Add MockedAuthenticatedVoter because at least one voter is needed

2025-10-24 18:33:13 +00:00 · 2015-09-21 19:44:28 +02:00
parent 69ac680dc7
commit 3e19a28b5c
2 changed files with 58 additions and 1 deletions
--- a/lib/Alchemy/Phrasea/Authorization/AuthorizationServiceProvider.php
+++ b/lib/Alchemy/Phrasea/Authorization/AuthorizationServiceProvider.php
@@ -34,7 +34,7 @@ class AuthorizationServiceProvider implements ServiceProviderInterface
            return new AccessDecisionManager($app['phraseanet.voters']);
        });
        $app['phraseanet.voters'] = $app->share(function () {
-            return [];
+            return [new MockedAuthenticatedVoter()];
        });

        $app['phraseanet.authorization_checker'] = $app->share(function (PhraseaApplication $app) {
--- a/lib/Alchemy/Phrasea/Authorization/MockedAuthenticatedVoter.php
+++ b/lib/Alchemy/Phrasea/Authorization/MockedAuthenticatedVoter.php
@@ -0,0 +1,57 @@
+<?php
+/*
+ * This file is part of Phraseanet
+ *
+ * (c) 2005-2015 Alchemy
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+namespace Alchemy\Phrasea\Authorization;
+
+use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
+use Symfony\Component\Security\Core\Authentication\Token\PreAuthenticatedToken;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
+
+class MockedAuthenticatedVoter implements VoterInterface
+{
+    const IS_AUTHENTICATED_FULLY = 'IS_AUTHENTICATED_FULLY';
+    const IS_AUTHENTICATED_ANONYMOUSLY = 'IS_AUTHENTICATED_ANONYMOUSLY';
+
+    public function supportsAttribute($attribute)
+    {
+        return null !== $attribute && (self::IS_AUTHENTICATED_FULLY === $attribute || self::IS_AUTHENTICATED_ANONYMOUSLY === $attribute);
+    }
+
+    public function supportsClass($class)
+    {
+        return true;
+    }
+
+    public function vote(TokenInterface $token, $object, array $attributes)
+    {
+        $result = VoterInterface::ACCESS_ABSTAIN;
+        foreach ($attributes as $attribute) {
+            if (!$this->supportsAttribute($attribute)) {
+                continue;
+            }
+
+            $result = VoterInterface::ACCESS_DENIED;
+
+            if (self::IS_AUTHENTICATED_FULLY === $attribute
+                && $token instanceof PreAuthenticatedToken
+            ) {
+                return VoterInterface::ACCESS_GRANTED;
+            }
+
+            if (self::IS_AUTHENTICATED_ANONYMOUSLY === $attribute
+                && $token instanceof AnonymousToken
+            ) {
+                return VoterInterface::ACCESS_GRANTED;
+            }
+        }
+
+        return $result;
+    }
+}