protected function isGranted($attribute, $repository, TokenInterface $token)
 {
     // Admin can do everything
     if (VoterInterface::ACCESS_GRANTED === $this->roleHierarchyVoter->vote($token, null, ['ROLE_ADMIN'])) {
         return true;
     }
     $user = $token->getUser();
     // We allow to check by repository name
     // Needed when pushing the first manifest, that will create the repository
     if (!$repository instanceof Repository) {
         $name = $repository;
         $repository = $this->om->getRepository('AppBundle:Repository')->findOneByName($repository);
         if (null === $repository) {
             // repository does not exist
             // User tries to access root namespace but is not ADMIN
             if (false === strpos($name, '/')) {
                 return false;
             }
             // Use not logged
             if (!$user instanceof UserInterface) {
                 return false;
             }
             list($tld) = explode('/', $name);
             return $tld === $user->getUsername();
         }
     }
     $isOwner = $user instanceof UserInterface && $repository->getOwner() === $user;
     switch ($attribute) {
         case self::READ:
             return $isOwner || $repository->isPublic();
         case self::WRITE:
             return $isOwner;
     }
     return false;
 }
 public function isGranted($role, $user)
 {
     if (!$user instanceof UserInterface) {
         return false;
     }
     $roleHierarchy = new RoleHierarchy($this->roles);
     $roleVoter = new RoleHierarchyVoter($roleHierarchy);
     $token = new AnonymousToken('1', $user->getUsername(), $user->getRoles());
     return $roleVoter->vote($token, null, array($role)) == VoterInterface::ACCESS_GRANTED;
 }
 protected function hasRole($token, $role)
 {
     return VoterInterface::ACCESS_GRANTED == $this->roleHierarchyVoter->vote($token, null, array($role));
 }
 /**
  * @dataProvider getVoteWithEmptyHierarchyTests
  */
 public function testVoteWithEmptyHierarchy($roles, $attributes, $expected)
 {
     $voter = new RoleHierarchyVoter(new RoleHierarchy(array()));
     $this->assertSame($expected, $voter->vote($this->getToken($roles), null, $attributes));
 }
 /**
  * @dataProvider getVoteTests
  */
 public function testVote($roles, $attributes, $expected)
 {
     $voter = new RoleHierarchyVoter(new RoleHierarchy(array('ROLE_FOO' => array('ROLE_FOOBAR'))));
     $this->assertSame($expected, $voter->vote($this->getToken($roles), null, $attributes));
 }
示例#6
0
 protected function isGranted($attribute, $game, $user = null)
 {
     if (!$user) {
         return false;
     }
     // Using this to know hierarchy
     $roleHierarchyVoter = new RoleHierarchyVoter($this->roleHierarchy);
     $adminAccess = $roleHierarchyVoter->vote($this->token, null, array('ROLE_ADMIN'));
     $modoAccess = $roleHierarchyVoter->vote($this->token, null, array('ROLE_MODERATOR'));
     // Admin and moderator can do anything
     if ($adminAccess === VoterInterface::ACCESS_GRANTED || $modoAccess === VoterInterface::ACCESS_GRANTED) {
         return true;
     }
     // All users can edit (except banned)
     if ($attribute === self::EDIT) {
         if (in_array('ROLE_USER', $user->getRoles(), true) && !in_array('ROLE_BANNED', $user->getRoles(), true)) {
             return true;
         }
     }
     return false;
 }
示例#7
0
 protected function isGranted($attribute, $game, $user = null)
 {
     if (!$user || is_string($game)) {
         return false;
     }
     // Using this to know hierarchy
     $roleHierarchyVoter = new RoleHierarchyVoter($this->roleHierarchy);
     $adminAccess = $roleHierarchyVoter->vote($this->token, null, array('ROLE_ADMIN'));
     // Admin and owner can do anything
     if ($adminAccess === VoterInterface::ACCESS_GRANTED || $user->getId() === $game->getOwner()->getId()) {
         return true;
     }
     if (null !== $this->logger) {
         $this->logger->debug('User is not an admin nor the game\'s owner');
     }
     // Moderators can edit
     if ($attribute === self::EDIT) {
         $modoAccess = $roleHierarchyVoter->vote($this->token, null, array('ROLE_MODERATOR'));
         if ($modoAccess === VoterInterface::ACCESS_GRANTED) {
             return true;
         }
         //            if(in_array($game->getTeam(), $user->getTeams(), true))
         //                return true;
     }
     if (null !== $this->logger) {
         $this->logger->debug('User is not a moderator nor part of the team');
     }
     return false;
 }