Use IsGranted in IgnoreOriginInstanceRuleController

2024-03-20 23:48:18 +01:00
parent 5a411fb251
commit 49ca5f5ed8
9 changed files with 174 additions and 14 deletions
--- a/src/Security/Voter/AdminVoter.php
+++ b/src/Security/Voter/AdminVoter.php
@ -11,6 +11,8 @@ class AdminVoter extends Voter
 {
    public const LIST_USERS = 'LIST_USERS';
    public const CREATE_USERS = 'CREATE_USERS';
+    public const LIST_IGNORE_ORIGIN_INSTANCE_RULES = 'LIST_IGNORE_ORIGIN_INSTANCE_RULES';
+    public const CREATE_IGNORE_ORIGIN_INSTANCE_RULES = 'CREATE_IGNORE_ORIGIN_INSTANCE_RULES';

    private Security $security;

@ -21,7 +23,7 @@ class AdminVoter extends Voter

    protected function supports(string $attribute, $subject): bool
    {
-        if (!\in_array($attribute, [self::LIST_USERS, self::CREATE_USERS], true)) {
+        if (!\in_array($attribute, [self::LIST_USERS, self::CREATE_USERS, self::LIST_IGNORE_ORIGIN_INSTANCE_RULES, self::CREATE_IGNORE_ORIGIN_INSTANCE_RULES], true)) {
            return false;
        }

@ -39,6 +41,8 @@ class AdminVoter extends Voter
        switch ($attribute) {
            case self::LIST_USERS:
            case self::CREATE_USERS:
+            case self::LIST_IGNORE_ORIGIN_INSTANCE_RULES:
+            case self::CREATE_IGNORE_ORIGIN_INSTANCE_RULES:
                return $this->security->isGranted('ROLE_SUPER_ADMIN');
        }

--- a/src/Security/Voter/IgnoreOriginInstanceRuleVoter.php
+++ b/src/Security/Voter/IgnoreOriginInstanceRuleVoter.php
@ -0,0 +1,45 @@
+<?php
+
+namespace Wallabag\Security\Voter;
+
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\Voter;
+use Symfony\Component\Security\Core\Security;
+use Wallabag\Entity\IgnoreOriginInstanceRule;
+
+class IgnoreOriginInstanceRuleVoter extends Voter
+{
+    public const EDIT = 'EDIT';
+    public const DELETE = 'DELETE';
+
+    private Security $security;
+
+    public function __construct(Security $security)
+    {
+        $this->security = $security;
+    }
+
+    protected function supports(string $attribute, $subject): bool
+    {
+        if (!$subject instanceof IgnoreOriginInstanceRule) {
+            return false;
+        }
+
+        if (!\in_array($attribute, [self::EDIT, self::DELETE], true)) {
+            return false;
+        }
+
+        return true;
+    }
+
+    protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
+    {
+        switch ($attribute) {
+            case self::EDIT:
+            case self::DELETE:
+                return $this->security->isGranted('ROLE_SUPER_ADMIN');
+        }
+
+        return false;
+    }
+}