vendor/pimcore/portal-engine/src/Service/Security/Voter/DataPoolAssetUploadFolderReviewingVoter.php line 32

Open in your IDE?
  1. <?php
  3. /**
  4.  * Pimcore
  5.  *
  6.  * This source file is available under following license:
  7.  * - Pimcore Commercial License (PCL)
  8.  *
  9.  *  @copyright  Copyright (c) Pimcore GmbH (http://www.pimcore.org)
  10.  *  @license    http://www.pimcore.org/license     PCL
  11.  */
  13. namespace Pimcore\Bundle\PortalEngineBundle\Service\Security\Voter;
  15. use Pimcore\Bundle\PortalEngineBundle\Enum\Permission;
  16. use Pimcore\Bundle\PortalEngineBundle\Model\Configuration\DataPool\AssetConfig;
  17. use Pimcore\Bundle\PortalEngineBundle\Model\Configuration\DataPool\DataPoolConfigInterface;
  18. use Pimcore\Bundle\PortalEngineBundle\Model\DataObject\PortalUserInterface;
  19. use Pimcore\Bundle\PortalEngineBundle\Service\DataPool\DataPoolConfigService;
  20. use Pimcore\Bundle\PortalEngineBundle\Service\PortalConfig\PortalConfigService;
  21. use Pimcore\Bundle\PortalEngineBundle\Service\Security\PermissionService;
  22. use Pimcore\Bundle\PortalEngineBundle\Service\Security\Traits\SecurityServiceAware;
  23. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  24. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  25. use Symfony\Component\Security\Core\Security;
  27. /**
  28.  * Class DataPoolAssetUploadFolderReviewingVoter
  29.  *
  30.  * @package Pimcore\Bundle\PortalEngineBundle\Service\Security\Voter
  31.  */
  32. class DataPoolAssetUploadFolderReviewingVoter extends Voter
  33. {
  34.     use SecurityServiceAware;
  36.     /**
  37.      * @var PortalConfigService
  38.      */
  39.     protected $portalConfigService;
  40.     /**
  41.      * @var Security
  42.      */
  43.     protected $security;
  44.     /**
  45.      * @var PermissionService
  46.      */
  47.     protected $permissionService;
  48.     /**
  49.      * @var DataPoolConfigService
  50.      */
  51.     protected $dataPoolConfigService;
  53.     /**
  54.      * DataPoolAssetUploadFolderReviewingVoter constructor.
  55.      *
  56.      * @param PortalConfigService $portalConfigService
  57.      * @param Security $security
  58.      * @param PermissionService $permissionService
  59.      * @param DataPoolConfigService $dataPoolConfigService
  60.      */
  61.     public function __construct(PortalConfigService $portalConfigServiceSecurity $securityPermissionService $permissionServiceDataPoolConfigService $dataPoolConfigService)
  62.     {
  63.         $this->portalConfigService $portalConfigService;
  64.         $this->security $security;
  65.         $this->permissionService $permissionService;
  66.         $this->dataPoolConfigService $dataPoolConfigService;
  67.     }
  69.     /**
  70.      * Determines if the attribute and subject are supported by this voter.
  71.      *
  72.      */
  73.     protected function supports(string $attributemixed $subject): bool
  74.     {
  75.         return $this->portalConfigService->isPortalEngineSite()
  76.             && $attribute === Permission::DATA_POOL_ASSET_UPLOAD_FOLDER_REVIEWING;
  77.     }
  79.     /**
  80.      * Perform a single access check operation on a given attribute, subject and token.
  81.      * It is safe to assume that $attribute and $subject already passed the "supports()" method check.
  82.      *
  83.      */
  84.     protected function voteOnAttribute(string $attributemixed $subjectTokenInterface $token): bool
  85.     {
  86.         /** @var bool $allowed */
  87.         $allowed true;
  89.         try {
  90.             if (!$this->security->isGranted(Permission::DATA_POOL_ACCESS)) {
  91.                 throw new \Exception('dataPool access not granted');
  92.             }
  94.             /** @var DataPoolConfigInterface $dataPoolConfig */
  95.             $dataPoolConfig $this->dataPoolConfigService->getCurrentDataPoolConfig();
  96.             if (!$dataPoolConfig instanceof AssetConfig) {
  97.                 throw new \Exception('current dataPoolConfig is not a AssetConfig');
  98.             }
  100.             /** @var PortalUserInterface $user */
  101.             $user $this->securityService->getPortalUser();
  102.             if (!$this->permissionService->isAllowed($userPermission::DATA_POOL_ASSET_UPLOAD_FOLDER_REVIEWING Permission::PERMISSION_DELIMITER $dataPoolConfig->getId())) {
  103.                 throw new \Exception('permission not allowed');
  104.             }
  105.         } catch (\Exception $e) {
  106.             $allowed false;
  107.         }
  109.         return $allowed;
  110.     }
  111. }