|
|
@@ -26,10 +26,12 @@ abstract class AbstractEntityVoter extends Voter
|
|
|
protected const DELETE = 'DELETE';
|
|
|
|
|
|
/**
|
|
|
- * The current user if any, else null; access it trough isUserLoggedIn or getUser methods
|
|
|
- * @var Access|null
|
|
|
+ * The current user if any; access it trough isUserLoggedIn or getUser methods
|
|
|
+ * If the current user is null, it has not been fetched already
|
|
|
+ * If it is false, there is no user logged in
|
|
|
+ * @var Access|null|false
|
|
|
*/
|
|
|
- private ?Access $user = null;
|
|
|
+ private Access|null|false $user = null;
|
|
|
|
|
|
/**
|
|
|
* The supported class name. Override it in subclass.
|
|
|
@@ -54,31 +56,7 @@ abstract class AbstractEntityVoter extends Voter
|
|
|
private InternalRequestsService $internalRequestsService,
|
|
|
EntityManagerInterface $em,
|
|
|
private SwitchUser $switchUser
|
|
|
- ) {
|
|
|
- /** @var Access $user */
|
|
|
- $user = $this->security->getUser();
|
|
|
-
|
|
|
- // <-- Special case of impersonated users: the switch user is not setup yet by symfony, we have to do it "manually"
|
|
|
- $switchHeaderId = $_SERVER['HTTP_X_SWITCH_USER'] ?? null;
|
|
|
- if ($switchHeaderId !== null) {
|
|
|
- $switchAs = $em->find(Access::class, $switchHeaderId);
|
|
|
- if (
|
|
|
- $switchAs &&
|
|
|
- (
|
|
|
- $this->security->isGranted('ROLE_ALLOWED_TO_SWITCH') ||
|
|
|
- $this->switchUser->isAllowedToSwitch($user, $switchAs)
|
|
|
- )
|
|
|
- ) {
|
|
|
- $user = $switchAs;
|
|
|
- }
|
|
|
- }
|
|
|
- // -->
|
|
|
-
|
|
|
- // If the user is not anonymous, remember it
|
|
|
- if ($user instanceof Access) {
|
|
|
- $this->user = $user;
|
|
|
- }
|
|
|
- }
|
|
|
+ ) {}
|
|
|
|
|
|
/**
|
|
|
* Default `supports` method, that uses self::entityClass and self::allowedOperations to determine if the voter
|
|
|
@@ -164,7 +142,31 @@ abstract class AbstractEntityVoter extends Voter
|
|
|
* @return Access
|
|
|
*/
|
|
|
protected function getUser(): ?Access {
|
|
|
- return $this->user;
|
|
|
+ if ($this->user === null) {
|
|
|
+ /** @var Access $user */
|
|
|
+ $user = $this->security->getUser();
|
|
|
+
|
|
|
+ // <-- Special case of impersonated users: the switch user is not setup yet by symfony, we have to do it "manually"
|
|
|
+ $switchHeaderId = $_SERVER['HTTP_X_SWITCH_USER'] ?? null;
|
|
|
+ if ($switchHeaderId !== null) {
|
|
|
+ $switchAs = $this->em->find(Access::class, $switchHeaderId);
|
|
|
+ if (
|
|
|
+ $switchAs &&
|
|
|
+ (
|
|
|
+ $this->security->isGranted('ROLE_ALLOWED_TO_SWITCH') ||
|
|
|
+ $this->switchUser->isAllowedToSwitch($user, $switchAs)
|
|
|
+ )
|
|
|
+ ) {
|
|
|
+ $user = $switchAs;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ // -->
|
|
|
+
|
|
|
+ // If the user is not anonymous, remember it
|
|
|
+ $this->user = $user instanceof Access ? $user : false;
|
|
|
+ }
|
|
|
+
|
|
|
+ return $this->user !== false ? $this->user : null;
|
|
|
}
|
|
|
|
|
|
/**
|
Olivier Massot