/** * Returns the vote for the given parameters. * * This method must return one of the following constants: * ACCESS_GRANTED, ACCESS_DENIED, or ACCESS_ABSTAIN. * * @param TokenInterface $token A TokenInterface instance * @param object|null $object The object to secure * @param array $attributes An array of attributes associated with the method being invoked * * @return int either ACCESS_GRANTED, ACCESS_ABSTAIN, or ACCESS_DENIED */ public function vote(TokenInterface $token, $object, array $attributes) { if ($token->getUser() instanceof UserInterface === false) { return self::ACCESS_ABSTAIN; } if (!$object || !$this->supportsClass(get_class($object))) { return self::ACCESS_ABSTAIN; } // abstain vote by default in case none of the attributes are supported $vote = self::ACCESS_ABSTAIN; foreach ($attributes as $attribute) { if (!$this->supportsAttribute($attribute)) { continue; } // as soon as at least one attribute is supported, default is to deny access // $vote = self::ACCESS_DENIED; /** @var UserInterface $user */ $currentSite = $this->siteManager->getCurrentSite(); // $roles = $this->roleHierarchy->getReachableRoles($token->getRoles()); // // if (in_array(new OrganizerRole($currentSite), $roles)) { // return self::ACCESS_GRANTED; // } $organizerRole = new OrganizerRole($currentSite); if ($token->getUser()->hasRole($organizerRole->getRole())) { return self::ACCESS_GRANTED; } } return $vote; }
public function getRoles() { $roles = ['ROLE_USER']; if ($this->getAdminConventions()) { $roles[] = 'ROLE_ORGANIZER'; foreach ($this->getAdminConventions() as $convention) { $role = new OrganizerRole($convention); $roles[] = $role->getRole(); } } return parent::getRoles() + $roles; }