Home Explore Help
Register Sign In
aj
/
chamilo-lms2
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: e7c246f349
Branches Tags
chamilo-lms2
/
vendor
/
symfony
/
security
/
Symfony
/
Component
/
Security
/
Acl
/
Voter
/
AclVoter.php

AclVoter.php 5.5 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143 
  1. <?php
    2. 

  2. 

  3. /*
    4. 

  4.  * This file is part of the Symfony package.
    5. 

  5.  *
    6. 

  6.  * (c) Fabien Potencier <fabien@symfony.com>
    7. 

  7.  *
    8. 

  8.  * For the full copyright and license information, please view the LICENSE
    9. 

  9.  * file that was distributed with this source code.
    10. 

  10.  */
    11. 

  11. 

  12. namespace Symfony\Component\Security\Acl\Voter;
    13. 

  13. 

  14. use Psr\Log\LoggerInterface;
    15. 

  15. use Symfony\Component\Security\Acl\Exception\NoAceFoundException;
    16. 

  16. use Symfony\Component\Security\Acl\Exception\AclNotFoundException;
    17. 

  17. use Symfony\Component\Security\Acl\Model\AclProviderInterface;
    18. 

  18. use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
    19. 

  19. use Symfony\Component\Security\Acl\Permission\PermissionMapInterface;
    20. 

  20. use Symfony\Component\Security\Acl\Model\SecurityIdentityRetrievalStrategyInterface;
    21. 

  21. use Symfony\Component\Security\Acl\Model\ObjectIdentityRetrievalStrategyInterface;
    22. 

  22. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
    23. 

  23. use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
    24. 

  24. 

  25. /**
    26. 

  26.  * This voter can be used as a base class for implementing your own permissions.
    27. 

  27.  *
    28. 

  28.  * @author Johannes M. Schmitt <schmittjoh@gmail.com>
    29. 

  29.  */
    30. 

  30. class AclVoter implements VoterInterface
    31. 

  31. {
    32. 

  32.     private $aclProvider;
    33. 

  33.     private $permissionMap;
    34. 

  34.     private $objectIdentityRetrievalStrategy;
    35. 

  35.     private $securityIdentityRetrievalStrategy;
    36. 

  36.     private $allowIfObjectIdentityUnavailable;
    37. 

  37.     private $logger;
    38. 

  38. 

  39.     public function __construct(AclProviderInterface $aclProvider, ObjectIdentityRetrievalStrategyInterface $oidRetrievalStrategy, SecurityIdentityRetrievalStrategyInterface $sidRetrievalStrategy, PermissionMapInterface $permissionMap, LoggerInterface $logger = null, $allowIfObjectIdentityUnavailable = true)
    40. 

  40.     {
    41. 

  41.         $this->aclProvider = $aclProvider;
    42. 

  42.         $this->permissionMap = $permissionMap;
    43. 

  43.         $this->objectIdentityRetrievalStrategy = $oidRetrievalStrategy;
    44. 

  44.         $this->securityIdentityRetrievalStrategy = $sidRetrievalStrategy;
    45. 

  45.         $this->logger = $logger;
    46. 

  46.         $this->allowIfObjectIdentityUnavailable = $allowIfObjectIdentityUnavailable;
    47. 

  47.     }
    48. 

  48. 

  49.     public function supportsAttribute($attribute)
    50. 

  50.     {
    51. 

  51.         return $this->permissionMap->contains($attribute);
    52. 

  52.     }
    53. 

  53. 

  54.     public function vote(TokenInterface $token, $object, array $attributes)
    55. 

  55.     {
    56. 

  56.         foreach ($attributes as $attribute) {
    57. 

  57.             if (null === $masks = $this->permissionMap->getMasks($attribute, $object)) {
    58. 

  58.                 continue;
    59. 

  59.             }
    60. 

  60. 

  61.             if (null === $object) {
    62. 

  62.                 if (null !== $this->logger) {
    63. 

  63.                     $this->logger->debug(sprintf('Object identity unavailable. Voting to %s', $this->allowIfObjectIdentityUnavailable? 'grant access' : 'abstain'));
    64. 

  64.                 }
    65. 

  65. 

  66.                 return $this->allowIfObjectIdentityUnavailable ? self::ACCESS_GRANTED : self::ACCESS_ABSTAIN;
    67. 

  67.             } elseif ($object instanceof FieldVote) {
    68. 

  68.                 $field = $object->getField();
    69. 

  69.                 $object = $object->getDomainObject();
    70. 

  70.             } else {
    71. 

  71.                 $field = null;
    72. 

  72.             }
    73. 

  73. 

  74.             if ($object instanceof ObjectIdentityInterface) {
    75. 

  75.                 $oid = $object;
    76. 

  76.             } elseif (null === $oid = $this->objectIdentityRetrievalStrategy->getObjectIdentity($object)) {
    77. 

  77.                 if (null !== $this->logger) {
    78. 

  78.                     $this->logger->debug(sprintf('Object identity unavailable. Voting to %s', $this->allowIfObjectIdentityUnavailable? 'grant access' : 'abstain'));
    79. 

  79.                 }
    80. 

  80. 

  81.                 return $this->allowIfObjectIdentityUnavailable ? self::ACCESS_GRANTED : self::ACCESS_ABSTAIN;
    82. 

  82.             }
    83. 

  83. 

  84.             if (!$this->supportsClass($oid->getType())) {
    85. 

  85.                 return self::ACCESS_ABSTAIN;
    86. 

  86.             }
    87. 

  87. 

  88.             $sids = $this->securityIdentityRetrievalStrategy->getSecurityIdentities($token);
    89. 

  89. 

  90.             try {
    91. 

  91.                 $acl = $this->aclProvider->findAcl($oid, $sids);
    92. 

  92. 

  93.                 if (null === $field && $acl->isGranted($masks, $sids, false)) {
    94. 

  94.                     if (null !== $this->logger) {
    95. 

  95.                         $this->logger->debug('ACL found, permission granted. Voting to grant access');
    96. 

  96.                     }
    97. 

  97. 

  98.                     return self::ACCESS_GRANTED;
    99. 

  99.                 } elseif (null !== $field && $acl->isFieldGranted($field, $masks, $sids, false)) {
    100. 

  100.                     if (null !== $this->logger) {
    101. 

  101.                         $this->logger->debug('ACL found, permission granted. Voting to grant access');
    102. 

  102.                     }
    103. 

  103. 

  104.                     return self::ACCESS_GRANTED;
    105. 

  105.                 }
    106. 

  106. 

  107.                 if (null !== $this->logger) {
    108. 

  108.                     $this->logger->debug('ACL found, insufficient permissions. Voting to deny access.');
    109. 

  109.                 }
    110. 

  110. 

  111.                 return self::ACCESS_DENIED;
    112. 

  112.             } catch (AclNotFoundException $noAcl) {
    113. 

  113.                 if (null !== $this->logger) {
    114. 

  114.                     $this->logger->debug('No ACL found for the object identity. Voting to deny access.');
    115. 

  115.                 }
    116. 

  116. 

  117.                 return self::ACCESS_DENIED;
    118. 

  118.             } catch (NoAceFoundException $noAce) {
    119. 

  119.                 if (null !== $this->logger) {
    120. 

  120.                     $this->logger->debug('ACL found, no ACE applicable. Voting to deny access.');
    121. 

  121.                 }
    122. 

  122. 

  123.                 return self::ACCESS_DENIED;
    124. 

  124.             }
    125. 

  125.         }
    126. 

  126. 

  127.         // no attribute was supported
    128. 

  128.         return self::ACCESS_ABSTAIN;
    129. 

  129.     }
    130. 

  130. 

  131.     /**
    132. 

  132.      * You can override this method when writing a voter for a specific domain
    133. 

  133.      * class.
    134. 

  134.      *
    135. 

  135.      * @param string $class The class name
    136. 

  136.      *
    137. 

  137.      * @return Boolean
    138. 

  138.      */
    139. 

  139.     public function supportsClass($class)
    140. 

  140.     {
    141. 

  141.         return true;
    142. 

  142.     }
    143. 

  143. }
    144.