protected function isGranted($attribute, $repository, TokenInterface $token)
{
// Admin can do everything
if (VoterInterface::ACCESS_GRANTED === $this->roleHierarchyVoter->vote($token, null, ['ROLE_ADMIN'])) {
return true;
}
$user = $token->getUser();
// We allow to check by repository name
// Needed when pushing the first manifest, that will create the repository
if (!$repository instanceof Repository) {
$name = $repository;
$repository = $this->om->getRepository('AppBundle:Repository')->findOneByName($repository);
if (null === $repository) {
// repository does not exist
// User tries to access root namespace but is not ADMIN
if (false === strpos($name, '/')) {
return false;
}
// Use not logged
if (!$user instanceof UserInterface) {
return false;
}
list($tld) = explode('/', $name);
return $tld === $user->getUsername();
}
}
$isOwner = $user instanceof UserInterface && $repository->getOwner() === $user;
switch ($attribute) {
case self::READ:
return $isOwner || $repository->isPublic();
case self::WRITE:
return $isOwner;
}
return false;
}
public function isGranted($role, $user)
{
if (!$user instanceof UserInterface) {
return false;
}
$roleHierarchy = new RoleHierarchy($this->roles);
$roleVoter = new RoleHierarchyVoter($roleHierarchy);
$token = new AnonymousToken('1', $user->getUsername(), $user->getRoles());
return $roleVoter->vote($token, null, array($role)) == VoterInterface::ACCESS_GRANTED;
}
protected function hasRole($token, $role)
{
return VoterInterface::ACCESS_GRANTED == $this->roleHierarchyVoter->vote($token, null, array($role));
}
/**
* @dataProvider getVoteWithEmptyHierarchyTests
*/
public function testVoteWithEmptyHierarchy($roles, $attributes, $expected)
{
$voter = new RoleHierarchyVoter(new RoleHierarchy(array()));
$this->assertSame($expected, $voter->vote($this->getToken($roles), null, $attributes));
}
/**
* @dataProvider getVoteTests
*/
public function testVote($roles, $attributes, $expected)
{
$voter = new RoleHierarchyVoter(new RoleHierarchy(array('ROLE_FOO' => array('ROLE_FOOBAR'))));
$this->assertSame($expected, $voter->vote($this->getToken($roles), null, $attributes));
}
protected function isGranted($attribute, $game, $user = null)
{
if (!$user) {
return false;
}
// Using this to know hierarchy
$roleHierarchyVoter = new RoleHierarchyVoter($this->roleHierarchy);
$adminAccess = $roleHierarchyVoter->vote($this->token, null, array('ROLE_ADMIN'));
$modoAccess = $roleHierarchyVoter->vote($this->token, null, array('ROLE_MODERATOR'));
// Admin and moderator can do anything
if ($adminAccess === VoterInterface::ACCESS_GRANTED || $modoAccess === VoterInterface::ACCESS_GRANTED) {
return true;
}
// All users can edit (except banned)
if ($attribute === self::EDIT) {
if (in_array('ROLE_USER', $user->getRoles(), true) && !in_array('ROLE_BANNED', $user->getRoles(), true)) {
return true;
}
}
return false;
}
protected function isGranted($attribute, $game, $user = null)
{
if (!$user || is_string($game)) {
return false;
}
// Using this to know hierarchy
$roleHierarchyVoter = new RoleHierarchyVoter($this->roleHierarchy);
$adminAccess = $roleHierarchyVoter->vote($this->token, null, array('ROLE_ADMIN'));
// Admin and owner can do anything
if ($adminAccess === VoterInterface::ACCESS_GRANTED || $user->getId() === $game->getOwner()->getId()) {
return true;
}
if (null !== $this->logger) {
$this->logger->debug('User is not an admin nor the game\'s owner');
}
// Moderators can edit
if ($attribute === self::EDIT) {
$modoAccess = $roleHierarchyVoter->vote($this->token, null, array('ROLE_MODERATOR'));
if ($modoAccess === VoterInterface::ACCESS_GRANTED) {
return true;
}
// if(in_array($game->getTeam(), $user->getTeams(), true))
// return true;
}
if (null !== $this->logger) {
$this->logger->debug('User is not a moderator nor part of the team');
}
return false;
}