Added a simple Voter for checking, if a user is allowed, to view/edit/create a part.

2025-06-25 11:18:51 +02:00 · 2019-03-18 19:05:41 +01:00 · 2019-03-18 19:05:41 +01:00 · 01e1f27b68
commit 01e1f27b68
parent ab3f5db174
10 changed files with 750 additions and 4 deletions
--- a/src/Security/Interfaces/HasPermissionsInterface.php
+++ b/src/Security/Interfaces/HasPermissionsInterface.php
@ -0,0 +1,40 @@
+<?php
+/**
+ *
+ * part-db version 0.1
+ * Copyright (C) 2005 Christoph Lechner
+ * http://www.cl-projects.de/
+ *
+ * part-db version 0.2+
+ * Copyright (C) 2009 K. Jacobs and others (see authors.php)
+ * http://code.google.com/p/part-db/
+ *
+ * Part-DB Version 0.4+
+ * Copyright (C) 2016 - 2019 Jan Böhmer
+ * https://github.com/jbtronics
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
+ *
+ */
+
+namespace App\Security\Interfaces;
+
+
+use App\Entity\PermissionsEmbed;
+
+interface HasPermissionsInterface
+{
+    public function getPermissions() : PermissionsEmbed;
+}
--- a/src/Security/Voter/PartVoter.php
+++ b/src/Security/Voter/PartVoter.php
@ -0,0 +1,62 @@
+<?php
+
+namespace App\Security\Voter;
+
+use App\Configuration\PermissionsConfiguration;
+use App\Entity\Part;
+use App\Entity\User;
+use App\Services\PermissionResolver;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\Voter;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+
+/**
+ * A Voter that votes on Part entities.
+ *
+ * See parts permissions for valid operations.
+ *
+ * @package App\Security\Voter
+ */
+class PartVoter extends Voter
+{
+    const READ = "read";
+
+    protected $resolver;
+
+    public function __construct(PermissionResolver $resolver)
+    {
+        $this->resolver = $resolver;
+    }
+
+    protected function supports($attribute, $subject)
+    {
+        // replace with your own logic
+        // https://symfony.com/doc/current/security/voters.html
+        //return ($subject instanceof Part || in_array($subject, ['PERM_parts', 'PERM_parts_name']));
+
+        if ($subject instanceof Part)
+        {
+           return in_array($attribute, $this->resolver->listOperationsForPermission('parts'), false);
+        }
+
+        return false;
+    }
+
+    protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
+    {
+        $user = $token->getUser();
+        // if the user is anonymous, do not grant access
+        if (!$user instanceof User) {
+            return false;
+        }
+
+        if($subject instanceof Part) {
+            //Null concealing operator means, that no
+            return $this->resolver->inherit($user, 'parts', $attribute) ?? false;
+        }
+
+        //Deny access by default.
+        return false;
+    }
+}