Skip to content

Commit

Permalink
Add Token Voter
Browse files Browse the repository at this point in the history
  • Loading branch information
mattamon committed Mar 4, 2024
1 parent bac03c9 commit ea0ce90
Show file tree
Hide file tree
Showing 3 changed files with 78 additions and 1 deletion.
1 change: 1 addition & 0 deletions config/api_platform/resources/asset.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
resources:
Pimcore\Bundle\StudioApiBundle\Dto\Asset:
#security: 'is_granted("API_PLATFORM")'
operations:
ApiPlatform\Metadata\GetCollection:
filters:
Expand Down
9 changes: 8 additions & 1 deletion config/services.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -89,4 +89,11 @@ services:
class: Pimcore\Bundle\StudioApiBundle\Service\TokenService

Pimcore\Bundle\StudioApiBundle\Service\SecurityServiceInterface:
class: Pimcore\Bundle\StudioApiBundle\Service\SecurityService
class: Pimcore\Bundle\StudioApiBundle\Service\SecurityService


#Voters
Pimcore\Bundle\StudioApiBundle\Security\Voter\TokenVoter:
arguments: ['@request_stack']
tags:
- { name: security.voter }
69 changes: 69 additions & 0 deletions src/Security/Voter/TokenVoter.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
<?php
declare(strict_types=1);

/**
* Pimcore
*
* This source file is available under two different licenses:
* - GNU General Public License version 3 (GPLv3)
* - Pimcore Commercial License (PCL)
* Full copyright and license information is available in
* LICENSE.md which is distributed with this source code.
*
* @copyright Copyright (c) Pimcore GmbH (http://www.pimcore.org)
* @license http://www.pimcore.org/license GPLv3 and PCL
*/

namespace Pimcore\Bundle\StudioApiBundle\Security\Voter;

use Pimcore\Bundle\StudioApiBundle\Service\SecurityServiceInterface;
use Symfony\Component\HttpFoundation\RequestStack;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;

final class TokenVoter extends Voter
{
private const BEARER_PREFIX = 'Bearer ';

private const AUTHORIZATION_HEADER = 'Authorization';

private const SUPPORTED_ATTRIBUTE = 'API_PLATFORM';

public function __construct(
private readonly RequestStack $requestStack,
private readonly SecurityServiceInterface $securityService

)
{
}

/**
* @inheritDoc
*/
protected function supports(string $attribute, mixed $subject): bool
{
return $attribute === self::SUPPORTED_ATTRIBUTE;
}

/**
* @inheritDoc
*/
protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool
{
if($attribute !== self::SUPPORTED_ATTRIBUTE){
return false;
}

$authToken = $this->requestStack->getCurrentRequest()->headers->get(self::AUTHORIZATION_HEADER);
if($authToken === null){
return false;
}

return $this->securityService->isAllowed($this->removeBearerPrefix($authToken));
}

private function removeBearerPrefix(string $token): string
{
return str_replace( self::BEARER_PREFIX, '', $token);
}
}

0 comments on commit ea0ce90

Please sign in to comment.