vendor/pimcore/portal-engine/src/Service/Security/Voter/DataPoolItemPermissionVoter.php line 26

Open in your IDE?
  1. <?php
  3. /**
  4.  * Pimcore
  5.  *
  6.  * This source file is available under following license:
  7.  * - Pimcore Commercial License (PCL)
  8.  *
  9.  *  @copyright  Copyright (c) Pimcore GmbH (http://www.pimcore.org)
  10.  *  @license    http://www.pimcore.org/license     PCL
  11.  */
  13. namespace Pimcore\Bundle\PortalEngineBundle\Service\Security\Voter;
  15. use Pimcore\Bundle\PortalEngineBundle\Enum\Permission;
  16. use Pimcore\Bundle\PortalEngineBundle\Service\DataPool\DataPoolConfigService;
  17. use Pimcore\Bundle\PortalEngineBundle\Service\PortalConfig\PortalConfigService;
  18. use Pimcore\Bundle\PortalEngineBundle\Service\SearchIndex;
  19. use Pimcore\Bundle\PortalEngineBundle\Service\Security\PermissionService;
  20. use Pimcore\Bundle\PortalEngineBundle\Service\Security\Traits\SecurityServiceAware;
  21. use Pimcore\Model\Asset;
  22. use Pimcore\Model\Element\ElementInterface;
  23. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  24. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  26. class DataPoolItemPermissionVoter extends Voter
  27. {
  28.     use SecurityServiceAware;
  30.     const PERMISSIONS = [
  31.         Permission::CREATE,
  32.         Permission::DELETE,
  33.         Permission::EDIT,
  34.         Permission::VIEW,
  35.         Permission::UPDATE,
  36.         Permission::DOWNLOAD,
  37.         Permission::SUBFOLDER,
  38.         Permission::VIEW_OWNED_ASSET_ONLY,
  39.     ];
  41.     /**
  42.      * @var PortalConfigService
  43.      */
  44.     protected $portalConfigService;
  46.     /**
  47.      * @var DataPoolConfigService
  48.      */
  49.     protected $dataPoolConfigService;
  51.     /**
  52.      * @var PermissionService
  53.      */
  54.     protected $permissionService;
  56.     /**
  57.      * @var SearchIndex\Asset\SearchService
  58.      */
  59.     protected $assetSearchService;
  61.     /**
  62.      * @var SearchIndex\DataObject\SearchService
  63.      */
  64.     protected $objectSearchService;
  66.     /**
  67.      * @param PortalConfigService $portalConfigService
  68.      * @param DataPoolConfigService $dataPoolConfigService
  69.      * @param PermissionService $permissionService
  70.      */
  71.     public function __construct(
  72.         PortalConfigService $portalConfigService,
  73.         DataPoolConfigService $dataPoolConfigService,
  74.         PermissionService $permissionService,
  75.         SearchIndex\Asset\SearchService $assetSearchService,
  76.         SearchIndex\DataObject\SearchService $objectSearchService)
  77.     {
  78.         $this->portalConfigService $portalConfigService;
  79.         $this->dataPoolConfigService $dataPoolConfigService;
  80.         $this->permissionService $permissionService;
  81.         $this->assetSearchService $assetSearchService;
  82.         $this->objectSearchService $objectSearchService;
  83.     }
  85.     /**
  86.      * @param string $attribute
  87.      * @param mixed $subject
  88.      *
  89.      * @return bool
  90.      */
  91.     protected function supports($attribute$subject)
  92.     {
  93.         return $this->portalConfigService->isPortalEngineSite()
  94.             && in_array($attributeself::PERMISSIONS)
  95.             && (is_string($subject) || $subject instanceof ElementInterface);
  96.     }
  98.     /**
  99.      * @param string $attribute
  100.      * @param mixed $subject
  101.      * @param TokenInterface $token
  102.      *
  103.      * @return bool
  104.      */
  105.     protected function voteOnAttribute($attribute$subjectTokenInterface $token)
  106.     {
  107.         $dataPoolConfig $this->dataPoolConfigService->getCurrentDataPoolConfig();
  108.         if (empty($dataPoolConfig)) {
  109.             return false;
  110.         }
  111.         $respectWorkflowPermissions $subject instanceof Asset;
  112.         $respectUploadFolderPermissions $subject instanceof Asset;
  114.         if ($subject instanceof ElementInterface) {
  115.             return $this->permissionService->isPermissionAllowedConsiderPreconditions(
  116.                 $attribute,
  117.                 $this->securityService->getPortalUser(),
  118.                 $dataPoolConfig->getId(),
  119.                 $subject,
  120.                 false,
  121.                 $respectWorkflowPermissions,
  122.                 true,
  123.                 $respectUploadFolderPermissions
  124.             );
  125.         }
  127.         return $this->permissionService->isPermissionAllowed(
  128.             $attribute,
  129.             $this->securityService->getPortalUser(),
  130.             $dataPoolConfig->getId(),
  131.             $subject,
  132.             false,
  133.             $respectWorkflowPermissions,
  134.             true,
  135.             $respectUploadFolderPermissions
  136.         );
  137.     }
  138. }