From 7b6ba376673519c96eeb9caa4921b3a763aec47f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20B=C3=B6hmer?= Date: Mon, 28 Aug 2023 23:06:37 +0200 Subject: [PATCH] Allow to cache support status of voters This should increase the performance a bit --- src/Security/Voter/AttachmentVoter.php | 14 +++++++++++++- src/Security/Voter/GroupVoter.php | 10 ++++++++++ src/Security/Voter/HasAccessPermissionsVoter.php | 5 +++++ src/Security/Voter/ImpersonateUserVoter.php | 10 ++++++++++ src/Security/Voter/LabelProfileVoter.php | 10 ++++++++++ src/Security/Voter/LogEntryVoter.php | 10 ++++++++++ src/Security/Voter/OrderdetailVoter.php | 10 ++++++++++ src/Security/Voter/ParameterVoter.php | 15 ++++++++++++++- src/Security/Voter/PartLotVoter.php | 10 ++++++++++ src/Security/Voter/PartVoter.php | 10 ++++++++++ src/Security/Voter/PermissionVoter.php | 6 ++++++ src/Security/Voter/PricedetailVoter.php | 10 ++++++++++ src/Security/Voter/StructureVoter.php | 5 +++++ src/Security/Voter/UserVoter.php | 10 ++++++++++ 14 files changed, 133 insertions(+), 2 deletions(-) diff --git a/src/Security/Voter/AttachmentVoter.php b/src/Security/Voter/AttachmentVoter.php index 5750855c..54f6cc70 100644 --- a/src/Security/Voter/AttachmentVoter.php +++ b/src/Security/Voter/AttachmentVoter.php @@ -47,6 +47,8 @@ use function in_array; final class AttachmentVoter extends Voter { + private const ALLOWED_ATTRIBUTES = ['read', 'view', 'edit', 'delete', 'create', 'show_private', 'show_history']; + public function __construct(private readonly Security $security, private readonly VoterHelper $helper) { } @@ -134,10 +136,20 @@ final class AttachmentVoter extends Voter { if (is_a($subject, Attachment::class, true)) { //These are the allowed attributes - return in_array($attribute, ['read', 'view', 'edit', 'delete', 'create', 'show_private', 'show_history'], true); + return in_array($attribute, self::ALLOWED_ATTRIBUTES, true); } //Allow class name as subject return false; } + + public function supportsAttribute(string $attribute): bool + { + return in_array($attribute, self::ALLOWED_ATTRIBUTES, true); + } + + public function supportsType(string $subjectType): bool + { + return $subjectType === 'string' || is_a($subjectType, Attachment::class, true); + } } diff --git a/src/Security/Voter/GroupVoter.php b/src/Security/Voter/GroupVoter.php index ef81524f..96ae20d0 100644 --- a/src/Security/Voter/GroupVoter.php +++ b/src/Security/Voter/GroupVoter.php @@ -62,4 +62,14 @@ final class GroupVoter extends Voter return false; } + + public function supportsAttribute(string $attribute): bool + { + return $this->helper->isValidOperation('groups', $attribute); + } + + public function supportsType(string $subjectType): bool + { + return $subjectType === 'string' || is_a($subjectType, Group::class, true); + } } diff --git a/src/Security/Voter/HasAccessPermissionsVoter.php b/src/Security/Voter/HasAccessPermissionsVoter.php index 8145f7b1..16639d2f 100644 --- a/src/Security/Voter/HasAccessPermissionsVoter.php +++ b/src/Security/Voter/HasAccessPermissionsVoter.php @@ -51,4 +51,9 @@ final class HasAccessPermissionsVoter extends Voter { return $attribute === self::ROLE; } + + public function supportsAttribute(string $attribute): bool + { + return $attribute === self::ROLE; + } } \ No newline at end of file diff --git a/src/Security/Voter/ImpersonateUserVoter.php b/src/Security/Voter/ImpersonateUserVoter.php index 00751cfc..eebcfcc3 100644 --- a/src/Security/Voter/ImpersonateUserVoter.php +++ b/src/Security/Voter/ImpersonateUserVoter.php @@ -47,4 +47,14 @@ final class ImpersonateUserVoter extends Voter { return $this->helper->isGranted($token, 'users', 'impersonate'); } + + public function supportsAttribute(string $attribute): bool + { + return $attribute === 'CAN_SWITCH_USER'; + } + + public function supportsType(string $subjectType): bool + { + return is_a($subjectType, User::class, true); + } } \ No newline at end of file diff --git a/src/Security/Voter/LabelProfileVoter.php b/src/Security/Voter/LabelProfileVoter.php index 7f27d8d0..3d3f7f6f 100644 --- a/src/Security/Voter/LabelProfileVoter.php +++ b/src/Security/Voter/LabelProfileVoter.php @@ -78,4 +78,14 @@ final class LabelProfileVoter extends Voter return false; } + + public function supportsAttribute(string $attribute): bool + { + return isset(self::MAPPING[$attribute]); + } + + public function supportsType(string $subjectType): bool + { + return is_a($subjectType, LabelProfile::class, true); + } } diff --git a/src/Security/Voter/LogEntryVoter.php b/src/Security/Voter/LogEntryVoter.php index e60b66d1..6b6bbb42 100644 --- a/src/Security/Voter/LogEntryVoter.php +++ b/src/Security/Voter/LogEntryVoter.php @@ -85,4 +85,14 @@ final class LogEntryVoter extends Voter return false; } + + public function supportsAttribute(string $attribute): bool + { + return in_array($attribute, static::ALLOWED_OPS, true); + } + + public function supportsType(string $subjectType): bool + { + return is_a($subjectType, AbstractLogEntry::class, true); + } } diff --git a/src/Security/Voter/OrderdetailVoter.php b/src/Security/Voter/OrderdetailVoter.php index 625732b5..6c16cf42 100644 --- a/src/Security/Voter/OrderdetailVoter.php +++ b/src/Security/Voter/OrderdetailVoter.php @@ -90,4 +90,14 @@ final class OrderdetailVoter extends Voter return false; } + + public function supportsAttribute(string $attribute): bool + { + return in_array($attribute, self::ALLOWED_PERMS, true); + } + + public function supportsType(string $subjectType): bool + { + return $subjectType === 'string' || is_a($subjectType, Orderdetail::class, true); + } } diff --git a/src/Security/Voter/ParameterVoter.php b/src/Security/Voter/ParameterVoter.php index 96bd6060..47657055 100644 --- a/src/Security/Voter/ParameterVoter.php +++ b/src/Security/Voter/ParameterVoter.php @@ -47,6 +47,8 @@ use Symfony\Component\Security\Core\Authorization\Voter\Voter; final class ParameterVoter extends Voter { + private const ALLOWED_ATTRIBUTES = ['read', 'edit', 'delete', 'create', 'show_history', 'revert_element']; + public function __construct(private readonly Security $security, private readonly VoterHelper $helper) { } @@ -113,10 +115,21 @@ final class ParameterVoter extends Voter { if (is_a($subject, AbstractParameter::class, true)) { //These are the allowed attributes - return in_array($attribute, ['read', 'edit', 'delete', 'create', 'show_history', 'revert_element'], true); + return in_array($attribute, self::ALLOWED_ATTRIBUTES, true); } //Allow class name as subject return false; } + + public function supportsAttribute(string $attribute): bool + { + return in_array($attribute, self::ALLOWED_ATTRIBUTES, true); + } + + public function supportsType(string $subjectType): bool + { + return $subjectType === 'string' || is_a($subjectType, AbstractParameter::class, true); + } + } diff --git a/src/Security/Voter/PartLotVoter.php b/src/Security/Voter/PartLotVoter.php index 36fb230f..e4bfeddd 100644 --- a/src/Security/Voter/PartLotVoter.php +++ b/src/Security/Voter/PartLotVoter.php @@ -101,4 +101,14 @@ final class PartLotVoter extends Voter return false; } + + public function supportsAttribute(string $attribute): bool + { + return in_array($attribute, self::ALLOWED_PERMS, true); + } + + public function supportsType(string $subjectType): bool + { + return $subjectType === 'string' || is_a($subjectType, PartLot::class, true); + } } diff --git a/src/Security/Voter/PartVoter.php b/src/Security/Voter/PartVoter.php index c2c37563..88b67f8f 100644 --- a/src/Security/Voter/PartVoter.php +++ b/src/Security/Voter/PartVoter.php @@ -56,4 +56,14 @@ final class PartVoter extends Voter //Null concealing operator means, that no return $this->helper->isGranted($token, 'parts', $attribute); } + + public function supportsAttribute(string $attribute): bool + { + return $this->helper->isValidOperation('parts', $attribute); + } + + public function supportsType(string $subjectType): bool + { + return is_a($subjectType, Part::class, true); + } } diff --git a/src/Security/Voter/PermissionVoter.php b/src/Security/Voter/PermissionVoter.php index 01b34215..f6613cfc 100644 --- a/src/Security/Voter/PermissionVoter.php +++ b/src/Security/Voter/PermissionVoter.php @@ -47,6 +47,12 @@ final class PermissionVoter extends Voter return $this->helper->isGranted($token, $perm, $op); } + public function supportsAttribute(string $attribute): bool + { + //Check if the attribute has the form '@permission.operation' + return preg_match('#^@\\w+\\.\\w+$#', $attribute) === 1; + } + /** * Determines if the attribute and subject are supported by this voter. * diff --git a/src/Security/Voter/PricedetailVoter.php b/src/Security/Voter/PricedetailVoter.php index 9be5c4ed..3dc8fc41 100644 --- a/src/Security/Voter/PricedetailVoter.php +++ b/src/Security/Voter/PricedetailVoter.php @@ -87,4 +87,14 @@ final class PricedetailVoter extends Voter return false; } + + public function supportsType(string $subjectType): bool + { + return $subjectType === 'string' || is_a($subjectType, Pricedetail::class, true); + } + + public function supportsAttribute(string $attribute): bool + { + return in_array($attribute, self::ALLOWED_PERMS, true); + } } diff --git a/src/Security/Voter/StructureVoter.php b/src/Security/Voter/StructureVoter.php index 477bc28d..8f4c144f 100644 --- a/src/Security/Voter/StructureVoter.php +++ b/src/Security/Voter/StructureVoter.php @@ -76,6 +76,11 @@ final class StructureVoter extends Voter return false; } + public function supportsType(string $subjectType): bool + { + return $subjectType === 'string' || $this->instanceToPermissionName($subjectType) !== null; + } + /** * Maps an instance type to the permission name. * diff --git a/src/Security/Voter/UserVoter.php b/src/Security/Voter/UserVoter.php index f6502f6e..248e9444 100644 --- a/src/Security/Voter/UserVoter.php +++ b/src/Security/Voter/UserVoter.php @@ -60,6 +60,16 @@ final class UserVoter extends Voter return false; } + public function supportsAttribute(string $attribute): bool + { + return $this->helper->isValidOperation('users', $attribute) || $this->helper->isValidOperation('self', $attribute); + } + + public function supportsType(string $subjectType): bool + { + return $subjectType === 'string' || is_a($subjectType, User::class, true); + } + /** * Similar to voteOnAttribute, but checking for the anonymous user is already done. * The current user (or the anonymous user) is passed by $user.