vendor/pimcore/portal-engine/src/Service/Security/Voter/DataPoolDownloadVoter.php line 29

Open in your IDE?
  1. <?php
  3. /**
  4.  * Pimcore
  5.  *
  6.  * This source file is available under following license:
  7.  * - Pimcore Commercial License (PCL)
  8.  *
  9.  *  @copyright  Copyright (c) Pimcore GmbH (http://www.pimcore.org)
  10.  *  @license    http://www.pimcore.org/license     PCL
  11.  */
  13. namespace Pimcore\Bundle\PortalEngineBundle\Service\Security\Voter;
  15. use Pimcore\Bundle\PortalEngineBundle\Enum\Permission;
  16. use Pimcore\Bundle\PortalEngineBundle\Event\Permission\DataPoolDownloadAccessEvent;
  17. use Pimcore\Bundle\PortalEngineBundle\Model\DataObject\PortalUserInterface;
  18. use Pimcore\Bundle\PortalEngineBundle\Model\Download\DownloadAccess;
  19. use Pimcore\Bundle\PortalEngineBundle\Service\DataPool\DataPoolConfigService;
  20. use Pimcore\Bundle\PortalEngineBundle\Service\Download\DownloadProviderService;
  21. use Pimcore\Bundle\PortalEngineBundle\Service\PortalConfig\PortalConfigService;
  22. use Pimcore\Bundle\PortalEngineBundle\Service\PublicShare\PublicShareService;
  23. use Pimcore\Bundle\PortalEngineBundle\Service\Security\PermissionService;
  24. use Pimcore\Bundle\PortalEngineBundle\Service\Security\Traits\SecurityServiceAware;
  25. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  26. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  27. use Symfony\Contracts\EventDispatcher\EventDispatcherInterface;
  29. class DataPoolDownloadVoter extends Voter
  30. {
  31.     use SecurityServiceAware;
  33.     protected $portalConfigService;
  34.     protected $dataPoolConfigService;
  35.     protected $permissionService;
  36.     protected $downloadProviderService;
  37.     protected $publicShareService;
  38.     protected $eventDispatcher;
  40.     public function __construct(
  41.         PortalConfigService $portalConfigService,
  42.         DataPoolConfigService $dataPoolConfigService,
  43.         PermissionService $permissionService,
  44.         DownloadProviderService $downloadProviderService,
  45.         PublicShareService $publicShareService,
  46.         EventDispatcherInterface $eventDispatcher
  47.     ) {
  48.         $this->portalConfigService $portalConfigService;
  49.         $this->dataPoolConfigService $dataPoolConfigService;
  50.         $this->permissionService $permissionService;
  51.         $this->downloadProviderService $downloadProviderService;
  52.         $this->publicShareService $publicShareService;
  53.         $this->eventDispatcher $eventDispatcher;
  54.     }
  56.     protected function supports(string $attributemixed $subject): bool
  57.     {
  58.         return
  59.             $this->portalConfigService->isPortalEngineSite() &&
  60.             $attribute === Permission::DOWNLOAD &&
  61.             $subject instanceof DownloadAccess;
  62.     }
  64.     /**
  65.      * @param DownloadAccess $subject
  66.      */
  67.     protected function voteOnAttribute(string $attributemixed $subjectTokenInterface $token): bool
  68.     {
  69.         $user $this->securityService->getPortalUser();
  71.         $allowed =
  72.             $user instanceof PortalUserInterface &&
  73.             $this->permissionService->isAllowed($user$subject->toPermission());
  75.         $downloadTypeFormatPermissions $this->getDownloadTypeFormatPerimssions($subject);
  76.         if (!isset($downloadTypeFormatPermissions[$subject->toPermission()])) {
  77.             $allowed false;
  78.         }
  80.         if (!$allowed && $user instanceof PortalUserInterface) {
  81.             // If download type itself is forbidden but one of its download formats is allowed, the download is permitted.
  82.             $allowed $this->isAnyFormatAllowed($subject$user$downloadTypeFormatPermissions);
  83.         } elseif ($allowed) {
  84.             // Do not allow formats which are not specificed in data pool or public share
  85.             $allowed $this->isAnyFormatAllowed($subject$user$downloadTypeFormatPermissionsfalse);
  86.         }
  88.         $event = new DataPoolDownloadAccessEvent($allowed$subject$token);
  89.         $this->eventDispatcher->dispatch($event);
  91.         return $event->isAllowed();
  92.     }
  94.     protected function isAnyFormatAllowed(DownloadAccess $downloadAccessPortalUserInterface $user, array $downloadTypeFormatPermissionsbool $checkFormatPermissions true): bool
  95.     {
  96.         foreach ($downloadAccess->getFormatAccess() as $formatAccess) {
  97.             if (!isset($downloadTypeFormatPermissions[$downloadAccess->toPermission()][$formatAccess->getFormat()])) {
  98.                 continue;
  99.             }
  100.             $allowed = !$checkFormatPermissions || $this->permissionService->isAllowed($user$formatAccess->toPermission());
  101.             if ($allowed) {
  102.                 return true;
  103.             }
  104.         }
  106.         return false;
  107.     }
  109.     /**
  110.      * @return array
  111.      */
  112.     protected function getDownloadTypeFormatPerimssions(DownloadAccess $downloadAccess)
  113.     {
  114.         $dataPoolConfig $this->dataPoolConfigService->getDataPoolConfigById($downloadAccess->getDataPoolConfigId());
  115.         if ($publicShare $this->publicShareService->getCurrentPublicShare()) {
  116.             $downloadTypes $this->downloadProviderService->getPublicShareAllowedDownloadTypes($dataPoolConfig$publicShare);
  117.         } else {
  118.             $downloadTypes $this->downloadProviderService->getDownloadTypes($dataPoolConfigfalse);
  119.         }
  121.         $result = [];
  122.         foreach ($downloadTypes as $downloadType) {
  123.             $formats array_map(function (array $format) {
  124.                 return $format['id'];
  125.             }, $downloadType->getFormats());
  127.             $formats array_flip($formats);
  129.             $result[DownloadAccess::fromDownloadType($downloadAccess->getDataPoolConfigId(), $downloadType)->toPermission()] = $formats;
  130.         }
  132.         return $result;
  133.     }
  134. }