vendor/pimcore/portal-engine/src/Service/Security/Voter/DataPoolItemPermissionVoter.php line 25

Open in your IDE?
  1. <?php
  3. /**
  4.  * Pimcore
  5.  *
  6.  * This source file is available under following license:
  7.  * - Pimcore Commercial License (PCL)
  8.  *
  9.  *  @copyright  Copyright (c) Pimcore GmbH (http://www.pimcore.org)
  10.  *  @license    http://www.pimcore.org/license     PCL
  11.  */
  13. namespace Pimcore\Bundle\PortalEngineBundle\Service\Security\Voter;
  15. use Pimcore\Bundle\PortalEngineBundle\Enum\Permission;
  16. use Pimcore\Bundle\PortalEngineBundle\Service\DataPool\DataPoolConfigService;
  17. use Pimcore\Bundle\PortalEngineBundle\Service\PortalConfig\PortalConfigService;
  18. use Pimcore\Bundle\PortalEngineBundle\Service\Security\PermissionService;
  19. use Pimcore\Bundle\PortalEngineBundle\Service\Security\Traits\SecurityServiceAware;
  20. use Pimcore\Model\Asset;
  21. use Pimcore\Model\Element\ElementInterface;
  22. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  23. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  25. class DataPoolItemPermissionVoter extends Voter
  26. {
  27.     use SecurityServiceAware;
  29.     const PERMISSIONS = [
  30.         Permission::CREATE,
  31.         Permission::DELETE,
  32.         Permission::EDIT,
  33.         Permission::VIEW,
  34.         Permission::UPDATE,
  35.         Permission::DOWNLOAD,
  36.         Permission::SUBFOLDER,
  37.         Permission::VIEW_OWNED_ASSET_ONLY,
  38.     ];
  40.     /**
  41.      * @var PortalConfigService
  42.      */
  43.     protected $portalConfigService;
  45.     /**
  46.      * @var DataPoolConfigService
  47.      */
  48.     protected $dataPoolConfigService;
  50.     /**
  51.      * @var PermissionService
  52.      */
  53.     protected $permissionService;
  55.     /**
  56.      * @param PortalConfigService $portalConfigService
  57.      * @param DataPoolConfigService $dataPoolConfigService
  58.      * @param PermissionService $permissionService
  59.      */
  60.     public function __construct(PortalConfigService $portalConfigServiceDataPoolConfigService $dataPoolConfigServicePermissionService $permissionService)
  61.     {
  62.         $this->portalConfigService $portalConfigService;
  63.         $this->dataPoolConfigService $dataPoolConfigService;
  64.         $this->permissionService $permissionService;
  65.     }
  67.     protected function supports($attribute$subject)
  68.     {
  69.         return $this->portalConfigService->isPortalEngineSite()
  70.             && in_array($attributeself::PERMISSIONS)
  71.             && (is_string($subject) || $subject instanceof ElementInterface);
  72.     }
  74.     /**
  75.      * @param string $attribute
  76.      * @param mixed $subject
  77.      * @param TokenInterface $token
  78.      *
  79.      * @return bool
  80.      */
  81.     protected function voteOnAttribute($attribute$subjectTokenInterface $token)
  82.     {
  83.         $dataPoolConfig $this->dataPoolConfigService->getCurrentDataPoolConfig();
  84.         if (empty($dataPoolConfig)) {
  85.             return false;
  86.         }
  87.         $fullPath $subject instanceof ElementInterface $subject->getRealFullPath() : $subject;
  88.         $respectWorkflowPermissions $subject instanceof Asset;
  89.         $respectUploadFolderPermissions $subject instanceof Asset;
  91.         return $this->permissionService->isPermissionAllowed(
  92.             $attribute,
  93.             $this->securityService->getPortalUser(),
  94.             $dataPoolConfig->getId(),
  95.             $fullPath,
  96.             false,
  97.             $respectWorkflowPermissions,
  98.             true,
  99.             $respectUploadFolderPermissions
  100.         );
  101.     }
  102. }