-
Notifications
You must be signed in to change notification settings - Fork 18
/
Copy pathCustomItemPermissionProvider.php
102 lines (87 loc) · 2.92 KB
/
CustomItemPermissionProvider.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
<?php
declare(strict_types=1);
namespace MauticPlugin\CustomObjectsBundle\Provider;
use Mautic\CoreBundle\Security\Permissions\CorePermissions;
use Mautic\UserBundle\Entity\User;
use MauticPlugin\CustomObjectsBundle\Entity\CustomItem;
use MauticPlugin\CustomObjectsBundle\Exception\ForbiddenException;
use MauticPlugin\CustomObjectsBundle\Security\Permissions\CustomObjectPermissions;
class CustomItemPermissionProvider
{
/**
* @var CorePermissions
*/
private $corePermissions;
public function __construct(CorePermissions $corePermissions)
{
$this->corePermissions = $corePermissions;
}
/**
* @throws ForbiddenException
*/
public function isGranted(string $permission, int $customObjectId, ?User $user = null): void
{
if (!$this->corePermissions->isGranted($this->getPermissionName($customObjectId, $permission), 'MATCH_ALL', $user)) {
throw new ForbiddenException($permission, 'Items for Custom Object', $customObjectId);
}
}
/**
* @throws ForbiddenException
*/
public function hasEntityAccess(string $permission, CustomItem $entity): void
{
$permissionName = $this->getPermissionName($entity->getCustomObject()->getId(), $permission);
if (!$this->corePermissions->hasEntityAccess("{$permissionName}own", "{$permissionName}other", $entity->getCreatedBy())) {
throw new ForbiddenException($permission, 'CustomItem', $entity->getId());
}
}
/**
* @throws ForbiddenException
*/
public function canCreate(int $customObjectId, ?User $user = null): void
{
$this->isGranted('create', $customObjectId, $user);
}
/**
* @throws ForbiddenException
*/
public function canView(CustomItem $entity): void
{
$this->hasEntityAccess('view', $entity);
}
/**
* @throws ForbiddenException
*/
public function canViewAtAll(int $customObjectId): void
{
$this->isGranted('view', $customObjectId);
}
/**
* @throws ForbiddenException
*/
public function canEdit(CustomItem $entity): void
{
$this->hasEntityAccess('edit', $entity);
}
/**
* @throws ForbiddenException
*/
public function canClone(CustomItem $entity): void
{
// Check the create permission as new entity will be created.
$this->isGranted('create', $entity->getCustomObject()->getId());
// But check also if the user can view others as clone will show values of the original entity.
$this->hasEntityAccess('view', $entity);
}
/**
* @throws ForbiddenException
*/
public function canDelete(CustomItem $entity): void
{
$this->hasEntityAccess('delete', $entity);
}
public function getPermissionName(int $customObjectId, string $permission): string
{
return sprintf('%s:%d:%s', CustomObjectPermissions::NAME, $customObjectId, $permission);
}
}