/** * Check the permission's of a crud action * * @param ActionEvent $event * @throws AccessDeniedHttpException */ public function onActionEvent(ActionEvent $event) { if (!in_array($event->getId(), $this->validIds)) { return; } if (false === $this->authorizationChecker->isGranted(array('RESOURCE_VOTE'), $event)) { throw new AccessDeniedHttpException(sprintf('Action %s is not allowed.', $event->getAction()), null, 403); } }
/** * Check the permission's of a crud action * * @param ActionEvent $event * @throws AccessDeniedHttpException */ public function onPersistRemove(ActionEvent $event) { $resource = $event->getData()->getResource(); if ($resource instanceof File) { $path = $resource->getFullPath($this->container->getParameter('uebb.hateoas.upload_dir')); if (is_file($path)) { unlink($path); } } }
/** * Injects the password encoder into user resources * * @param ActionEvent $event * @throws AccessDeniedHttpException */ public function onActionEvent(ActionEvent $event) { if (!in_array($event->getId(), $this->validIds)) { return; } $resource = $event->getData()->getResource(); if ($resource instanceof User) { $resource->setEncoder($this->encoderFactory->getEncoder($resource)); } }
/** * @param TokenInterface $token * @param ActionEvent $event * @return int * @throws \Symfony\Component\Security\Core\Exception\InvalidArgumentException */ protected function checkPermissions(TokenInterface $token, ActionEvent $event) { switch ($event->getAction()) { case 'post': return $this->post($token, $event->getData()); break; case 'put': return $this->put($token, $event->getData()); break; case 'patch': return $this->patch($token, $event->getData()); break; case 'patch_property': return $this->patchProperty($token, $event->getData()); break; case 'get': return $this->get($token, $event->getData()); break; case 'get_collection': return $this->getCollection($token, $event->getData()); break; case 'get_link_collection': return $this->getLinkCollection($token, $event->getData()); break; case 'add_link': return $this->addLink($token, $event->getData()); break; case 'remove_link': return $this->removeLink($token, $event->getData()); break; case 'remove': return $this->remove($token, $event->getData()); default: throw new InvalidArgumentException(); } }