vendor/pimcore/portal-engine/src/Service/Security/Voter/DataPoolItemPermissionVoter.php line 26

Open in your IDE?
  1. <?php
  3. /**
  4.  * Pimcore
  5.  *
  6.  * This source file is available under following license:
  7.  * - Pimcore Commercial License (PCL)
  8.  *
  9.  *  @copyright  Copyright (c) Pimcore GmbH (http://www.pimcore.org)
  10.  *  @license    http://www.pimcore.org/license     PCL
  11.  */
  13. namespace Pimcore\Bundle\PortalEngineBundle\Service\Security\Voter;
  15. use Pimcore\Bundle\PortalEngineBundle\Enum\Permission;
  16. use Pimcore\Bundle\PortalEngineBundle\Service\DataPool\DataPoolConfigService;
  17. use Pimcore\Bundle\PortalEngineBundle\Service\PortalConfig\PortalConfigService;
  18. use Pimcore\Bundle\PortalEngineBundle\Service\Security\PermissionService;
  19. use Pimcore\Bundle\PortalEngineBundle\Service\Security\Traits\SecurityServiceAware;
  20. use Pimcore\Model\Asset;
  21. use Pimcore\Model\Element\ElementInterface;
  22. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  23. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  24. use Symfony\Component\Security\Core\Security;
  26. class DataPoolItemPermissionVoter extends Voter
  27. {
  28.     use SecurityServiceAware;
  30.     const PERMISSIONS = [
  31.         Permission::CREATE,
  32.         Permission::DELETE,
  33.         Permission::EDIT,
  34.         Permission::VIEW,
  35.         Permission::UPDATE,
  36.         Permission::DOWNLOAD,
  37.         Permission::SUBFOLDER,
  38.         Permission::VIEW_OWNED_ASSET_ONLY,
  39.     ];
  41.     /**
  42.      * @var PortalConfigService
  43.      */
  44.     protected $portalConfigService;
  46.     /**
  47.      * @var DataPoolConfigService
  48.      */
  49.     protected $dataPoolConfigService;
  51.     /**
  52.      * @var PermissionService
  53.      */
  54.     protected $permissionService;
  56.     /**
  57.      * PortalAccessVoter constructor.
  58.      *
  59.      * @param DataPoolConfigService $dataPoolConfigService
  60.      * @param Security $security
  61.      */
  62.     public function __construct(PortalConfigService $portalConfigServiceDataPoolConfigService $dataPoolConfigServicePermissionService $permissionService)
  63.     {
  64.         $this->portalConfigService $portalConfigService;
  65.         $this->dataPoolConfigService $dataPoolConfigService;
  66.         $this->permissionService $permissionService;
  67.     }
  69.     protected function supports($attribute$subject)
  70.     {
  71.         return $this->portalConfigService->isPortalEngineSite()
  72.             && in_array($attributeself::PERMISSIONS)
  73.             && (is_string($subject) || $subject instanceof ElementInterface);
  74.     }
  76.     /**
  77.      * @param string $attribute
  78.      * @param ElementInterface $subject
  79.      * @param TokenInterface $token
  80.      *
  81.      * @return bool
  82.      */
  83.     protected function voteOnAttribute($attribute$subjectTokenInterface $token)
  84.     {
  85.         $dataPoolConfig $this->dataPoolConfigService->getCurrentDataPoolConfig();
  86.         if (empty($dataPoolConfig)) {
  87.             return false;
  88.         }
  89.         $fullPath $subject instanceof ElementInterface $subject->getRealFullPath() : $subject;
  90.         $respectWorkflowPermissions $subject instanceof Asset;
  91.         $respectUploadFolderPermissions $subject instanceof Asset;
  93.         return $this->permissionService->isPermissionAllowed(
  94.             $attribute,
  95.             $this->securityService->getPortalUser(),
  96.             $dataPoolConfig->getId(),
  97.             $fullPath,
  98.             false,
  99.             $respectWorkflowPermissions,
  100.             true,
  101.             $respectUploadFolderPermissions
  102.         );
  103.     }
  104. }