Allow public raw snips to be accessed without account

2023-04-08 17:58:14 +02:00 · 2023-04-08 17:58:14 +02:00 · 669cbfdaca
commit 669cbfdaca
parent 47167a3e1e
3 changed files with 12 additions and 8 deletions
--- a/config/packages/security.yaml
+++ b/config/packages/security.yaml
@ -43,6 +43,8 @@ security:
        - { path: ^/logout$, role: ROLE_USER }
        - { path: ^/admin, role: ROLE_ADMIN }

+        - { path: ^/snip/raw, role: PUBLIC_ACCESS }
+
        - { path: ^/, role: ROLE_USER }

 when@test:
--- a/src/Security/Voter/SnipVoter.php
+++ b/src/Security/Voter/SnipVoter.php
@ -23,19 +23,17 @@ class SnipVoter extends Voter
    protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool
    {
        /** @var Snip $subject */
-        $user = $token->getUser();
-        // if the user is anonymous, do not grant access
-        if (!$user instanceof UserInterface) {
-            return false;
-        }

-        // ... (check conditions and return true to grant permission) ...
        switch ($attribute) {
            case self::VIEW:
                if ($subject->isPublic()) {
                    return true;
                }
            case self::EDIT:
+                $user = $token->getUser();
+                if (!$user instanceof UserInterface) {
+                    return false;
+                }
                if ($subject->getCreatedBy() === $user) {
                    return true;
                }
--- a/src/Service/SnipService.php
+++ b/src/Service/SnipService.php
@ -4,6 +4,7 @@ namespace App\Service;

 use App\Entity\User;
 use App\Git\CustomGitRepository;
+use Symfony\Component\Security\Core\User\UserInterface;

 class SnipService
 {
@ -12,7 +13,7 @@ class SnipService

    public function __construct(
        private readonly CustomGitRepository $repo,
-        private readonly User                $user,
+        private readonly ?User               $user,
    )
    {
    }
@ -29,6 +30,9 @@ class SnipService

    public function update(string $snipContents): void
    {
+        if (!$this->user instanceof UserInterface) {
+            return;
+        }
        if ($this->repo->getCurrentBranchName() !== self::MASTER_BRANCH_NAME) {
            $this->repo->checkout(self::MASTER_BRANCH_NAME);
        }
@ -54,6 +58,6 @@ class SnipService

    public function deleteRepo(): void
    {
-        system("rm -rf ".escapeshellarg($this->repo->getRepositoryPath()));
+        system("rm -rf " . escapeshellarg($this->repo->getRepositoryPath()));
    }
 }