VoterInterface::ACCESS_GRANTED;
}
/**
* {@inheritDoc}
*/
public function setResource(ResourceInterface $resource)
{
assert($resource instanceof UserInterface);
$this->user = $resource;
}
/**
* {@inheritDoc}
*/
public function getResource()
{
return $this->user === null ? $this->tokenStorage->getToken()->getUser() : $this->user;
}
/**
* {@inheritDoc}
*/
public function getId()
{
return $this->getResource()->getId();
}
/**
* {@inheritDoc}
*/
public function getName()
{
return $this->getResource()->getName();
}
}