mirror of
https://github.com/wallabag/wallabag.git
synced 2024-09-27 05:50:02 +00:00
51 lines
1.5 KiB
PHP
51 lines
1.5 KiB
PHP
<?php
|
|
|
|
namespace Wallabag\Security\Voter;
|
|
|
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
|
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
|
|
use Symfony\Component\Security\Core\Security;
|
|
use Wallabag\Entity\User;
|
|
|
|
class AdminVoter extends Voter
|
|
{
|
|
public const LIST_USERS = 'LIST_USERS';
|
|
public const CREATE_USERS = 'CREATE_USERS';
|
|
public const LIST_IGNORE_ORIGIN_INSTANCE_RULES = 'LIST_IGNORE_ORIGIN_INSTANCE_RULES';
|
|
public const CREATE_IGNORE_ORIGIN_INSTANCE_RULES = 'CREATE_IGNORE_ORIGIN_INSTANCE_RULES';
|
|
|
|
private Security $security;
|
|
|
|
public function __construct(Security $security)
|
|
{
|
|
$this->security = $security;
|
|
}
|
|
|
|
protected function supports(string $attribute, $subject): bool
|
|
{
|
|
if (!\in_array($attribute, [self::LIST_USERS, self::CREATE_USERS, self::LIST_IGNORE_ORIGIN_INSTANCE_RULES, self::CREATE_IGNORE_ORIGIN_INSTANCE_RULES], true)) {
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
|
|
{
|
|
$user = $token->getUser();
|
|
|
|
if (!$user instanceof User) {
|
|
return false;
|
|
}
|
|
|
|
switch ($attribute) {
|
|
case self::LIST_USERS:
|
|
case self::CREATE_USERS:
|
|
case self::LIST_IGNORE_ORIGIN_INSTANCE_RULES:
|
|
case self::CREATE_IGNORE_ORIGIN_INSTANCE_RULES:
|
|
return $this->security->isGranted('ROLE_SUPER_ADMIN');
|
|
}
|
|
|
|
return false;
|
|
}
|
|
}
|