mirror of
https://github.com/Part-DB/Part-DB-server.git
synced 2025-06-28 04:30:08 +02:00
Added basic logic for impersonation
This commit is contained in:
Jan Böhmer
parent
15e072a2ff
commit
d20153c569
7 changed files with 163 additions and 27 deletions
60
src/Security/Voter/ImpersonateUserVoter.php
Normal file
60
src/Security/Voter/ImpersonateUserVoter.php
Normal file
|
|
@ -0,0 +1,60 @@
|
|||
<?php
|
||||
/*
|
||||
* This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
|
||||
*
|
||||
* Copyright (C) 2019 - 2023 Jan Böhmer (https://github.com/jbtronics)
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as published
|
||||
* by the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
|
||||
namespace App\Security\Voter;
|
||||
|
||||
use App\Entity\UserSystem\User;
|
||||
use App\Services\UserSystem\PermissionManager;
|
||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
|
||||
use Symfony\Component\Security\Core\User\UserInterface;
|
||||
|
||||
class ImpersonateUserVoter extends Voter
|
||||
{
|
||||
|
||||
public function __construct(private PermissionManager $permissionManager)
|
||||
{
|
||||
}
|
||||
|
||||
protected function supports(string $attribute, mixed $subject): bool
|
||||
{
|
||||
return $attribute == 'CAN_SWITCH_USER'
|
||||
&& $subject instanceof UserInterface;
|
||||
}
|
||||
|
||||
protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool
|
||||
{
|
||||
$user = $token->getUser();
|
||||
|
||||
if (!$user instanceof User || !$subject instanceof UserInterface) {
|
||||
return false;
|
||||
}
|
||||
|
||||
//An disabled user is not allowed to do anything...
|
||||
if ($user->isDisabled()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return $this->permissionManager->inherit($user, 'users', 'impersonate') ?? false;
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue