vendor/pimcore/portal-engine/src/Service/Security/Voter/DataPoolItemPermissionVoter.php line 25

Open in your IDE?
  1. <?php
  3. /**
  4.  * Pimcore
  5.  *
  6.  * This source file is available under following license:
  7.  * - Pimcore Commercial License (PCL)
  8.  *
  9.  *  @copyright  Copyright (c) Pimcore GmbH (http://www.pimcore.org)
  10.  *  @license    http://www.pimcore.org/license     PCL
  11.  */
  13. namespace Pimcore\Bundle\PortalEngineBundle\Service\Security\Voter;
  15. use Pimcore\Bundle\PortalEngineBundle\Enum\Permission;
  16. use Pimcore\Bundle\PortalEngineBundle\Service\DataPool\DataPoolConfigService;
  17. use Pimcore\Bundle\PortalEngineBundle\Service\PortalConfig\PortalConfigService;
  18. use Pimcore\Bundle\PortalEngineBundle\Service\Security\PermissionService;
  19. use Pimcore\Bundle\PortalEngineBundle\Service\Security\Traits\SecurityServiceAware;
  20. use Pimcore\Model\Asset;
  21. use Pimcore\Model\Element\ElementInterface;
  22. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  23. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  25. class DataPoolItemPermissionVoter extends Voter
  26. {
  27.     use SecurityServiceAware;
  29.     const PERMISSIONS = [
  30.         Permission::CREATE,
  31.         Permission::DELETE,
  32.         Permission::EDIT,
  33.         Permission::VIEW,
  34.         Permission::UPDATE,
  35.         Permission::DOWNLOAD,
  36.         Permission::SUBFOLDER,
  37.         Permission::VIEW_OWNED_ASSET_ONLY,
  38.     ];
  40.     /**
  41.      * @var PortalConfigService
  42.      */
  43.     protected $portalConfigService;
  45.     /**
  46.      * @var DataPoolConfigService
  47.      */
  48.     protected $dataPoolConfigService;
  50.     /**
  51.      * @var PermissionService
  52.      */
  53.     protected $permissionService;
  55.     /**
  56.      * @param PortalConfigService $portalConfigService
  57.      * @param DataPoolConfigService $dataPoolConfigService
  58.      * @param PermissionService $permissionService
  59.      */
  60.     public function __construct(PortalConfigService $portalConfigServiceDataPoolConfigService $dataPoolConfigServicePermissionService $permissionService)
  61.     {
  62.         $this->portalConfigService $portalConfigService;
  63.         $this->dataPoolConfigService $dataPoolConfigService;
  64.         $this->permissionService $permissionService;
  65.     }
  67.     /**
  68.      * @param string $attribute
  69.      * @param mixed $subject
  70.      *
  71.      * @return bool
  72.      */
  73.     protected function supports($attribute$subject)
  74.     {
  75.         return $this->portalConfigService->isPortalEngineSite()
  76.             && in_array($attributeself::PERMISSIONS)
  77.             && (is_string($subject) || $subject instanceof ElementInterface);
  78.     }
  80.     /**
  81.      * @param string $attribute
  82.      * @param mixed $subject
  83.      * @param TokenInterface $token
  84.      *
  85.      * @return bool
  86.      */
  87.     protected function voteOnAttribute($attribute$subjectTokenInterface $token)
  88.     {
  89.         $dataPoolConfig $this->dataPoolConfigService->getCurrentDataPoolConfig();
  90.         if (empty($dataPoolConfig)) {
  91.             return false;
  92.         }
  93.         $fullPath $subject instanceof ElementInterface $subject->getRealFullPath() : $subject;
  94.         $respectWorkflowPermissions $subject instanceof Asset;
  95.         $respectUploadFolderPermissions $subject instanceof Asset;
  97.         return $this->permissionService->isPermissionAllowed(
  98.             $attribute,
  99.             $this->securityService->getPortalUser(),
  100.             $dataPoolConfig->getId(),
  101.             $fullPath,
  102.             false,
  103.             $respectWorkflowPermissions,
  104.             true,
  105.             $respectUploadFolderPermissions
  106.         );
  107.     }
  108. }