From ea0ce907656ac781e25ef34ede50a71a6cb7c450 Mon Sep 17 00:00:00 2001 From: mattamon Date: Mon, 4 Mar 2024 18:42:51 +0100 Subject: [PATCH] Add Token Voter --- config/api_platform/resources/asset.yaml | 1 + config/services.yaml | 9 +++- src/Security/Voter/TokenVoter.php | 69 ++++++++++++++++++++++++ 3 files changed, 78 insertions(+), 1 deletion(-) create mode 100644 src/Security/Voter/TokenVoter.php diff --git a/config/api_platform/resources/asset.yaml b/config/api_platform/resources/asset.yaml index cfb93569e..d4998a710 100644 --- a/config/api_platform/resources/asset.yaml +++ b/config/api_platform/resources/asset.yaml @@ -1,5 +1,6 @@ resources: Pimcore\Bundle\StudioApiBundle\Dto\Asset: + #security: 'is_granted("API_PLATFORM")' operations: ApiPlatform\Metadata\GetCollection: filters: diff --git a/config/services.yaml b/config/services.yaml index be485f520..f3a1defdf 100644 --- a/config/services.yaml +++ b/config/services.yaml @@ -89,4 +89,11 @@ services: class: Pimcore\Bundle\StudioApiBundle\Service\TokenService Pimcore\Bundle\StudioApiBundle\Service\SecurityServiceInterface: - class: Pimcore\Bundle\StudioApiBundle\Service\SecurityService \ No newline at end of file + class: Pimcore\Bundle\StudioApiBundle\Service\SecurityService + + + #Voters + Pimcore\Bundle\StudioApiBundle\Security\Voter\TokenVoter: + arguments: ['@request_stack'] + tags: + - { name: security.voter } \ No newline at end of file diff --git a/src/Security/Voter/TokenVoter.php b/src/Security/Voter/TokenVoter.php new file mode 100644 index 000000000..e6a7b1dc7 --- /dev/null +++ b/src/Security/Voter/TokenVoter.php @@ -0,0 +1,69 @@ +requestStack->getCurrentRequest()->headers->get(self::AUTHORIZATION_HEADER); + if($authToken === null){ + return false; + } + + return $this->securityService->isAllowed($this->removeBearerPrefix($authToken)); + } + + private function removeBearerPrefix(string $token): string + { + return str_replace( self::BEARER_PREFIX, '', $token); + } +} \ No newline at end of file