mirror of
https://github.com/wallabag/wallabag.git
synced 2025-09-15 18:57:05 +00:00
Use IsGranted in SiteCredentialController
This commit is contained in:
Yassine Guedidi
parent
96cb024cf5
commit
247894209c
8 changed files with 158 additions and 28 deletions
|
|
@ -4,6 +4,7 @@ namespace Wallabag\Controller;
|
|||
|
||||
use Craue\ConfigBundle\Util\Config;
|
||||
use Doctrine\ORM\EntityManagerInterface;
|
||||
use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
|
||||
use Symfony\Component\Form\Form;
|
||||
use Symfony\Component\Form\FormInterface;
|
||||
use Symfony\Component\HttpFoundation\RedirectResponse;
|
||||
|
|
@ -41,6 +42,7 @@ class SiteCredentialController extends AbstractController
|
|||
* Lists all User entities.
|
||||
*
|
||||
* @Route("/", name="site_credentials_index", methods={"GET"})
|
||||
* @IsGranted("LIST_SITE_CREDENTIALS")
|
||||
*/
|
||||
public function indexAction(SiteCredentialRepository $repository)
|
||||
{
|
||||
|
|
@ -57,6 +59,7 @@ class SiteCredentialController extends AbstractController
|
|||
* Creates a new site credential entity.
|
||||
*
|
||||
* @Route("/new", name="site_credentials_new", methods={"GET", "POST"})
|
||||
* @IsGranted("CREATE_SITE_CREDENTIALS")
|
||||
*
|
||||
* @return Response
|
||||
*/
|
||||
|
|
@ -94,6 +97,7 @@ class SiteCredentialController extends AbstractController
|
|||
* Displays a form to edit an existing site credential entity.
|
||||
*
|
||||
* @Route("/{id}/edit", name="site_credentials_edit", methods={"GET", "POST"})
|
||||
* @IsGranted("EDIT", subject="siteCredential")
|
||||
*
|
||||
* @return Response
|
||||
*/
|
||||
|
|
@ -101,8 +105,6 @@ class SiteCredentialController extends AbstractController
|
|||
{
|
||||
$this->isSiteCredentialsEnabled();
|
||||
|
||||
$this->checkUserAction($siteCredential);
|
||||
|
||||
$deleteForm = $this->createDeleteForm($siteCredential);
|
||||
$editForm = $this->createForm(SiteCredentialType::class, $siteCredential);
|
||||
$editForm->handleRequest($request);
|
||||
|
|
@ -133,6 +135,7 @@ class SiteCredentialController extends AbstractController
|
|||
* Deletes a site credential entity.
|
||||
*
|
||||
* @Route("/{id}", name="site_credentials_delete", methods={"DELETE"})
|
||||
* @IsGranted("DELETE", subject="siteCredential")
|
||||
*
|
||||
* @return RedirectResponse
|
||||
*/
|
||||
|
|
@ -140,8 +143,6 @@ class SiteCredentialController extends AbstractController
|
|||
{
|
||||
$this->isSiteCredentialsEnabled();
|
||||
|
||||
$this->checkUserAction($siteCredential);
|
||||
|
||||
$form = $this->createDeleteForm($siteCredential);
|
||||
$form->handleRequest($request);
|
||||
|
||||
|
|
@ -183,16 +184,4 @@ class SiteCredentialController extends AbstractController
|
|||
->getForm()
|
||||
;
|
||||
}
|
||||
|
||||
/**
|
||||
* Check if the logged user can manage the given site credential.
|
||||
*
|
||||
* @param SiteCredential $siteCredential The site credential entity
|
||||
*/
|
||||
private function checkUserAction(SiteCredential $siteCredential)
|
||||
{
|
||||
if (null === $this->getUser() || $this->getUser()->getId() !== $siteCredential->getUser()->getId()) {
|
||||
throw $this->createAccessDeniedException('You can not access this site credential.');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -11,6 +11,8 @@ class MainVoter extends Voter
|
|||
public const LIST_ENTRIES = 'LIST_ENTRIES';
|
||||
public const CREATE_ENTRIES = 'CREATE_ENTRIES';
|
||||
public const EDIT_ENTRIES = 'EDIT_ENTRIES';
|
||||
public const LIST_SITE_CREDENTIALS = 'LIST_SITE_CREDENTIALS';
|
||||
public const CREATE_SITE_CREDENTIALS = 'CREATE_SITE_CREDENTIALS';
|
||||
|
||||
private Security $security;
|
||||
|
||||
|
|
@ -25,7 +27,7 @@ class MainVoter extends Voter
|
|||
return false;
|
||||
}
|
||||
|
||||
if (!\in_array($attribute, [self::LIST_ENTRIES, self::CREATE_ENTRIES, self::EDIT_ENTRIES], true)) {
|
||||
if (!\in_array($attribute, [self::LIST_ENTRIES, self::CREATE_ENTRIES, self::EDIT_ENTRIES, self::LIST_SITE_CREDENTIALS, self::CREATE_SITE_CREDENTIALS], true)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -38,6 +40,8 @@ class MainVoter extends Voter
|
|||
case self::LIST_ENTRIES:
|
||||
case self::CREATE_ENTRIES:
|
||||
case self::EDIT_ENTRIES:
|
||||
case self::LIST_SITE_CREDENTIALS:
|
||||
case self::CREATE_SITE_CREDENTIALS:
|
||||
return $this->security->isGranted('ROLE_USER');
|
||||
}
|
||||
|
||||
|
|
|
|||
46
src/Security/Voter/SiteCredentialVoter.php
Normal file
46
src/Security/Voter/SiteCredentialVoter.php
Normal file
|
|
@ -0,0 +1,46 @@
|
|||
<?php
|
||||
|
||||
namespace Wallabag\Security\Voter;
|
||||
|
||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
|
||||
use Wallabag\Entity\SiteCredential;
|
||||
use Wallabag\Entity\User;
|
||||
|
||||
class SiteCredentialVoter extends Voter
|
||||
{
|
||||
public const EDIT = 'EDIT';
|
||||
public const DELETE = 'DELETE';
|
||||
|
||||
protected function supports(string $attribute, $subject): bool
|
||||
{
|
||||
if (!$subject instanceof SiteCredential) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!\in_array($attribute, [self::EDIT, self::DELETE], true)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
|
||||
{
|
||||
\assert($subject instanceof SiteCredential);
|
||||
|
||||
$user = $token->getUser();
|
||||
|
||||
if (!$user instanceof User) {
|
||||
return false;
|
||||
}
|
||||
|
||||
switch ($attribute) {
|
||||
case self::EDIT:
|
||||
case self::DELETE:
|
||||
return $user === $subject->getUser();
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue