Added security classes and draft version of ResourceVoter

lib/Controller/BaseController.php

@@ -0,0 +1,40 @@
+<?php
+
+namespace OCA\OrganizationFolders\Controller;
+
+use OCA\OrganizationFolders\AppInfo\Application;
+use OCA\OrganizationFolders\Errors\AccessDenied;
+use OCA\OrganizationFolders\Security\AuthorizationService;
+use OCP\AppFramework\Controller;
+use OCP\IRequest;
+
+class BaseController extends Controller {
+	private AuthorizationService $authorizationService;
+
+	public function __construct(
+	) {
+		parent::__construct(
+			Application::APP_ID,
+			\OC::$server->get(IRequest::class),
+		);
+
+		$this->authorizationService = \OC::$server->get(AuthorizationService::class);
+	}
+
+	/**
+	 * Throws an exception unless the attributes are granted for the current authentication user and optionally
+	 * supplied subject.
+	 *
+	 * @param string[] $attributes The attributes
+	 * @param mixed    $subject    The subject
+	 * @param string[] $attributes Attributes of subject
+	 * @param string   $message    The message passed to the exception
+	 *
+	 * @throws AccessDenied
+	 */
+	protected function denyAccessUnlessGranted(array $attributes, $subject, $message = 'Access Denied.') {
+		if (!$this->authorizationService->isGranted($attributes, $subject)) {
+			throw new AccessDenied($message);
+		}
+	}
+}