Allow public raw snips to be accessed without account
This commit is contained in:
parent
47167a3e1e
commit
669cbfdaca
@ -43,6 +43,8 @@ security:
|
|||||||
- { path: ^/logout$, role: ROLE_USER }
|
- { path: ^/logout$, role: ROLE_USER }
|
||||||
- { path: ^/admin, role: ROLE_ADMIN }
|
- { path: ^/admin, role: ROLE_ADMIN }
|
||||||
|
|
||||||
|
- { path: ^/snip/raw, role: PUBLIC_ACCESS }
|
||||||
|
|
||||||
- { path: ^/, role: ROLE_USER }
|
- { path: ^/, role: ROLE_USER }
|
||||||
|
|
||||||
when@test:
|
when@test:
|
||||||
|
|||||||
@ -23,19 +23,17 @@ class SnipVoter extends Voter
|
|||||||
protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool
|
protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool
|
||||||
{
|
{
|
||||||
/** @var Snip $subject */
|
/** @var Snip $subject */
|
||||||
$user = $token->getUser();
|
|
||||||
// if the user is anonymous, do not grant access
|
|
||||||
if (!$user instanceof UserInterface) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
// ... (check conditions and return true to grant permission) ...
|
|
||||||
switch ($attribute) {
|
switch ($attribute) {
|
||||||
case self::VIEW:
|
case self::VIEW:
|
||||||
if ($subject->isPublic()) {
|
if ($subject->isPublic()) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
case self::EDIT:
|
case self::EDIT:
|
||||||
|
$user = $token->getUser();
|
||||||
|
if (!$user instanceof UserInterface) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
if ($subject->getCreatedBy() === $user) {
|
if ($subject->getCreatedBy() === $user) {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -4,6 +4,7 @@ namespace App\Service;
|
|||||||
|
|
||||||
use App\Entity\User;
|
use App\Entity\User;
|
||||||
use App\Git\CustomGitRepository;
|
use App\Git\CustomGitRepository;
|
||||||
|
use Symfony\Component\Security\Core\User\UserInterface;
|
||||||
|
|
||||||
class SnipService
|
class SnipService
|
||||||
{
|
{
|
||||||
@ -12,7 +13,7 @@ class SnipService
|
|||||||
|
|
||||||
public function __construct(
|
public function __construct(
|
||||||
private readonly CustomGitRepository $repo,
|
private readonly CustomGitRepository $repo,
|
||||||
private readonly User $user,
|
private readonly ?User $user,
|
||||||
)
|
)
|
||||||
{
|
{
|
||||||
}
|
}
|
||||||
@ -29,6 +30,9 @@ class SnipService
|
|||||||
|
|
||||||
public function update(string $snipContents): void
|
public function update(string $snipContents): void
|
||||||
{
|
{
|
||||||
|
if (!$this->user instanceof UserInterface) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
if ($this->repo->getCurrentBranchName() !== self::MASTER_BRANCH_NAME) {
|
if ($this->repo->getCurrentBranchName() !== self::MASTER_BRANCH_NAME) {
|
||||||
$this->repo->checkout(self::MASTER_BRANCH_NAME);
|
$this->repo->checkout(self::MASTER_BRANCH_NAME);
|
||||||
}
|
}
|
||||||
@ -54,6 +58,6 @@ class SnipService
|
|||||||
|
|
||||||
public function deleteRepo(): void
|
public function deleteRepo(): void
|
||||||
{
|
{
|
||||||
system("rm -rf ".escapeshellarg($this->repo->getRepositoryPath()));
|
system("rm -rf " . escapeshellarg($this->repo->getRepositoryPath()));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Loading…
Reference in New Issue
Block a user