|
@@ -11,11 +11,12 @@ use Symfony\Component\Security\Core\Authorization\Voter\Voter;
|
|
final class ArticleVoter extends Voter
|
|
final class ArticleVoter extends Voter
|
|
{
|
|
{
|
|
public const EDIT = 'edit';
|
|
public const EDIT = 'edit';
|
|
|
|
+ public const SHOW = 'show';
|
|
public const VIEW = 'view';
|
|
public const VIEW = 'view';
|
|
public const PUBLISH = 'publish';
|
|
public const PUBLISH = 'publish';
|
|
|
|
|
|
public function __construct(
|
|
public function __construct(
|
|
- private readonly Security $security
|
|
|
|
|
|
+ private readonly Security $security,
|
|
)
|
|
)
|
|
{
|
|
{
|
|
|
|
|
|
@@ -25,7 +26,7 @@ final class ArticleVoter extends Voter
|
|
{
|
|
{
|
|
// replace with your own logic
|
|
// replace with your own logic
|
|
// https://symfony.com/doc/current/security/voters.html
|
|
// https://symfony.com/doc/current/security/voters.html
|
|
- return in_array($attribute, [self::EDIT, self::VIEW, self::PUBLISH])
|
|
|
|
|
|
+ return in_array($attribute, [self::EDIT, self::VIEW, self::PUBLISH, self::SHOW])
|
|
&& $subject instanceof \App\Entity\Article;
|
|
&& $subject instanceof \App\Entity\Article;
|
|
}
|
|
}
|
|
|
|
|
|
@@ -33,32 +34,42 @@ final class ArticleVoter extends Voter
|
|
{
|
|
{
|
|
$user = $token->getUser();
|
|
$user = $token->getUser();
|
|
|
|
|
|
- // if the user is anonymous, do not grant access
|
|
|
|
- if (!$user instanceof User) {
|
|
|
|
- return false;
|
|
|
|
- }
|
|
|
|
|
|
+ // // if the user is anonymous, do not grant access
|
|
|
|
+ // if (!$user instanceof User) {
|
|
|
|
+ // return false;
|
|
|
|
+ // }
|
|
|
|
|
|
$article = $subject;
|
|
$article = $subject;
|
|
|
|
|
|
return match($attribute) {
|
|
return match($attribute) {
|
|
self::VIEW => $this->canView($article, $user),
|
|
self::VIEW => $this->canView($article, $user),
|
|
|
|
+ self::SHOW => $this->canShow($article, $user),
|
|
self::EDIT => $this->canEdit($article, $user),
|
|
self::EDIT => $this->canEdit($article, $user),
|
|
self::PUBLISH => $this->canPublish($article, $user),
|
|
self::PUBLISH => $this->canPublish($article, $user),
|
|
default => throw new \LogicException('This code should not be reached!')
|
|
default => throw new \LogicException('This code should not be reached!')
|
|
};
|
|
};
|
|
}
|
|
}
|
|
|
|
|
|
- private function canView(Article $article, User $user): bool
|
|
|
|
|
|
+ private function canView(Article $article, ?User $user): bool
|
|
{
|
|
{
|
|
- return $this->canEdit($article, $user);
|
|
|
|
|
|
+ return $article->getState() === 'published' || $this->canEdit($article, $user);
|
|
}
|
|
}
|
|
|
|
|
|
- private function canEdit(Article $article, User $user): bool
|
|
|
|
|
|
+ private function canShow(Article $article, ?User $user): bool
|
|
{
|
|
{
|
|
|
|
+ return $this->canEdit($article, $user) || $this->security->isGranted('ROLE_MODERATOR');
|
|
|
|
+ }
|
|
|
|
+
|
|
|
|
+ private function canEdit(Article $article, ?User $user): bool
|
|
|
|
+ {
|
|
|
|
+ if(!$user instanceof User) {
|
|
|
|
+ return false;
|
|
|
|
+ }
|
|
|
|
+
|
|
return $user === $article->getAuthor() || $this->security->isGranted('ROLE_ADMIN');
|
|
return $user === $article->getAuthor() || $this->security->isGranted('ROLE_ADMIN');
|
|
}
|
|
}
|
|
|
|
|
|
- private function canPublish(Article $article, User $user) :bool
|
|
|
|
|
|
+ private function canPublish(Article $article, ?User $user) :bool
|
|
{
|
|
{
|
|
if ($this->canEdit($article, $user) && $article->getState() !== 'reviewed') {
|
|
if ($this->canEdit($article, $user) && $article->getState() !== 'reviewed') {
|
|
return true;
|
|
return true;
|