<?php
/**
* @copyright Copyright (C) Ibexa AS. All rights reserved.
* @license For full copyright and license information view LICENSE file distributed with this source code.
*/
namespace Ibexa\Core\MVC\Symfony\Security\Authorization\Voter;
use Ibexa\Contracts\Core\Repository\PermissionResolver;
use Ibexa\Core\MVC\Symfony\Security\Authorization\Attribute as AuthorizationAttribute;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
class CoreVoter implements VoterInterface
{
/** @var \Ibexa\Contracts\Core\Repository\PermissionResolver */
private $permissionResolver;
public function __construct(PermissionResolver $permissionResolver)
{
$this->permissionResolver = $permissionResolver;
}
/**
* Checks if the voter supports the given attribute.
*
* @param string $attribute An attribute
*
* @return bool true if this Voter supports the attribute, false otherwise
*/
public function supportsAttribute($attribute)
{
return $attribute instanceof AuthorizationAttribute && empty($attribute->limitations);
}
/**
* Checks if the voter supports the given class.
*
* @param string $class A class name
*
* @return true if this Voter can process the class
*/
public function supportsClass($class)
{
return true;
}
/**
* Returns the vote for the given parameters.
*
* This method must return one of the following constants:
* ACCESS_GRANTED, ACCESS_DENIED, or ACCESS_ABSTAIN.
*
* @param \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token A TokenInterface instance
* @param object $object The object to secure
* @param array $attributes An array of attributes associated with the method being invoked
*
* @return int either ACCESS_GRANTED, ACCESS_ABSTAIN, or ACCESS_DENIED
*/
public function vote(TokenInterface $token, $object, array $attributes)
{
foreach ($attributes as $attribute) {
if ($this->supportsAttribute($attribute)) {
if ($this->permissionResolver->hasAccess($attribute->module, $attribute->function) === false) {
return VoterInterface::ACCESS_DENIED;
}
return VoterInterface::ACCESS_GRANTED;
}
}
return VoterInterface::ACCESS_ABSTAIN;
}
}
class_alias(CoreVoter::class, 'eZ\Publish\Core\MVC\Symfony\Security\Authorization\Voter\CoreVoter');