public function testTokenAwareAuthorizationCheckerAndDrupalPermissionVoter()
{
// We are in Drupal, user with uid 1 can access everything
$superUser = new User();
$superUser->uid = 1;
$superUser->roles = [1 => 1];
$superToken = new UserToken();
$superToken->setUser(new DrupalUser($superUser));
// And anonymous pretty much nothing
$dumbUser = new User();
$dumbUser->uid = 0;
$dumbUser->roles = [0 => 0];
$dumbToken = new UserToken();
$dumbToken->setUser(new DrupalUser($dumbUser));
// We are working in a fully bootstrapped Drupal, in theory
// the permission voter is setup, we can send isGranted() calls
// using permission names: sending a non existing permission
// will always return false for any user, but always true for
// the user with uid 1 (Drupal core default behavior)
$permission = 'a drupal permission that does not exists';
$tokenStorage = new TokenStorage();
$authenticationManager = new SecurityNullAuthenticationManager();
$accessDecisionManager = new AccessDecisionManager([new DrupalPermissionVoter()]);
$defaultAuthorizationChecker = new AuthorizationChecker($tokenStorage, $authenticationManager, $accessDecisionManager);
$tokenAwareAuthorizationChecker = new TokenAwareAuthorizationChecker($defaultAuthorizationChecker, $accessDecisionManager);
// First check results for the current user (should not be allowed)
// Then the super user (should be allowed)
$tokenStorage->setToken($superToken);
$this->assertTrue($defaultAuthorizationChecker->isGranted($permission, null));
$this->assertTrue($tokenAwareAuthorizationChecker->isGranted($permission, null));
$this->assertTrue($tokenAwareAuthorizationChecker->isGranted($permission, null, $superUser));
$this->assertFalse($tokenAwareAuthorizationChecker->isGranted($permission, null, $dumbUser));
// And do the exact opposite
$tokenStorage->setToken($dumbToken);
$this->assertFalse($defaultAuthorizationChecker->isGranted($permission, null));
$this->assertFalse($tokenAwareAuthorizationChecker->isGranted($permission, null));
$this->assertTrue($tokenAwareAuthorizationChecker->isGranted($permission, null, $superUser));
$this->assertFalse($tokenAwareAuthorizationChecker->isGranted($permission, null, $dumbUser));
}
/**
* {@inheritdoc}
*/
public function isGranted($attributes, $object = null, $user = null)
{
if (!$user) {
return $this->authorizationChecker->isGranted($attributes, $object);
}
$token = null;
if ($user instanceof TokenInterface) {
$token = $user;
} else {
if ($user instanceof AccountInterface) {
$token = new UserToken();
$token->setUser(new DrupalUser($user));
} else {
$token = new UserToken();
$token->setUser($user);
}
}
if (!is_array($attributes)) {
$attributes = [$attributes];
}
return $this->accessDecisionManager->decide($token, $attributes, $object);
}