0
0
Fork 0
mirror of https://github.com/verdigado/organization_folders.git synced 2024-11-24 21:50:26 +01:00
organization_folders/lib/Security/AuthorizationService.php

49 lines
1.2 KiB
PHP
Raw Normal View History

<?php
namespace OCA\OrganizationFolders\Security;
use OCP\IUserSession;
class AuthorizationService {
private const VALID_VOTES = [
VoterInterface::ACCESS_GRANTED => true,
VoterInterface::ACCESS_DENIED => true,
VoterInterface::ACCESS_ABSTAIN => true,
];
/**
* @var Voter[]
*/
private array $voters = [];
private $strategy;
public function __construct(private IUserSession $userSession) {
$this->strategy = new AffirmativeStrategy();
}
public function registerVoter(Voter $voter): self {
$this->voters[] = $voter;
return $this;
}
public function isGranted(array $attributes, $subject) {
return $this->strategy->decide(
$this->collectResults($attributes, $subject)
);
}
private function collectResults(array $attributes, $subject): \Traversable {
$user = $this->userSession->getUser();
foreach ($this->voters as $voter) {
$result = $voter->vote($user, $subject, $attributes);
if (!\is_int($result) || !(self::VALID_VOTES[$result] ?? false)) {
throw new \LogicException(sprintf('"%s::vote()" must return one of "%s" constants ("ACCESS_GRANTED", "ACCESS_DENIED" or "ACCESS_ABSTAIN"), "%s" returned.', get_debug_type($voter), VoterInterface::class, var_export($result, true)));
}
yield $result;
}
}
}