mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-23 02:09:03 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Use anonymous user permissions, if nobody is logged in.

Browse source
This commit is contained in:
Jan Böhmer 2019-03-19 17:17:04 +01:00
parent 9d0dde3df3
commit 4d39d5cfb7
3 changed files with 108 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

22
src/Entity/User.php
View file

@ -47,6 +47,9 @@ use Symfony\Component\Validator\Constraints as Assert;
*/ */
class User extends NamedDBElement implements UserInterface, HasPermissionsInterface class User extends NamedDBElement implements UserInterface, HasPermissionsInterface
{ {
/** The User id of the anonymous user */
const ID_ANONYMOUS = 1;
/** /**
* @ORM\Id() * @ORM\Id()
* @ORM\GeneratedValue() * @ORM\GeneratedValue()
@ -128,6 +131,15 @@ class User extends NamedDBElement implements UserInterface, HasPermissionsInterf
protected $permissions; protected $permissions;
/**
* Checks if the current user, is the user which represents the not logged in (anonymous) users.
* @return bool True if this user is the anonymous user.
*/
public function isAnonymousUser() : bool
{
return $this->id === static::ID_ANONYMOUS && $this->name === 'anonymous';
}
/** /**
* A visual identifier that represents this user. * A visual identifier that represents this user.
* *
@ -216,6 +228,16 @@ class User extends NamedDBElement implements UserInterface, HasPermissionsInterf
* Getters * Getters
************************************************/ ************************************************/
public function setName(string $new_name) : NamedDBElement
{
// Anonymous user is not allowed to change its username
if(!$this->isAnonymousUser()) {
$this->name = $new_name;
}
return $this;
}
/** /**
* @return string * @return string
*/ */

83
src/Security/Voter/ExtendedVoter.php Normal file
View file

@ -0,0 +1,83 @@
<?php
/**
*
* part-db version 0.1
* Copyright (C) 2005 Christoph Lechner
* http://www.cl-projects.de/
*
* part-db version 0.2+
* Copyright (C) 2009 K. Jacobs and others (see authors.php)
* http://code.google.com/p/part-db/
*
* Part-DB Version 0.4+
* Copyright (C) 2016 - 2019 Jan Böhmer
* https://github.com/jbtronics
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*
*/
namespace App\Security\Voter;
use App\Entity\User;
use App\Services\PermissionResolver;
use Doctrine\ORM\EntityManagerInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
/**
* The purpose of this class is, to use the anonymous user from DB in the case, that nobody is logged in.
* @package App\Security\Voter
*/
abstract class ExtendedVoter extends Voter
{
/**
* @var PermissionResolver
*/
protected $resolver;
protected $entityManager;
public function __construct(PermissionResolver $resolver, EntityManagerInterface $entityManager)
{
$this->resolver = $resolver;
$this->entityManager = $entityManager;
}
final protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
{
$user = $token->getUser();
// if the user is anonymous, we use the anonymous user.
if (!$user instanceof User) {
$user = $this->entityManager->find(User::class, User::ID_ANONYMOUS);
if($user === null) {
return false;
}
}
return $this->voteOnUser($attribute, $subject, $user);
}
/**
* Similar to voteOnAttribute, but checking for the anonymous user is already done.
* The current user (or the anonymous user) is passed by $user.
* @param $attribute
* @param $subject
* @param User $user
* @return bool
*/
abstract protected function voteOnUser($attribute, $subject, User $user) : bool;
}

17
src/Security/Voter/PartVoter.php
View file

@ -18,16 +18,10 @@ use Symfony\Component\Security\Core\User\UserInterface;
* *
* @package App\Security\Voter * @package App\Security\Voter
*/ */
class PartVoter extends Voter class PartVoter extends ExtendedVoter
{ {
const READ = "read"; const READ = "read";
protected $resolver;
public function __construct(PermissionResolver $resolver)
{
$this->resolver = $resolver;
}
protected function supports($attribute, $subject) protected function supports($attribute, $subject)
{ {
@ -43,14 +37,9 @@ class PartVoter extends Voter
return false; return false;
} }
protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
{
$user = $token->getUser();
// if the user is anonymous, do not grant access
if (!$user instanceof User) {
return false;
}
protected function voteOnUser($attribute, $subject, User $user): bool
{
if($subject instanceof Part) { if($subject instanceof Part) {
//Null concealing operator means, that no //Null concealing operator means, that no
return $this->resolver->inherit($user, 'parts', $attribute) ?? false; return $this->resolver->inherit($user, 'parts', $attribute) ?? false;