Allow public raw snips to be accessed without account

This commit is contained in:
Tim 2023-04-08 17:58:14 +02:00
parent 47167a3e1e
commit 669cbfdaca
3 changed files with 12 additions and 8 deletions

View File

@ -43,6 +43,8 @@ security:
- { path: ^/logout$, role: ROLE_USER } - { path: ^/logout$, role: ROLE_USER }
- { path: ^/admin, role: ROLE_ADMIN } - { path: ^/admin, role: ROLE_ADMIN }
- { path: ^/snip/raw, role: PUBLIC_ACCESS }
- { path: ^/, role: ROLE_USER } - { path: ^/, role: ROLE_USER }
when@test: when@test:

View File

@ -23,19 +23,17 @@ class SnipVoter extends Voter
protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool
{ {
/** @var Snip $subject */ /** @var Snip $subject */
$user = $token->getUser();
// if the user is anonymous, do not grant access
if (!$user instanceof UserInterface) {
return false;
}
// ... (check conditions and return true to grant permission) ...
switch ($attribute) { switch ($attribute) {
case self::VIEW: case self::VIEW:
if ($subject->isPublic()) { if ($subject->isPublic()) {
return true; return true;
} }
case self::EDIT: case self::EDIT:
$user = $token->getUser();
if (!$user instanceof UserInterface) {
return false;
}
if ($subject->getCreatedBy() === $user) { if ($subject->getCreatedBy() === $user) {
return true; return true;
} }

View File

@ -4,6 +4,7 @@ namespace App\Service;
use App\Entity\User; use App\Entity\User;
use App\Git\CustomGitRepository; use App\Git\CustomGitRepository;
use Symfony\Component\Security\Core\User\UserInterface;
class SnipService class SnipService
{ {
@ -12,7 +13,7 @@ class SnipService
public function __construct( public function __construct(
private readonly CustomGitRepository $repo, private readonly CustomGitRepository $repo,
private readonly User $user, private readonly ?User $user,
) )
{ {
} }
@ -29,6 +30,9 @@ class SnipService
public function update(string $snipContents): void public function update(string $snipContents): void
{ {
if (!$this->user instanceof UserInterface) {
return;
}
if ($this->repo->getCurrentBranchName() !== self::MASTER_BRANCH_NAME) { if ($this->repo->getCurrentBranchName() !== self::MASTER_BRANCH_NAME) {
$this->repo->checkout(self::MASTER_BRANCH_NAME); $this->repo->checkout(self::MASTER_BRANCH_NAME);
} }