Use anonymous user permissions, if nobody is logged in.

2025-06-21 01:25:55 +02:00 · 2019-03-19 17:17:04 +01:00 · 2019-03-19 17:17:04 +01:00 · 4d39d5cfb7
commit 4d39d5cfb7
parent 9d0dde3df3
3 changed files with 108 additions and 14 deletions
--- a/src/Entity/User.php
+++ b/src/Entity/User.php
@ -47,6 +47,9 @@ use Symfony\Component\Validator\Constraints as Assert;
 */
 class User extends NamedDBElement implements UserInterface, HasPermissionsInterface
 {
+    /** The User id of the anonymous user */
+    const ID_ANONYMOUS      = 1;
+
    /**
     * @ORM\Id()
     * @ORM\GeneratedValue()
@ -128,6 +131,15 @@ class User extends NamedDBElement implements UserInterface, HasPermissionsInterf
    protected $permissions;


+    /**
+     * Checks if the current user, is the user which represents the not logged in (anonymous) users.
+     * @return bool True if this user is the anonymous user.
+     */
+    public function isAnonymousUser() : bool
+    {
+        return $this->id === static::ID_ANONYMOUS && $this->name === 'anonymous';
+    }
+
    /**
     * A visual identifier that represents this user.
     *
@ -216,6 +228,16 @@ class User extends NamedDBElement implements UserInterface, HasPermissionsInterf
     * Getters
     ************************************************/

+    public function setName(string $new_name) : NamedDBElement
+    {
+        // Anonymous user is not allowed to change its username
+        if(!$this->isAnonymousUser()) {
+            $this->name = $new_name;
+        }
+
+        return $this;
+    }
+
    /**
     * @return string
     */
--- a/src/Security/Voter/ExtendedVoter.php
+++ b/src/Security/Voter/ExtendedVoter.php
@ -0,0 +1,83 @@
+<?php
+/**
+ *
+ * part-db version 0.1
+ * Copyright (C) 2005 Christoph Lechner
+ * http://www.cl-projects.de/
+ *
+ * part-db version 0.2+
+ * Copyright (C) 2009 K. Jacobs and others (see authors.php)
+ * http://code.google.com/p/part-db/
+ *
+ * Part-DB Version 0.4+
+ * Copyright (C) 2016 - 2019 Jan Böhmer
+ * https://github.com/jbtronics
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
+ *
+ */
+
+namespace App\Security\Voter;
+
+
+use App\Entity\User;
+use App\Services\PermissionResolver;
+use Doctrine\ORM\EntityManagerInterface;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\Voter;
+
+/**
+ * The purpose of this class is, to use the anonymous user from DB in the case, that nobody is logged in.
+ * @package App\Security\Voter
+ */
+abstract class ExtendedVoter extends Voter
+{
+    /**
+     * @var PermissionResolver
+     */
+    protected $resolver;
+
+    protected $entityManager;
+
+    public function __construct(PermissionResolver $resolver, EntityManagerInterface $entityManager)
+    {
+        $this->resolver = $resolver;
+        $this->entityManager = $entityManager;
+    }
+
+    final protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
+    {
+        $user = $token->getUser();
+        // if the user is anonymous, we use the anonymous user.
+        if (!$user instanceof User) {
+            $user = $this->entityManager->find(User::class, User::ID_ANONYMOUS);
+            if($user === null) {
+                return false;
+            }
+        }
+
+        return $this->voteOnUser($attribute, $subject, $user);
+    }
+
+    /**
+     * Similar to voteOnAttribute, but checking for the anonymous user is already done.
+     * The current user (or the anonymous user) is passed by $user.
+     * @param $attribute
+     * @param $subject
+     * @param User $user
+     * @return bool
+     */
+    abstract protected function voteOnUser($attribute, $subject, User $user) : bool;
+}
--- a/src/Security/Voter/PartVoter.php
+++ b/src/Security/Voter/PartVoter.php
@ -18,16 +18,10 @@ use Symfony\Component\Security\Core\User\UserInterface;
 *
 * @package App\Security\Voter
 */
-class PartVoter extends Voter
+class PartVoter extends ExtendedVoter
 {
    const READ = "read";

-    protected $resolver;
-
-    public function __construct(PermissionResolver $resolver)
-    {
-        $this->resolver = $resolver;
-    }

    protected function supports($attribute, $subject)
    {
@ -43,14 +37,9 @@ class PartVoter extends Voter
        return false;
    }

-    protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
-    {
-        $user = $token->getUser();
-        // if the user is anonymous, do not grant access
-        if (!$user instanceof User) {
-            return false;
-        }

+    protected function voteOnUser($attribute, $subject, User $user): bool
+    {
        if($subject instanceof Part) {
            //Null concealing operator means, that no
            return $this->resolver->inherit($user, 'parts', $attribute) ?? false;