Skip to content

Commit

Permalink
#345 Deprecation in RoleChecker and UserProvider (#350)
Browse files Browse the repository at this point in the history
* #345 Deprecation in RoleChecker and UserProvider

* remove line

---------

Co-authored-by: a.dmitryuk <[email protected]>
  • Loading branch information
dmitryuk and a.dmitryuk authored Feb 27, 2023
1 parent 3da0a92 commit 868e26b
Show file tree
Hide file tree
Showing 3 changed files with 32 additions and 34 deletions.
4 changes: 2 additions & 2 deletions src/Resources/config/services.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -73,7 +73,7 @@ services:

DH\AuditorBundle\User\UserProvider:
class: DH\AuditorBundle\User\UserProvider
arguments: ['@security.helper', '@DH\Auditor\Provider\Doctrine\Configuration']
arguments: ['@security.token_storage']
dh_auditor.user_provider: '@DH\AuditorBundle\User\UserProvider'

DH\AuditorBundle\User\ConsoleUserProvider:
Expand All @@ -86,7 +86,7 @@ services:

DH\AuditorBundle\Security\RoleChecker:
class: DH\AuditorBundle\Security\RoleChecker
arguments: ['@security.helper', '@DH\Auditor\Provider\Doctrine\DoctrineProvider']
arguments: ['@security.authorization_checker', '@DH\Auditor\Provider\Doctrine\DoctrineProvider']
dh_auditor.role_checker: '@DH\AuditorBundle\Security\RoleChecker'

DH\AuditorBundle\Event\ViewerEventSubscriber:
Expand Down
16 changes: 8 additions & 8 deletions src/Security/RoleChecker.php
Original file line number Diff line number Diff line change
Expand Up @@ -8,27 +8,27 @@
use DH\Auditor\Provider\Doctrine\DoctrineProvider;
use DH\Auditor\Security\RoleCheckerInterface;
use DH\Auditor\User\UserInterface;
use Symfony\Component\Security\Core\Security;
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;

class RoleChecker implements RoleCheckerInterface
{
private Security $security;
private AuthorizationCheckerInterface $authorizationChecker;

private DoctrineProvider $provider;

public function __construct(Security $security, DoctrineProvider $doctrineProvider)
public function __construct(AuthorizationCheckerInterface $authorizationChecker, DoctrineProvider $doctrineProvider)
{
$this->security = $security;
$this->authorizationChecker = $authorizationChecker;
$this->provider = $doctrineProvider;
}

public function __invoke(string $entity, string $scope): bool
{
$userProvider = $this->provider->getAuditor()->getConfiguration()->getUserProvider();
$user = null === $userProvider ? null : $userProvider();
$security = null === $userProvider ? null : $this->security;
$user = null !== $userProvider ? $userProvider() : null;
$authorizationChecker = null !== $userProvider ? $this->authorizationChecker : null;

if (!($user instanceof UserInterface) || !($security instanceof Security)) {
if (!($user instanceof UserInterface) || !($authorizationChecker instanceof AuthorizationCheckerInterface)) {
// If no security defined or no user identified, consider access granted
return true;
}
Expand All @@ -49,7 +49,7 @@ public function __invoke(string $entity, string $scope): bool

// roles are defined for the give scope
foreach ($roles[$scope] as $role) {
if ($security->isGranted($role)) {
if ($authorizationChecker->isGranted($role)) {
// role granted => access granted
return true;
}
Expand Down
46 changes: 22 additions & 24 deletions src/User/UserProvider.php
Original file line number Diff line number Diff line change
Expand Up @@ -4,25 +4,21 @@

namespace DH\AuditorBundle\User;

use DH\Auditor\Provider\Doctrine\Configuration;
use DH\Auditor\User\User;
use DH\Auditor\User\UserInterface as AuditorUserInterface;
use DH\Auditor\User\UserProviderInterface;
use Exception;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken;
use Symfony\Component\Security\Core\Security;
use Symfony\Component\Security\Core\User\UserInterface;

class UserProvider implements UserProviderInterface
{
private Security $security;
private TokenStorageInterface $tokenStorage;

private Configuration $configuration;

public function __construct(Security $security, Configuration $configuration)
public function __construct(TokenStorageInterface $tokenStorage)
{
$this->security = $security;
$this->configuration = $configuration;
$this->tokenStorage = $tokenStorage;
}

public function __invoke(): ?AuditorUserInterface
Expand All @@ -33,26 +29,16 @@ public function __invoke(): ?AuditorUserInterface
$identifier = null;
$username = null;

if (null !== $tokenUser && $tokenUser instanceof UserInterface) {
if ($tokenUser instanceof UserInterface) {
if (method_exists($tokenUser, 'getId')) {
$identifier = $tokenUser->getId();
}

$username = '';
if (method_exists($tokenUser, 'getUserIdentifier')) {
$username = $tokenUser->getUserIdentifier();
} elseif (method_exists($tokenUser, 'getUsername')) {
$username = $tokenUser->getUsername();
}
$username = $this->getUsername($tokenUser);
}

if ($impersonatorUser instanceof UserInterface) {
$impersonatorUsername = '';
if (method_exists($impersonatorUser, 'getUserIdentifier')) {
$impersonatorUsername = $impersonatorUser->getUserIdentifier();
} elseif (method_exists($impersonatorUser, 'getUsername')) {
$impersonatorUsername = $impersonatorUser->getUsername();
}
$impersonatorUsername = $this->getUsername($impersonatorUser);
$username .= '[impersonator '.$impersonatorUsername.']';
}

Expand All @@ -63,10 +49,22 @@ public function __invoke(): ?AuditorUserInterface
return new User((string) $identifier, $username);
}

private function getUsername(UserInterface $user): string
{
if (method_exists($user, 'getUserIdentifier')) {
return $user->getUserIdentifier();
}
if (method_exists($user, 'getUsername')) {
return $user->getUsername();
}

return '';
}

private function getTokenUser(): ?UserInterface
{
try {
$token = $this->security->getToken();
$token = $this->tokenStorage->getToken();
} catch (Exception $e) {
$token = null;
}
Expand All @@ -85,9 +83,9 @@ private function getTokenUser(): ?UserInterface

private function getImpersonatorUser()
{
$token = $this->security->getToken();
$token = $this->tokenStorage->getToken();

if (null !== $token && $token instanceof SwitchUserToken) {
if ($token instanceof SwitchUserToken) {
return $token->getOriginalToken()->getUser();
}

Expand Down

0 comments on commit 868e26b

Please sign in to comment.