/** * {@inheritdoc} */ public function vote(TokenInterface $token, $object, array $attributes) { if (!$object instanceof SecurityCondition) { return VoterInterface::ACCESS_ABSTAIN; } if ($object->getObjectType() === null || $object->getObjectId() === null) { return VoterInterface::ACCESS_ABSTAIN; } try { $objectIdentity = new ObjectIdentity($object->getObjectId(), $object->getObjectType()); $this->aclProvider->findAcl($objectIdentity); // only called to check if acl exists return parent::vote($token, $objectIdentity, $attributes); } catch (AclNotFoundException $exc) { return VoterInterface::ACCESS_ABSTAIN; } }
/** * {@inheritdoc} */ public function vote(TokenInterface $token, $object, array $attributes) { $this->securityToken = $token; $this->object = $object instanceof FieldVote ? $object->getDomainObject() : $object; $this->extension = $this->extensionSelector->select($object); // replace empty permissions with default ones for ($i = 0; $i < count($attributes); $i++) { if (empty($attributes[$i])) { $attributes[$i] = $this->extension->getDefaultPermission(); } } $result = parent::vote($token, $object, $attributes); $this->extension = null; $this->object = null; $this->securityToken = null; return $result; }
/** * {@inheritdoc} */ public function vote(TokenInterface $token, $object, array $attributes) { $this->securityToken = $token; $this->object = $object instanceof FieldVote ? $object->getDomainObject() : $object; list($this->object, $group) = $this->separateAclGroupFromObject($this->object); try { $this->extension = $this->extensionSelector->select($this->object); } catch (InvalidDomainObjectException $e) { return self::ACCESS_ABSTAIN; } // replace empty permissions with default ones $attributesCount = count($attributes); for ($i = 0; $i < $attributesCount; $i++) { if (empty($attributes[$i])) { $attributes[$i] = $this->extension->getDefaultPermission(); } } //check acl group $result = $this->checkAclGroup($group); if ($result !== self::ACCESS_DENIED) { $result = parent::vote($token, $this->object, $attributes); //check organization context $result = $this->checkOrganizationContext($result); } $this->extension = null; $this->object = null; $this->securityToken = null; $this->triggeredMask = null; if ($this->oneShotIsGrantedObserver) { $this->oneShotIsGrantedObserver = null; } return $result; }
/** * Returns the vote for class content object, recursively till AbstractClassContent. * * @param \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token * @param \BackBee\ClassContent\AbstractClassContent $content * @param array $attributes * @return integer either ACCESS_GRANTED, ACCESS_ABSTAIN, or ACCESS_DENIED */ private function voteForClassContent(TokenInterface $token, AbstractClassContent $content, array $attributes) { if (null === $content->getProperty('category')) { return self::ACCESS_GRANTED; } if (self::ACCESS_DENIED === ($result = $this->voteForObject($token, $content, $attributes))) { if (false !== ($parent_class = get_parent_class($content))) { if ('BackBee\\ClassContent\\AbstractClassContent' !== $parent_class) { $parent_class = NAMESPACE_SEPARATOR . $parent_class; $result = $this->voteForClassContent($token, new $parent_class('*'), $attributes); } else { $objectIdentity = new ObjectIdentity('all', 'BackBee\\ClassContent\\AbstractClassContent'); $result = parent::vote($token, $objectIdentity, $attributes); } } } return $result; }