pierre/wallabag
1
0
Fork 0
forked from wallabag/wallabag
Code Issues Pull Requests Packages Projects Releases 1 Wiki Activity

Use IsGranted in IgnoreOriginInstanceRuleController

Browse Source
This commit is contained in:
Yassine Guedidi
2024-03-20 23:48:18 +01:00
parent 5a411fb251
commit 49ca5f5ed8
9 changed files with 174 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/Controller/IgnoreOriginInstanceRuleController.php
View File

@ -3,6 +3,7 @@
namespace Wallabag\Controller;
use Doctrine\ORM\EntityManagerInterface;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
use Symfony\Component\Form\Form;
use Symfony\Component\Form\FormInterface;
use Symfony\Component\HttpFoundation\RedirectResponse;
@ -34,6 +35,7 @@ class IgnoreOriginInstanceRuleController extends AbstractController
* Lists all IgnoreOriginInstanceRule entities.
*
* @Route("/", name="ignore_origin_instance_rules_index", methods={"GET"})
* @IsGranted("LIST_IGNORE_ORIGIN_INSTANCE_RULES")
*/
public function indexAction(IgnoreOriginInstanceRuleRepository $repository)
{
@ -48,6 +50,7 @@ class IgnoreOriginInstanceRuleController extends AbstractController
* Creates a new ignore origin instance rule entity.
*
* @Route("/new", name="ignore_origin_instance_rules_new", methods={"GET", "POST"})
* @IsGranted("CREATE_IGNORE_ORIGIN_INSTANCE_RULES")
*
* @return Response
*/
@ -80,6 +83,7 @@ class IgnoreOriginInstanceRuleController extends AbstractController
* Displays a form to edit an existing ignore origin instance rule entity.
*
* @Route("/{id}/edit", name="ignore_origin_instance_rules_edit", methods={"GET", "POST"})
* @IsGranted("EDIT", subject="ignoreOriginInstanceRule")
*
* @return Response
*/
@ -112,6 +116,7 @@ class IgnoreOriginInstanceRuleController extends AbstractController
* Deletes a site credential entity.
*
* @Route("/{id}", name="ignore_origin_instance_rules_delete", methods={"DELETE"})
* @IsGranted("DELETE", subject="ignoreOriginInstanceRule")
*
* @return RedirectResponse
*/

6
src/Security/Voter/AdminVoter.php
View File

@ -11,6 +11,8 @@ class AdminVoter extends Voter
{
public const LIST_USERS = 'LIST_USERS';
public const CREATE_USERS = 'CREATE_USERS';
public const LIST_IGNORE_ORIGIN_INSTANCE_RULES = 'LIST_IGNORE_ORIGIN_INSTANCE_RULES';
public const CREATE_IGNORE_ORIGIN_INSTANCE_RULES = 'CREATE_IGNORE_ORIGIN_INSTANCE_RULES';
private Security $security;
@ -21,7 +23,7 @@ class AdminVoter extends Voter
protected function supports(string $attribute, $subject): bool
{
if (!\in_array($attribute, [self::LIST_USERS, self::CREATE_USERS], true)) {
if (!\in_array($attribute, [self::LIST_USERS, self::CREATE_USERS, self::LIST_IGNORE_ORIGIN_INSTANCE_RULES, self::CREATE_IGNORE_ORIGIN_INSTANCE_RULES], true)) {
return false;
}
@ -39,6 +41,8 @@ class AdminVoter extends Voter
switch ($attribute) {
case self::LIST_USERS:
case self::CREATE_USERS:
case self::LIST_IGNORE_ORIGIN_INSTANCE_RULES:
case self::CREATE_IGNORE_ORIGIN_INSTANCE_RULES:
return $this->security->isGranted('ROLE_SUPER_ADMIN');
}

45
src/Security/Voter/IgnoreOriginInstanceRuleVoter.php Normal file
View File

@ -0,0 +1,45 @@
<?php
namespace Wallabag\Security\Voter;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\Security;
use Wallabag\Entity\IgnoreOriginInstanceRule;
class IgnoreOriginInstanceRuleVoter extends Voter
{
public const EDIT = 'EDIT';
public const DELETE = 'DELETE';
private Security $security;
public function __construct(Security $security)
{
$this->security = $security;
}
protected function supports(string $attribute, $subject): bool
{
if (!$subject instanceof IgnoreOriginInstanceRule) {
return false;
}
if (!\in_array($attribute, [self::EDIT, self::DELETE], true)) {
return false;
}
return true;
}
protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
{
switch ($attribute) {
case self::EDIT:
case self::DELETE:
return $this->security->isGranted('ROLE_SUPER_ADMIN');
}
return false;
}
}