Skip to content
This repository has been archived by the owner on Feb 14, 2020. It is now read-only.

Commit

Permalink
Refactor SspVoter to make code more readable introduce getAllowedRole…
Browse files Browse the repository at this point in the history
…s private method.
  • Loading branch information
Boy Baukema committed Dec 18, 2014
1 parent 530a675 commit e6c08c0
Showing 1 changed file with 45 additions and 16 deletions.
61 changes: 45 additions & 16 deletions src/Janus/ServiceRegistry/Security/Authorization/Voter/SspVoter.php
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@
use Janus\ServiceRegistry\Bundle\CoreBundle\DependencyInjection\ConfigProxy;
use Janus\ServiceRegistry\Entity\Connection\Revision;
use Janus\ServiceRegistry\Entity\User;
use sspmod_janus_Entity;
use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Role\Role;
Expand Down Expand Up @@ -78,7 +79,7 @@ public function supportsClass($class)
* ACCESS_GRANTED, ACCESS_DENIED, or ACCESS_ABSTAIN.
*
* @param TokenInterface $token A TokenInterface instance
* @param \sspmod_janus_Entity $object The object to secure
* @param sspmod_janus_Entity $object The object to secure
* @param array $attributes An array of attributes associated with the method being invoked
*
* @return integer either ACCESS_GRANTED, ACCESS_ABSTAIN, or ACCESS_DENIED
Expand Down Expand Up @@ -106,7 +107,7 @@ public function vote(TokenInterface $token, $object, array $attributes)

/**
* @param \stdClass $object
* @return \sspmod_janus_Entity
* @return sspmod_janus_Entity
* @throws \RuntimeException
*/
protected function getEntityForObject($object)
Expand All @@ -121,7 +122,7 @@ protected function getEntityForObject($object)
return null;
}

if ($object instanceof \sspmod_janus_Entity) {
if ($object instanceof sspmod_janus_Entity) {
return $object;
}

Expand All @@ -137,11 +138,11 @@ protected function getEntityForObject($object)
/**
* @param User $user
* @param string $right
* @param \sspmod_janus_Entity $entity
* @param sspmod_janus_Entity $entity
* @param string $entityWorkflowState
* @return bool
*/
protected function voteAttribute(User $user, $right, \sspmod_janus_Entity $entity = null, $entityWorkflowState = null)
protected function voteAttribute(User $user, $right, sspmod_janus_Entity $entity = null, $entityWorkflowState = null)
{
// 'normalize' to all lowercase without whitespace
$right = strtolower(str_replace(' ', '', $right));
Expand All @@ -156,15 +157,10 @@ protected function voteAttribute(User $user, $right, \sspmod_janus_Entity $entit
return $this->voteAttribute($user, static::RIGHT_ALL_ENTITIES);
}

if ($entity && isset($this->access[$right][static::CONFIG_WORKFLOW_STATES][$entityWorkflowState])) {
$allowedRoles = $this->access[$right][static::CONFIG_WORKFLOW_STATES][$entityWorkflowState];
} elseif (isset($this->access[$right][static::CONFIG_WORKFLOW_STATES][static::CONFIG_WORKFLOW_STATE_ALL])) {
$allowedRoles = $this->access[$right][static::CONFIG_WORKFLOW_STATES][static::CONFIG_WORKFLOW_STATE_ALL];
} else if (isset($this->access[$right][static::CONFIG_DEFAULT_PERMISSION])) {
// Return default permission for element
return (bool) $this->access[$right][static::CONFIG_DEFAULT_PERMISSION];
} else {
return false;
$allowedRoles = $this->getAllowedRoles($right, $entity, $entityWorkflowState);

if (!$allowedRoles) {
return $this->getDefaultVote($right);
}

$roles = $user->getRoles();
Expand Down Expand Up @@ -197,10 +193,10 @@ protected function voteAttribute(User $user, $right, \sspmod_janus_Entity $entit
}

/**
* @param \sspmod_janus_Entity $entity
* @param sspmod_janus_Entity $entity
* @return \sspmod_janus_EntityController
*/
protected function getEntityControllerForEntity(\sspmod_janus_Entity $entity)
protected function getEntityControllerForEntity(sspmod_janus_Entity $entity)
{
if (!isset($this->entityControllers[$entity->getId()])) {
$controller = new \sspmod_janus_EntityController($this->configuration);
Expand All @@ -225,4 +221,37 @@ protected function getEntityControllerForEntityId($entityId)

return $this->entityControllers[$entityId];
}

/**
* Check if the given right only belongs to users with specific roles.
*
* @param string $right
* @param sspmod_janus_Entity $entity
* @param string|null $entityWorkflowState
* @return string[]|null
*/
private function getAllowedRoles($right, sspmod_janus_Entity $entity = null, $entityWorkflowState = null)
{
// If we have an entity and it is at a specific workflow state, check if we have a specific right for that.
if ($entity && isset($this->access[$right][static::CONFIG_WORKFLOW_STATES][$entityWorkflowState])) {
return $this->access[$right][static::CONFIG_WORKFLOW_STATES][$entityWorkflowState];
}

// Otherwise check if we have the right for all workflow states.
if (isset($this->access[$right][static::CONFIG_WORKFLOW_STATES][static::CONFIG_WORKFLOW_STATE_ALL])) {
return $this->access[$right][static::CONFIG_WORKFLOW_STATES][static::CONFIG_WORKFLOW_STATE_ALL];
}

return null;
}

private function getDefaultVote($right)
{
if (!isset($this->access[$right][static::CONFIG_DEFAULT_PERMISSION])) {
// Return default permission for element
return (bool) $this->access[$right][static::CONFIG_DEFAULT_PERMISSION];
}

return false;
}
}

0 comments on commit e6c08c0

Please sign in to comment.