Use IsGranted in SiteCredentialController

2024-03-23 23:36:33 +01:00
parent 96cb024cf5
commit 247894209c
8 changed files with 158 additions and 28 deletions
--- a/src/Security/Voter/MainVoter.php
+++ b/src/Security/Voter/MainVoter.php
@ -11,6 +11,8 @@ class MainVoter extends Voter
    public const LIST_ENTRIES = 'LIST_ENTRIES';
    public const CREATE_ENTRIES = 'CREATE_ENTRIES';
    public const EDIT_ENTRIES = 'EDIT_ENTRIES';
+    public const LIST_SITE_CREDENTIALS = 'LIST_SITE_CREDENTIALS';
+    public const CREATE_SITE_CREDENTIALS = 'CREATE_SITE_CREDENTIALS';

    private Security $security;

@ -25,7 +27,7 @@ class MainVoter extends Voter
            return false;
        }

-        if (!\in_array($attribute, [self::LIST_ENTRIES, self::CREATE_ENTRIES, self::EDIT_ENTRIES], true)) {
+        if (!\in_array($attribute, [self::LIST_ENTRIES, self::CREATE_ENTRIES, self::EDIT_ENTRIES, self::LIST_SITE_CREDENTIALS, self::CREATE_SITE_CREDENTIALS], true)) {
            return false;
        }

@ -38,6 +40,8 @@ class MainVoter extends Voter
            case self::LIST_ENTRIES:
            case self::CREATE_ENTRIES:
            case self::EDIT_ENTRIES:
+            case self::LIST_SITE_CREDENTIALS:
+            case self::CREATE_SITE_CREDENTIALS:
                return $this->security->isGranted('ROLE_USER');
        }

--- a/src/Security/Voter/SiteCredentialVoter.php
+++ b/src/Security/Voter/SiteCredentialVoter.php
@ -0,0 +1,46 @@
+<?php
+
+namespace Wallabag\Security\Voter;
+
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\Voter;
+use Wallabag\Entity\SiteCredential;
+use Wallabag\Entity\User;
+
+class SiteCredentialVoter extends Voter
+{
+    public const EDIT = 'EDIT';
+    public const DELETE = 'DELETE';
+
+    protected function supports(string $attribute, $subject): bool
+    {
+        if (!$subject instanceof SiteCredential) {
+            return false;
+        }
+
+        if (!\in_array($attribute, [self::EDIT, self::DELETE], true)) {
+            return false;
+        }
+
+        return true;
+    }
+
+    protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
+    {
+        \assert($subject instanceof SiteCredential);
+
+        $user = $token->getUser();
+
+        if (!$user instanceof User) {
+            return false;
+        }
+
+        switch ($attribute) {
+            case self::EDIT:
+            case self::DELETE:
+                return $user === $subject->getUser();
+        }
+
+        return false;
+    }
+}