verdigado-public/organization_folders
0
0
Fork 0
mirror of https://github.com/verdigado/organization_folders.git synced 2024-12-06 11:22:41 +01:00
Code Projects Activity

Added security classes and draft version of ResourceVoter

Browse source
This commit is contained in:
Jonathan Treffler 2024-11-06 22:11:16 +01:00
parent 22c06b5689
commit 88cb258c2b
11 changed files with 428 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

48
lib/Security/AuthorizationService.php Normal file
View file

@ -0,0 +1,48 @@
<?php
namespace OCA\OrganizationFolders\Security;
use OCP\IUserSession;
class AuthorizationService {
private const VALID_VOTES = [
VoterInterface::ACCESS_GRANTED => true,
VoterInterface::ACCESS_DENIED => true,
VoterInterface::ACCESS_ABSTAIN => true,
];
/**
* @var Voter[]
*/
private array $voters = [];
private $strategy;
public function __construct(private IUserSession $userSession) {
$this->strategy = new AffirmativeStrategy();
}
public function registerVoter(Voter $voter): self {
$this->voters[] = $voter;
return $this;
}
public function isGranted(array $attributes, $subject) {
return $this->strategy->decide(
$this->collectResults($attributes, $subject)
);
}
private function collectResults(array $attributes, $subject): \Traversable {
$user = $this->userSession->getUser();
foreach ($this->voters as $voter) {
$result = $voter->vote($user, $subject, $attributes);
if (!\is_int($result) || !(self::VALID_VOTES[$result] ?? false)) {
throw new \LogicException(sprintf('"%s::vote()" must return one of "%s" constants ("ACCESS_GRANTED", "ACCESS_DENIED" or "ACCESS_ABSTAIN"), "%s" returned.', get_debug_type($voter), VoterInterface::class, var_export($result, true)));
}
yield $result;
}
}
}