|
|
@@ -2,19 +2,24 @@
|
|
|
|
|
|
namespace OwnerVoterBundle\Security;
|
|
|
|
|
|
-use OwnerVoterBundle\Entity\Traits\OwnerTraitInterface;
|
|
|
-use Symfony\Component\Filesystem\Exception\IOException;
|
|
|
+//use OwnerVoterBundle\Entity\Traits\OwnerTraitInterface;
|
|
|
+//use Symfony\Component\Filesystem\Exception\IOException;
|
|
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
|
|
-use Symfony\Component\Security\Core\Authorization\Voter\Voter;
|
|
|
+//use Symfony\Component\Security\Core\Authorization\Voter\Voter;
|
|
|
use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
|
|
|
+use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
|
|
|
|
|
|
/**
|
|
|
* Class OwnerVoterPost
|
|
|
* @package OwnerVoterBundle\Security
|
|
|
* Solo se utiliza para objetos Post
|
|
|
*/
|
|
|
-class OwnerVoter extends Voter
|
|
|
+class OwnerVoter implements VoterInterface
|
|
|
{
|
|
|
+ /**
|
|
|
+ * Constante para el permiso de mostrar.
|
|
|
+ */
|
|
|
+ const SHOW = 'SHOW';
|
|
|
/**
|
|
|
* Constante para el permiso de ver.
|
|
|
*/
|
|
|
@@ -45,7 +50,7 @@ class OwnerVoter extends Voter
|
|
|
* @param AccessDecisionManagerInterface|null $decisionManager Contiene una interface para acceder a los roles.
|
|
|
* Sale del contenedor 'security.access.decision_manager'.
|
|
|
*/
|
|
|
- public function __construct(\Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface $decisionManager = null)
|
|
|
+ public function __construct(AccessDecisionManagerInterface $decisionManager = null)
|
|
|
{
|
|
|
$this->decisionManager = $decisionManager;
|
|
|
}
|
|
|
@@ -59,6 +64,7 @@ class OwnerVoter extends Voter
|
|
|
return ($attribute != null &&
|
|
|
strlen($attribute) > 0 &&
|
|
|
in_array($attribute, array(
|
|
|
+ self::SHOW,
|
|
|
self::VIEW,
|
|
|
self::EDIT,
|
|
|
self::DELETE,
|
|
|
@@ -85,43 +91,18 @@ class OwnerVoter extends Voter
|
|
|
}
|
|
|
}
|
|
|
|
|
|
- /**
|
|
|
- * @param string $attribute Contiene el atributo a comprobar.
|
|
|
- * @param mixed $object Contiene el objeto a comprobar.
|
|
|
- * @return bool Retorna TRUE si el atributo es soportado.
|
|
|
- */
|
|
|
- protected function supports($attribute, $subject)
|
|
|
- {
|
|
|
- // si la accion que estoy consultando no es permitida, entonces retorna false
|
|
|
- return $this->supportsAttribute($attribute) && $this->supportsClass($object);
|
|
|
- }
|
|
|
-
|
|
|
- /**
|
|
|
- * @param string $attribute Contiene el atributo que voy a verificar.
|
|
|
- * @param mixed $object Contiene el objeto a verificar.
|
|
|
- * @param TokenInterface $token Contiene el token.
|
|
|
- * @return bool Retorna TRUE si puedo acceder al objeto.
|
|
|
- */
|
|
|
- protected function voteOnAttribute($attribute, $object, TokenInterface $token)
|
|
|
- {
|
|
|
- return $this->vote($token, $object, [$attribute]);
|
|
|
- }
|
|
|
-
|
|
|
/**
|
|
|
* Metodo que me dice si puedo acceder.
|
|
|
* @param TokenInterface $token Contiene el token.
|
|
|
- * @param $object Contiene el objeto a verificar.
|
|
|
+ * @param mixed $object Contiene el objeto a verificar.
|
|
|
* @param array $attributes Contiene los atributos a verificar. Solo se toma el primer valor a verificar.
|
|
|
* @return integer Retorna 1 como acceso permitido, 0 como abstenerse (objetos no soportados) o -1 como acceso denegado.
|
|
|
*/
|
|
|
public function vote(TokenInterface $token, $object, array $attributes)
|
|
|
{
|
|
|
- // Si tengo el rol ROLE_SUPER_ADMIN, puedo hacer cualquier cosa
|
|
|
- // DESCOMENTAR ESTO PARA EL ROLE_SUPER_ADMIN
|
|
|
- if ($this->decisionManager != null &&
|
|
|
- $this->decisionManager->decide($token, array('ROLE_SUPER_ADMIN'))
|
|
|
- ) {
|
|
|
- return VoterInterface::ACCESS_GRANTED;
|
|
|
+ // me dice si soporta la case
|
|
|
+ if (!$this->supportsClass($object)) {
|
|
|
+ return VoterInterface::ACCESS_ABSTAIN;
|
|
|
}
|
|
|
// verifico si se pasaron los permisos
|
|
|
if (count($attributes) == 0) {
|
|
|
@@ -133,10 +114,6 @@ class OwnerVoter extends Voter
|
|
|
if (!$this->supportsAttribute($attribute)) {
|
|
|
return VoterInterface::ACCESS_DENIED;
|
|
|
}
|
|
|
- // me dice si soporta la case
|
|
|
- if (!$this->supportsClass($object)) {
|
|
|
- return VoterInterface::ACCESS_ABSTAIN;
|
|
|
- }
|
|
|
// el usuario no se encuentra logueado
|
|
|
if ($token == null ||
|
|
|
$token->getUsername() == null ||
|
|
|
@@ -144,12 +121,23 @@ class OwnerVoter extends Voter
|
|
|
) {
|
|
|
return VoterInterface::ACCESS_DENIED;
|
|
|
}
|
|
|
+ // Si tengo el rol ROLE_SUPER_ADMIN, puedo hacer cualquier cosa
|
|
|
+ // DESCOMENTAR ESTO PARA EL ROLE_SUPER_ADMIN
|
|
|
+ if ($this->decisionManager != null &&
|
|
|
+ $this->decisionManager->decide($token, array('ROLE_SUPER_ADMIN'))
|
|
|
+ ) {
|
|
|
+ return VoterInterface::ACCESS_GRANTED;
|
|
|
+ }
|
|
|
// -----------------------------------
|
|
|
// comienza la validacion de atributos
|
|
|
if ($attribute == self::LLIST) {
|
|
|
// agregar codigo para el proceso de listar.
|
|
|
return VoterInterface::ACCESS_GRANTED;
|
|
|
}
|
|
|
+ if ($attribute == self::SHOW) {
|
|
|
+ // agregar codigo para el proceso de mostrar.
|
|
|
+ return VoterInterface::ACCESS_GRANTED;
|
|
|
+ }
|
|
|
if ($attribute == self::VIEW) {
|
|
|
// agregar codigo para el proceso de ver.
|
|
|
return VoterInterface::ACCESS_GRANTED;
|
gabriel