vendor/pimcore/portal-engine/src/Service/Security/Voter/DataPoolDownloadVoter.php line 29

Open in your IDE?
  1. <?php
  3. /**
  4.  * Pimcore
  5.  *
  6.  * This source file is available under following license:
  7.  * - Pimcore Commercial License (PCL)
  8.  *
  9.  *  @copyright  Copyright (c) Pimcore GmbH (http://www.pimcore.org)
  10.  *  @license    http://www.pimcore.org/license     PCL
  11.  */
  13. namespace Pimcore\Bundle\PortalEngineBundle\Service\Security\Voter;
  15. use Pimcore\Bundle\PortalEngineBundle\Enum\Permission;
  16. use Pimcore\Bundle\PortalEngineBundle\Event\Permission\DataPoolDownloadAccessEvent;
  17. use Pimcore\Bundle\PortalEngineBundle\Model\DataObject\PortalUserInterface;
  18. use Pimcore\Bundle\PortalEngineBundle\Model\Download\DownloadAccess;
  19. use Pimcore\Bundle\PortalEngineBundle\Service\DataPool\DataPoolConfigService;
  20. use Pimcore\Bundle\PortalEngineBundle\Service\Download\DownloadProviderService;
  21. use Pimcore\Bundle\PortalEngineBundle\Service\PortalConfig\PortalConfigService;
  22. use Pimcore\Bundle\PortalEngineBundle\Service\PublicShare\PublicShareService;
  23. use Pimcore\Bundle\PortalEngineBundle\Service\Security\PermissionService;
  24. use Pimcore\Bundle\PortalEngineBundle\Service\Security\Traits\SecurityServiceAware;
  25. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  26. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  27. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  29. class DataPoolDownloadVoter extends Voter
  30. {
  31.     use SecurityServiceAware;
  33.     protected $portalConfigService;
  34.     protected $dataPoolConfigService;
  35.     protected $permissionService;
  36.     protected $downloadProviderService;
  37.     protected $publicShareService;
  38.     protected $eventDispatcher;
  40.     public function __construct(
  41.         PortalConfigService $portalConfigService,
  42.         DataPoolConfigService $dataPoolConfigService,
  43.         PermissionService $permissionService,
  44.         DownloadProviderService $downloadProviderService,
  45.         PublicShareService $publicShareService,
  46.         EventDispatcherInterface $eventDispatcher
  47.     ) {
  48.         $this->portalConfigService $portalConfigService;
  49.         $this->dataPoolConfigService $dataPoolConfigService;
  50.         $this->permissionService $permissionService;
  51.         $this->downloadProviderService $downloadProviderService;
  52.         $this->publicShareService $publicShareService;
  53.         $this->eventDispatcher $eventDispatcher;
  54.     }
  56.     /**
  57.      * @param string $attribute
  58.      * @param mixed $subject
  59.      *
  60.      * @return bool
  61.      */
  62.     protected function supports($attribute$subject)
  63.     {
  64.         return
  65.             $this->portalConfigService->isPortalEngineSite() &&
  66.             $attribute === Permission::DOWNLOAD &&
  67.             $subject instanceof DownloadAccess;
  68.     }
  70.     /**
  71.      * @param string $attribute
  72.      * @param DownloadAccess $subject
  73.      * @param TokenInterface $token
  74.      *
  75.      * @return bool
  76.      */
  77.     protected function voteOnAttribute($attribute$subjectTokenInterface $token)
  78.     {
  79.         $user $this->securityService->getPortalUser();
  81.         $allowed =
  82.             $user instanceof PortalUserInterface &&
  83.             $this->permissionService->isAllowed($user$subject->toPermission());
  85.         $downloadTypeFormatPermissions $this->getDownloadTypeFormatPerimssions($subject);
  86.         if (!isset($downloadTypeFormatPermissions[$subject->toPermission()])) {
  87.             $allowed false;
  88.         }
  90.         if (!$allowed && $user instanceof PortalUserInterface) {
  91.             // If download type itself is forbidden but one of its download formats is allowed, the download is permitted.
  92.             $allowed $this->isAnyFormatAllowed($subject$user$downloadTypeFormatPermissions);
  93.         } elseif ($allowed) {
  94.             // Do not allow formats which are not specificed in data pool or public share
  95.             $allowed $this->isAnyFormatAllowed($subject$user$downloadTypeFormatPermissionsfalse);
  96.         }
  98.         $event = new DataPoolDownloadAccessEvent($allowed$subject$token);
  99.         $this->eventDispatcher->dispatch($event);
  101.         return $event->isAllowed();
  102.     }
  104.     protected function isAnyFormatAllowed(DownloadAccess $downloadAccessPortalUserInterface $user, array $downloadTypeFormatPermissionsbool $checkFormatPermissions true): bool
  105.     {
  106.         foreach ($downloadAccess->getFormatAccess() as $formatAccess) {
  107.             if (!isset($downloadTypeFormatPermissions[$downloadAccess->toPermission()][$formatAccess->getFormat()])) {
  108.                 continue;
  109.             }
  110.             $allowed = !$checkFormatPermissions || $this->permissionService->isAllowed($user$formatAccess->toPermission());
  111.             if ($allowed) {
  112.                 return true;
  113.             }
  114.         }
  116.         return false;
  117.     }
  119.     protected function getDownloadTypeFormatPerimssions(DownloadAccess $downloadAccess)
  120.     {
  121.         $dataPoolConfig $this->dataPoolConfigService->getDataPoolConfigById($downloadAccess->getDataPoolConfigId());
  122.         if ($publicShare $this->publicShareService->getCurrentPublicShare()) {
  123.             $downloadTypes $this->downloadProviderService->getPublicShareAllowedDownloadTypes($dataPoolConfig$publicShare);
  124.         } else {
  125.             $downloadTypes $this->downloadProviderService->getDownloadTypes($dataPoolConfigfalse);
  126.         }
  128.         $result = [];
  129.         foreach ($downloadTypes as $downloadType) {
  130.             $formats array_map(function (array $format) {
  131.                 return $format['id'];
  132.             }, $downloadType->getFormats());
  134.             $formats array_flip($formats);
  136.             $result[DownloadAccess::fromDownloadType($downloadAccess->getDataPoolConfigId(), $downloadType)->toPermission()] = $formats;
  137.         }
  139.         return $result;
  140.     }
  141. }