90. update crud actions and ROLE_ADMIN permission

a2d53529 · 伟伟权 · 382ddd18 · a2d53529 · a2d53529
隐藏空白更改
内联并排

Showing with 28 addition and 1 deletion

src/Controller/Admin/PostCrudController.php src/Controller/Admin/PostCrudController.php +14 -0

src/Security/Voter/PostVoter.php src/Security/Voter/PostVoter.php +14 -1

未找到文件。
--- a/src/Controller/Admin/PostCrudController.php
+++ b/src/Controller/Admin/PostCrudController.php
@@ -3,6 +3,9 @@
 namespace App\Controller\Admin;

 use App\Entity\Post;
+use App\Security\Voter\PostVoter;
+use EasyCorp\Bundle\EasyAdminBundle\Config\Action;
+use EasyCorp\Bundle\EasyAdminBundle\Config\Actions;
 use EasyCorp\Bundle\EasyAdminBundle\Config\Crud;
 use EasyCorp\Bundle\EasyAdminBundle\Config\Filters;
 use EasyCorp\Bundle\EasyAdminBundle\Controller\AbstractCrudController;
@@ -56,4 +59,15 @@ class PostCrudController extends AbstractCrudController
        return $filters->add(ChoiceFilter::new('status')
            ->setChoices(['draft' => 'draft', 'published' => 'published']));
    }
+
+    public function configureActions(Actions $actions): Actions
+    {
+        return $actions->update(Crud::PAGE_INDEX, Action::EDIT,
+            function (Action $action) {
+                return $action->displayIf(fn($entity) => $this->isGranted(PostVoter::POST_OWNER_EDIT, $entity));
+            })->update(Crud::PAGE_INDEX, Action::DELETE,
+            function (Action $action) {
+                return $action->displayIf(fn($entity) => $this->isGranted(PostVoter::POST_OWNER_DELETE, $entity));
+            });
+    }
 }
--- a/src/Security/Voter/PostVoter.php
+++ b/src/Security/Voter/PostVoter.php
@@ -5,12 +5,22 @@ namespace App\Security\Voter;
 use App\Entity\Post;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authorization\Voter\Voter;
+use Symfony\Component\Security\Core\Security;
 use Symfony\Component\Security\Core\User\UserInterface;

 class PostVoter extends Voter
 {
    const POST_OWNER_EDIT = 'post_owner_edit';
    const POST_OWNER_DELETE = 'post_owner_delete';
+    /**
+     * @var Security
+     */
+    private Security $security;
+
+    public function __construct(Security $security)
+    {
+        $this->security = $security;
+    }

    protected function supports(string $attribute, $subject): bool
    {
@@ -37,7 +47,10 @@ class PostVoter extends Voter
            case self::POST_OWNER_DELETE:
                // logic to determine if the user can VIEW
                // return true or false
-                if ($subject->getAuthor() == $user){
+                if ($this->security->isGranted('ROLE_ADMIN')) {
+                    return true;
+                }
+                if ($subject->getAuthor() == $user) {
                    return true;
                }
                break;