Refactored, optimized and implemented Draft for SecureSourceLoader

2025-09-13 21:57:16 +02:00 · 2019-01-01 00:16:43 +01:00
parent 8a5845daa9
commit fa87ed8606
8 changed files with 187 additions and 14 deletions
--- a/application/src/Controller/DefaultController.php
+++ b/application/src/Controller/DefaultController.php
@@ -8,6 +8,8 @@ use App\DBAL\Types\SystemSlugType;
 use App\Entity\Source\AbstractSource;

 /**
+ * This controller offers the standart routes for the template.
+ *
 * @author kevinfrantz
 */
 class DefaultController extends AbstractEntityController
--- a/application/src/Domain/LawManagement/LawPermissionCheckerService.php
+++ b/application/src/Domain/LawManagement/LawPermissionCheckerService.php
@@ -147,14 +147,14 @@ final class LawPermissionCheckerService implements LawPermissionCheckerServiceIn
        $this->law = $law;
    }

-    public function hasPermission(RightInterface $client): bool
+    public function hasPermission(RightInterface $clientRight): bool
    {
        $rights = clone $this->law->getRights();
-        $rights = $this->getRightsByType($rights, $client->getType());
-        $rights = $this->getRightsByLayer($rights, $client->getLayer());
-        $rights = $this->getRightsByReciever($rights, $client->getReciever());
+        $rights = $this->getRightsByType($rights, $clientRight->getType());
+        $rights = $this->getRightsByLayer($rights, $clientRight->getLayer());
+        $rights = $this->getRightsByReciever($rights, $clientRight->getReciever());
        $rights = $this->sortByPriority($rights);

-        return $this->isGranted($rights, $client);
+        return $this->isGranted($rights, $clientRight);
    }
 }
--- a/application/src/Domain/LawManagement/LawPermissionCheckerServiceInterface.php
+++ b/application/src/Domain/LawManagement/LawPermissionCheckerServiceInterface.php
@@ -16,5 +16,5 @@ interface LawPermissionCheckerServiceInterface
     *
     * @return bool
     */
-    public function hasPermission(RightInterface $client): bool;
+    public function hasPermission(RightInterface $clientRight): bool;
 }
--- a/application/src/Domain/SecureLoadManagement/SecureSourceLoader.php
+++ b/application/src/Domain/SecureLoadManagement/SecureSourceLoader.php
@@ -0,0 +1,82 @@
+<?php
+
+namespace App\Domain\SecureLoadManagement;
+
+use App\Entity\Source\SourceInterface;
+use App\Entity\Meta\RightInterface;
+use App\Domain\LawManagement\LawPermissionCheckerService;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
+use Doctrine\Common\Persistence\ObjectRepository;
+
+/**
+ * @author kevinfrantz
+ */
+final class SecureSourceLoader implements SecureSourceLoaderInterface
+{
+    /**
+     * @todo It would be better to specify the type
+     *
+     * @var ObjectRepository
+     */
+    private $sourceRepository;
+
+    /**
+     * The source attribute of the right needs a slug OR id.
+     *
+     * @var RightInterface the right which is requested
+     */
+    private $requestedRight;
+
+    /**
+     * @param SourceInterface $source
+     *
+     * @return RightInterface
+     */
+    private function getClonedRightWithModifiedSource(SourceInterface $source): RightInterface
+    {
+        $requestedRight = clone $this->requestedRight;
+        $requestedRight->setSource($source);
+
+        return $requestedRight;
+    }
+
+    /**
+     * @return SourceInterface
+     */
+    private function loadSource(): SourceInterface
+    {
+        try {
+            return $this->sourceRepository->find($this->requestedRight->getSource()->getId());
+        } catch (\Error $error) {
+            return $this->sourceRepository->findOneBy(['slug' => $this->requestedRight->getSource()->getSlug()]);
+        }
+    }
+
+    private function hasPermission(SourceInterface $source): bool
+    {
+        $requestedRight = $this->getClonedRightWithModifiedSource($source);
+        $law = new LawPermissionCheckerService($source->getLaw());
+
+        return $law->hasPermission($requestedRight);
+    }
+
+    public function __construct(ObjectRepository $sourceRepository, RightInterface $requestedRight)
+    {
+        $this->sourceRepository = $sourceRepository;
+        $this->requestedRight = $requestedRight;
+    }
+
+    /**
+     * {@inheritdoc}
+     *
+     * @see \App\Domain\SecureLoadManagement\SecureSourceLoaderInterface::getSource()
+     */
+    public function getSource(): SourceInterface
+    {
+        $source = $this->loadSource();
+        if ($this->hasPermission($source)) {
+            return $source;
+        }
+        throw new AccessDeniedHttpException();
+    }
+}
--- a/application/src/Domain/SecureLoadManagement/SecureSourceLoaderInterface.php
+++ b/application/src/Domain/SecureLoadManagement/SecureSourceLoaderInterface.php
@@ -0,0 +1,19 @@
+<?php
+
+namespace App\Domain\SecureLoadManagement;
+
+use App\Entity\Source\SourceInterface;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
+
+/**
+ * @author kevinfrantz
+ */
+interface SecureSourceLoaderInterface
+{
+    /**
+     * @throws AccessDeniedHttpException
+     *
+     * @return SourceInterface
+     */
+    public function getSource(): SourceInterface;
+}