mirror of
https://github.com/wallabag/wallabag.git
synced 2025-08-26 18:21:02 +00:00
Use IsGranted in UserController
This commit is contained in:
Yassine Guedidi
parent
39c24ab6e2
commit
beaca32493
9 changed files with 277 additions and 21 deletions
|
|
@ -10,6 +10,7 @@ use Pagerfanta\Doctrine\ORM\QueryAdapter as DoctrineORMAdapter;
|
|||
use Pagerfanta\Exception\OutOfRangeCurrentPageException;
|
||||
use Pagerfanta\Pagerfanta;
|
||||
use Scheb\TwoFactorBundle\Security\TwoFactor\Provider\Google\GoogleAuthenticatorInterface;
|
||||
use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
|
||||
use Symfony\Component\EventDispatcher\EventDispatcherInterface;
|
||||
use Symfony\Component\Form\Form;
|
||||
use Symfony\Component\Form\FormInterface;
|
||||
|
|
@ -41,6 +42,7 @@ class UserController extends AbstractController
|
|||
* Creates a new User entity.
|
||||
*
|
||||
* @Route("/users/new", name="user_new", methods={"GET", "POST"})
|
||||
* @IsGranted("CREATE_USERS")
|
||||
*/
|
||||
public function newAction(Request $request, UserManagerInterface $userManager, EventDispatcherInterface $eventDispatcher)
|
||||
{
|
||||
|
|
@ -77,6 +79,7 @@ class UserController extends AbstractController
|
|||
* Displays a form to edit an existing User entity.
|
||||
*
|
||||
* @Route("/users/{id}/edit", name="user_edit", methods={"GET", "POST"})
|
||||
* @IsGranted("EDIT", subject="user")
|
||||
*/
|
||||
public function editAction(Request $request, User $user, UserManagerInterface $userManager, GoogleAuthenticatorInterface $googleAuthenticator)
|
||||
{
|
||||
|
|
@ -119,6 +122,7 @@ class UserController extends AbstractController
|
|||
* Deletes a User entity.
|
||||
*
|
||||
* @Route("/users/{id}", name="user_delete", methods={"DELETE"})
|
||||
* @IsGranted("DELETE", subject="user")
|
||||
*/
|
||||
public function deleteAction(Request $request, User $user)
|
||||
{
|
||||
|
|
@ -142,6 +146,7 @@ class UserController extends AbstractController
|
|||
* @param int $page
|
||||
*
|
||||
* @Route("/users/list/{page}", name="user_index", defaults={"page" = 1})
|
||||
* @IsGranted("LIST_USERS")
|
||||
*
|
||||
* Default parameter for page is hardcoded (in duplication of the defaults from the Route)
|
||||
* because this controller is also called inside the layout template without any page as argument
|
||||
|
|
|
|||
47
src/Security/Voter/AdminVoter.php
Normal file
47
src/Security/Voter/AdminVoter.php
Normal file
|
|
@ -0,0 +1,47 @@
|
|||
<?php
|
||||
|
||||
namespace Wallabag\Security\Voter;
|
||||
|
||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
|
||||
use Symfony\Component\Security\Core\Security;
|
||||
use Wallabag\Entity\User;
|
||||
|
||||
class AdminVoter extends Voter
|
||||
{
|
||||
public const LIST_USERS = 'LIST_USERS';
|
||||
public const CREATE_USERS = 'CREATE_USERS';
|
||||
|
||||
private Security $security;
|
||||
|
||||
public function __construct(Security $security)
|
||||
{
|
||||
$this->security = $security;
|
||||
}
|
||||
|
||||
protected function supports(string $attribute, $subject): bool
|
||||
{
|
||||
if (!\in_array($attribute, [self::LIST_USERS, self::CREATE_USERS], true)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
|
||||
{
|
||||
$user = $token->getUser();
|
||||
|
||||
if (!$user instanceof User) {
|
||||
return false;
|
||||
}
|
||||
|
||||
switch ($attribute) {
|
||||
case self::LIST_USERS:
|
||||
case self::CREATE_USERS:
|
||||
return $this->security->isGranted('ROLE_SUPER_ADMIN');
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
53
src/Security/Voter/UserVoter.php
Normal file
53
src/Security/Voter/UserVoter.php
Normal file
|
|
@ -0,0 +1,53 @@
|
|||
<?php
|
||||
|
||||
namespace Wallabag\Security\Voter;
|
||||
|
||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
|
||||
use Symfony\Component\Security\Core\Security;
|
||||
use Wallabag\Entity\User;
|
||||
|
||||
class UserVoter extends Voter
|
||||
{
|
||||
public const EDIT = 'EDIT';
|
||||
public const DELETE = 'DELETE';
|
||||
|
||||
private Security $security;
|
||||
|
||||
public function __construct(Security $security)
|
||||
{
|
||||
$this->security = $security;
|
||||
}
|
||||
|
||||
protected function supports(string $attribute, $subject): bool
|
||||
{
|
||||
if (!$subject instanceof User) {
|
||||
return false;
|
||||
}
|
||||
|
||||
if (!\in_array($attribute, [self::EDIT, self::DELETE], true)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
|
||||
{
|
||||
$user = $token->getUser();
|
||||
\assert($user instanceof User);
|
||||
|
||||
switch ($attribute) {
|
||||
case self::EDIT:
|
||||
return $this->security->isGranted('ROLE_SUPER_ADMIN');
|
||||
case self::DELETE:
|
||||
if ($user === $subject) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return $this->security->isGranted('ROLE_SUPER_ADMIN');
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue