vendor/pimcore/portal-engine/src/Service/Security/Voter/DataPoolAssetUploadFolderReviewingVoter.php line 32

Open in your IDE?
  1. <?php
  3. /**
  4.  * Pimcore
  5.  *
  6.  * This source file is available under following license:
  7.  * - Pimcore Commercial License (PCL)
  8.  *
  9.  *  @copyright  Copyright (c) Pimcore GmbH (http://www.pimcore.org)
  10.  *  @license    http://www.pimcore.org/license     PCL
  11.  */
  13. namespace Pimcore\Bundle\PortalEngineBundle\Service\Security\Voter;
  15. use Pimcore\Bundle\PortalEngineBundle\Enum\Permission;
  16. use Pimcore\Bundle\PortalEngineBundle\Model\Configuration\DataPool\AssetConfig;
  17. use Pimcore\Bundle\PortalEngineBundle\Model\Configuration\DataPool\DataPoolConfigInterface;
  18. use Pimcore\Bundle\PortalEngineBundle\Model\DataObject\PortalUserInterface;
  19. use Pimcore\Bundle\PortalEngineBundle\Service\DataPool\DataPoolConfigService;
  20. use Pimcore\Bundle\PortalEngineBundle\Service\PortalConfig\PortalConfigService;
  21. use Pimcore\Bundle\PortalEngineBundle\Service\Security\PermissionService;
  22. use Pimcore\Bundle\PortalEngineBundle\Service\Security\Traits\SecurityServiceAware;
  23. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  24. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  25. use Symfony\Component\Security\Core\Security;
  27. /**
  28.  * Class DataPoolAssetUploadFolderReviewingVoter
  29.  *
  30.  * @package Pimcore\Bundle\PortalEngineBundle\Service\Security\Voter
  31.  */
  32. class DataPoolAssetUploadFolderReviewingVoter extends Voter
  33. {
  34.     use SecurityServiceAware;
  36.     /**
  37.      * @var PortalConfigService
  38.      */
  39.     protected $portalConfigService;
  40.     /**
  41.      * @var Security
  42.      */
  43.     protected $security;
  44.     /**
  45.      * @var PermissionService
  46.      */
  47.     protected $permissionService;
  48.     /**
  49.      * @var DataPoolConfigService
  50.      */
  51.     protected $dataPoolConfigService;
  53.     /**
  54.      * DataPoolAssetUploadFolderReviewingVoter constructor.
  55.      *
  56.      * @param PortalConfigService $portalConfigService
  57.      * @param Security $security
  58.      * @param PermissionService $permissionService
  59.      * @param DataPoolConfigService $dataPoolConfigService
  60.      */
  61.     public function __construct(PortalConfigService $portalConfigServiceSecurity $securityPermissionService $permissionServiceDataPoolConfigService $dataPoolConfigService)
  62.     {
  63.         $this->portalConfigService $portalConfigService;
  64.         $this->security $security;
  65.         $this->permissionService $permissionService;
  66.         $this->dataPoolConfigService $dataPoolConfigService;
  67.     }
  69.     /**
  70.      * Determines if the attribute and subject are supported by this voter.
  71.      *
  72.      * @param string $attribute An attribute
  73.      * @param mixed $subject The subject to secure, e.g. an object the user wants to access or any other PHP type
  74.      *
  75.      * @return bool True if the attribute and subject are supported, false otherwise
  76.      */
  77.     protected function supports($attribute$subject)
  78.     {
  79.         return $this->portalConfigService->isPortalEngineSite()
  80.             && $attribute === Permission::DATA_POOL_ASSET_UPLOAD_FOLDER_REVIEWING;
  81.     }
  83.     /**
  84.      * Perform a single access check operation on a given attribute, subject and token.
  85.      * It is safe to assume that $attribute and $subject already passed the "supports()" method check.
  86.      *
  87.      * @param string $attribute
  88.      * @param mixed $subject
  89.      *
  90.      * @return bool
  91.      */
  92.     protected function voteOnAttribute($attribute$subjectTokenInterface $token)
  93.     {
  94.         /** @var bool $allowed */
  95.         $allowed true;
  97.         try {
  98.             if (!$this->security->isGranted(Permission::DATA_POOL_ACCESS)) {
  99.                 throw new \Exception('dataPool access not granted');
  100.             }
  102.             /** @var DataPoolConfigInterface $dataPoolConfig */
  103.             $dataPoolConfig $this->dataPoolConfigService->getCurrentDataPoolConfig();
  104.             if (!$dataPoolConfig instanceof AssetConfig) {
  105.                 throw new \Exception('current dataPoolConfig is not a AssetConfig');
  106.             }
  108.             /** @var PortalUserInterface $user */
  109.             $user $this->securityService->getPortalUser();
  110.             if (!$this->permissionService->isAllowed($userPermission::DATA_POOL_ASSET_UPLOAD_FOLDER_REVIEWING Permission::PERMISSION_DELIMITER $dataPoolConfig->getId())) {
  111.                 throw new \Exception('permission not allowed');
  112.             }
  113.         } catch (\Exception $e) {
  114.             $allowed false;
  115.         }
  117.         return $allowed;
  118.     }
  119. }