<?php
namespace Platform\SecurityBundle\Security;
use Platform\SecurityBundle\Service\Sentry;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
/**
* AliasVoter votes based on the permissions array extracted from the alias.
*/
class AliasVoter implements VoterInterface
{
/**
* @var AuthorizationCheckerInterface
*/
private AuthorizationCheckerInterface $authorizationChecker;
/**
* @var Sentry
*/
private Sentry $sentry;
/**
* @param AuthorizationCheckerInterface $authorizationChecker
* @param Sentry $sentry
*/
public function __construct(
AuthorizationCheckerInterface $authorizationChecker,
Sentry $sentry
) {
$this->authorizationChecker = $authorizationChecker;
$this->sentry = $sentry;
}
/**
* {@inheritdoc}
*/
public function vote(TokenInterface $token, $subject, array $attributes): int
{
foreach ($attributes as $attribute) {
// skip non aliases
if ( ! $this->sentry->isAlias($attribute)) {
continue;
}
foreach ($this->sentry->prepareAttributes([$attribute]) as $aliasAttribute) {
// there should be no aliases at this stage, if there are, skip them
if ($this->sentry->isAlias($aliasAttribute)) {
continue;
}
if ($this->authorizationChecker->isGranted($aliasAttribute, $subject)) {
return VoterInterface::ACCESS_GRANTED;
}
}
}
return VoterInterface::ACCESS_ABSTAIN;
}
}