feat(core) : add permission voter and expose effective permissions on /api/me
This commit is contained in:
Matthieu
@@ -0,0 +1,38 @@
|
||||
<?php
|
||||
|
||||
declare(strict_types=1);
|
||||
|
||||
namespace App\Module\Core\Infrastructure\Security;
|
||||
|
||||
use App\Module\Core\Domain\Entity\User;
|
||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||
use Symfony\Component\Security\Core\Authorization\Voter\Vote;
|
||||
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
|
||||
|
||||
/**
|
||||
* @extends Voter<string, mixed>
|
||||
*/
|
||||
final class PermissionVoter extends Voter
|
||||
{
|
||||
private const string PATTERN = '/^[a-z][a-z0-9_]*(\.[a-z][a-z0-9_]*)+$/';
|
||||
|
||||
protected function supports(string $attribute, mixed $subject): bool
|
||||
{
|
||||
return 1 === preg_match(self::PATTERN, $attribute);
|
||||
}
|
||||
|
||||
protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token, ?Vote $vote = null): bool
|
||||
{
|
||||
$user = $token->getUser();
|
||||
if (!$user instanceof User) {
|
||||
return false;
|
||||
}
|
||||
|
||||
// ROLE_ADMIN = bypass total (cf. Décision 1).
|
||||
if (in_array('ROLE_ADMIN', $user->getRoles(), true)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
return in_array($attribute, $user->getEffectivePermissions(), true);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user