symfony - Symfony2 Custom Voter Role Hierarchy -

-

i'm trying create custom voter check access on entities specific actions. logic working fine. have actions allowed if user either "owner" of entity, or admin.

however, can't check role of user because i'm looking @ role hierarchy. example in docs uses in_array, won't work (http://symfony.com/doc/current/best_practices/security.html)

my voter (shortened clarity). i've tried injecting security context (or authorizationcheckerinterface in 2.6), has circular dependency since voter.

<?php // ... class applicationvoter extends abstractvoter {     const view = 'view';      /**      * @var authorizationcheckerinterface       */     private $security;      /*public function __construct(authorizationcheckerinterface $security)     {         $this->security = $security;     }*/      /**      * {@inheritdoc}      */     protected function getsupportedattributes()     {         return array(             self::view         );     }      /**      * {@inheritdoc}      */     protected function getsupportedclasses()     {         return array('study\mainbundle\entity\application');     }      /**      * {@inheritdoc}      */     protected function isgranted($attribute, $application, $user = null)     {         if (!$user instanceof userinterface) {             return false;         }          if ($attribute === self::view) {             return $this->canview($application, $user);         }          return false;     }      /**      * can view own application if not deleted      * admin can view if submitted      *       * @param \study\mainbundle\entity\application $application      * @param \study\mainbundle\entity\user $user      *       * @return boolean      */     protected function canview(application $application, user $user)     {         return ($application->isowner($user) && !$application->isdeleted())             || (!$application->ishiddentoadmin() && $this->security->isgranted('role_admin_ro'));     } }

i'd use built-in rolehiearchyvoter here, it's non-public service. there solution this? i'd avoid duplicating framework code or making roles more complicated strings if possible.

edit: injecting whole container works, isn't ideal solution. way can access built-in hierarchy voter?

there service called security.role_hierarchy has info need. it's how security context checks roles. need few lines of wrapper code it's not bad.

# need because service not public # http://symfony.com/doc/current/components/dependency_injection/advanced.html cerad_core__role_hierarchy:     alias: security.role_hierarchy  cerad_game__game_official__voter:     class:  cerad\bundle\gamebundle\action\gameofficial\gameofficialvoter     public: false     arguments:       - '@cerad_core__role_hierarchy'     tags:        - { name: security.voter }

the voter class: 

class gameofficialvoter implements voterinterface {         public function __construct($rolehierarchy)     {           $this->rolehierarchy = $rolehierarchy;     }      protected function hasrole($token,$targetrole)     {         $reachableroles = $this->rolehierarchy->getreachableroles($token->getroles());         foreach($reachableroles $role)         {             if ($role->getrole() == $targetrole) return true;         }         return false;     }      protected function canviewofficialname($official,$token)     {              // pending 1 protected against          if ($official->getassignstate() != 'pending') return $this->accessgranted;           // assignors can see          if ($this->hasrole($token,'role_assignor')) return $this->accessgranted;           return $this->accessdenied;     } }

Comments

Post a Comment

Popular posts from this blog

python - mat is not a numerical tuple : openCV error -

-
i have write down code showing error ma not getting it: please help: showing mat not numerical tuple: import cv import cv2 capture = cv2.videocapture("j.3gp") while(1): _, frame1 = capture.read() grayimage1 = cv2.cvtcolor(frame1, cv2.color_bgr2gray) _, frame2 = capture.read() grayimage2 = cv2.cvtcolor(frame2, cv2.color_bgr2gray) differenceimage = cv2.absdiff(grayimage1,grayimage2) thresholdimage = cv2.threshold(differenceimage,25,255,cv2.thresh_binary) cv2.imshow("difference image", differenceimage) cv2.imshow("threshold image", thresholdimage) cv2.imshow("image", frame1) k = cv2.waitkey(30) & 0xff error arising : ----------------------------------------------------------------------------------------- traceback (most recent call last): file "desk.py", line 15, in <module> cv2.imshow("threshold image", thresholdimage) typeerror: mat not numerical tuple
Read more

c# - MSAA finds controls UI Automation doesn't -

-
i'm working on automating windows application. i'm using teststack white framework. i've hit problem. program has 'window' object cannot see inside of. white shows no controls inside of it. inspect.exe shows no controls inside of either when running in ui automation mode. if switch inspect msaa see controls inside fine. there anyway me use msaa c# handle on these controls? if can identify msaa functions need, can use p/invoke call them c#. here's example article doing msaa: http://www.codeproject.com/articles/38906/ui-automation-using-microsoft-active-accessibility also, pinvoke.net can used identify iaccessible (msaa) functions: http://www.pinvoke.net/search.aspx?search=iaccessible&namespace=[all] here's answer along lines: msaa com-based? finally, alternative p/invoke, might able use tlbimp.exe create wrapper assembly oleacc.dll, , access msaa functions through it. i'm not sure if works msaa, it's worth try. as e
Read more

wordpress - .htaccess: RewriteRule: bad flag delimiters -

-
pulling hair out on one. have following .htaccess file custom redirects in addition wordpress's default settings. when tested on local wamp server worked fine after moving production i'm not getting rewriterule: bad flag delimiters error in server log , after while site goes down internal server error any appreciated. in advance! <ifmodule mod_rewrite.c> rewriteengine on rewritebase / rewriterule ^rockford_weddings___welcome\.html$ /wedding/ [r=301,l] rewriterule ^blog/?$ /journal/ [r=301,l] rewriterule ^blog/(.*)$ /$1 [r=301,l] rewriterule ^portraitinvestment/?$ /portraitinvestment\.pdf [r=301,l] rewriterule ^weddinginvestment/?$ /weddinginvestment\.pdf [r=301,l] rewriterule ^holidaycards2014/?$ /holidaycards2014\.pdf [r=301,l] </ifmodule> # begin wordpress <ifmodule mod_rewrite.c> rewriteengine on rewritebase / rewriterule ^index\.php$ - [l] rewritecond %{request_filename} !-f rewritecond %{request_filename} !-d rewriterule . /index.php [l] </
Read more