/**
* {@inheritdoc}
*/
public function vote(TokenInterface $token, $object, array $attributes)
{
if (!$object instanceof SecurityCondition) {
return VoterInterface::ACCESS_ABSTAIN;
}
if ($object->getObjectType() === null || $object->getObjectId() === null) {
return VoterInterface::ACCESS_ABSTAIN;
}
try {
$objectIdentity = new ObjectIdentity($object->getObjectId(), $object->getObjectType());
$this->aclProvider->findAcl($objectIdentity);
// only called to check if acl exists
return parent::vote($token, $objectIdentity, $attributes);
} catch (AclNotFoundException $exc) {
return VoterInterface::ACCESS_ABSTAIN;
}
}
/**
* {@inheritdoc}
*/
public function vote(TokenInterface $token, $object, array $attributes)
{
$this->securityToken = $token;
$this->object = $object instanceof FieldVote ? $object->getDomainObject() : $object;
$this->extension = $this->extensionSelector->select($object);
// replace empty permissions with default ones
for ($i = 0; $i < count($attributes); $i++) {
if (empty($attributes[$i])) {
$attributes[$i] = $this->extension->getDefaultPermission();
}
}
$result = parent::vote($token, $object, $attributes);
$this->extension = null;
$this->object = null;
$this->securityToken = null;
return $result;
}
/**
* {@inheritdoc}
*/
public function vote(TokenInterface $token, $object, array $attributes)
{
$this->securityToken = $token;
$this->object = $object instanceof FieldVote ? $object->getDomainObject() : $object;
list($this->object, $group) = $this->separateAclGroupFromObject($this->object);
try {
$this->extension = $this->extensionSelector->select($this->object);
} catch (InvalidDomainObjectException $e) {
return self::ACCESS_ABSTAIN;
}
// replace empty permissions with default ones
$attributesCount = count($attributes);
for ($i = 0; $i < $attributesCount; $i++) {
if (empty($attributes[$i])) {
$attributes[$i] = $this->extension->getDefaultPermission();
}
}
//check acl group
$result = $this->checkAclGroup($group);
if ($result !== self::ACCESS_DENIED) {
$result = parent::vote($token, $this->object, $attributes);
//check organization context
$result = $this->checkOrganizationContext($result);
}
$this->extension = null;
$this->object = null;
$this->securityToken = null;
$this->triggeredMask = null;
if ($this->oneShotIsGrantedObserver) {
$this->oneShotIsGrantedObserver = null;
}
return $result;
}
/**
* Returns the vote for class content object, recursively till AbstractClassContent.
*
* @param \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token
* @param \BackBee\ClassContent\AbstractClassContent $content
* @param array $attributes
* @return integer either ACCESS_GRANTED, ACCESS_ABSTAIN, or ACCESS_DENIED
*/
private function voteForClassContent(TokenInterface $token, AbstractClassContent $content, array $attributes)
{
if (null === $content->getProperty('category')) {
return self::ACCESS_GRANTED;
}
if (self::ACCESS_DENIED === ($result = $this->voteForObject($token, $content, $attributes))) {
if (false !== ($parent_class = get_parent_class($content))) {
if ('BackBee\\ClassContent\\AbstractClassContent' !== $parent_class) {
$parent_class = NAMESPACE_SEPARATOR . $parent_class;
$result = $this->voteForClassContent($token, new $parent_class('*'), $attributes);
} else {
$objectIdentity = new ObjectIdentity('all', 'BackBee\\ClassContent\\AbstractClassContent');
$result = parent::vote($token, $objectIdentity, $attributes);
}
}
}
return $result;
}
