Skip to content
Snippets Groups Projects
Commit 2a1d7820 authored by Groß-Vogt, Tobias's avatar Groß-Vogt, Tobias
Browse files

core/authorization update

parent 6e8768bf
No related branches found
No related tags found
No related merge requests found
Pipeline #233640 passed
......@@ -169,11 +169,17 @@
},
{
"name": "dbp/relay-core-bundle",
"version": "v0.1.82",
"version": "v0.1.90",
"source": {
"type": "git",
"url": "https://gitlab.tugraz.at/dbp/relay/dbp-relay-core-bundle",
"reference": "26b368389e5996a52a4afe7f718365e33bd16f91"
"url": "https://github.com/digital-blueprint/relay-core-bundle.git",
"reference": "da90f97ea72c6e0361fa18de31dc0e0c141b1376"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/digital-blueprint/relay-core-bundle/zipball/da90f97ea72c6e0361fa18de31dc0e0c141b1376",
"reference": "da90f97ea72c6e0361fa18de31dc0e0c141b1376",
"shasum": ""
},
"require": {
"api-platform/core": "^2.6.8 <2.7.0",
......@@ -238,7 +244,11 @@
"AGPL-3.0-or-later"
],
"description": "The core bundle of the Relay API gateway",
"time": "2023-02-23T14:57:20+00:00"
"support": {
"issues": "https://github.com/digital-blueprint/relay-core-bundle/issues",
"source": "https://github.com/digital-blueprint/relay-core-bundle/tree/v0.1.90"
},
"time": "2023-03-06T13:46:06+00:00"
},
{
"name": "doctrine/annotations",
......@@ -10164,5 +10174,5 @@
"platform-overrides": {
"php": "7.3"
},
"plugin-api-version": "2.3.0"
"plugin-api-version": "2.2.0"
}
......@@ -49,7 +49,7 @@ class ProxyDataPersister extends AbstractController implements ContextAwareDataP
$this->authorizationService->denyAccessUnlessIsGranted(Configuration::MAY_POST_PROXYDATA, $data);
$proxyDataEvent = new ProxyDataEvent($data);
$this->eventDispatcher->dispatch($proxyDataEvent, ProxyDataEvent::NAME.'.'.$data->getNamespace());
$this->eventDispatcher->dispatch($proxyDataEvent, ProxyDataEvent::class.'.'.$data->getNamespace());
if ($proxyDataEvent->wasAcknowledged() === false) {
throw new BadRequestException(sprintf('unknown namespace "%s"', $data->getNamespace()));
......@@ -65,6 +65,7 @@ class ProxyDataPersister extends AbstractController implements ContextAwareDataP
public function remove($data, array $context = []): void
{
$this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
$this->denyAccessUnlessGranted('ROLE_SCOPE_API-PROXY');
$this->authorizationService->denyAccessUnlessIsGranted(Configuration::MAY_POST_PROXYDATA, $data);
}
}
<?php
declare(strict_types=1);
namespace Dbp\Relay\ProxyBundle\DataProvider;
use ApiPlatform\Core\DataProvider\CollectionDataProviderInterface;
use ApiPlatform\Core\DataProvider\RestrictedDataProviderInterface;
use Dbp\Relay\ProxyBundle\Entity\ProxyData;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
final class ProxyDataCollectionDataProvider extends AbstractController implements CollectionDataProviderInterface, RestrictedDataProviderInterface
{
public function supports(string $resourceClass, string $operationName = null, array $context = []): bool
{
return ProxyData::class === $resourceClass;
}
public function getCollection(string $resourceClass, string $operationName = null, array $context = []): iterable
{
$this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
$this->denyAccessUnlessGranted('ROLE_SCOPE_API-PROXY');
return [];
}
}
<?php
declare(strict_types=1);
namespace Dbp\Relay\ProxyBundle\DataProvider;
use ApiPlatform\Core\DataProvider\ItemDataProviderInterface;
use ApiPlatform\Core\DataProvider\RestrictedDataProviderInterface;
use Dbp\Relay\ProxyBundle\Entity\ProxyData;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
final class ProxyDataItemDataProvider extends AbstractController implements ItemDataProviderInterface, RestrictedDataProviderInterface
{
public function supports(string $resourceClass, string $operationName = null, array $context = []): bool
{
return ProxyData::class === $resourceClass;
}
public function getItem(string $resourceClass, $id, string $operationName = null, array $context = []): ?ProxyData
{
$this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
$this->denyAccessUnlessGranted('ROLE_SCOPE_API-PROXY');
return null;
}
}
<?php
declare(strict_types=1);
namespace Dbp\Relay\ProxyBundle\DataProvider;
use Dbp\Relay\CoreBundle\DataProvider\AbstractDataProvider;
use Dbp\Relay\CoreBundle\Exception\ApiError;
use Dbp\Relay\ProxyBundle\Entity\ProxyData;
use Symfony\Component\HttpFoundation\Response;
class ProxyDataProvider extends AbstractDataProvider
{
protected function getResourceClass(): string
{
return ProxyData::class;
}
protected function getItemById($id, array $options = []): object
{
return new ProxyData();
}
protected function getPage(int $currentPageNumber, int $maxNumItemsPerPage, array $filters = [], array $options = []): array
{
return [];
}
protected function onOperationStart(int $operation)
{
$this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
throw ApiError::withDetails(Response::HTTP_NOT_IMPLEMENTED, 'GET operations not implemented for this resource');
}
}
......@@ -4,35 +4,23 @@ declare(strict_types=1);
namespace Dbp\Relay\ProxyBundle\DependencyInjection;
use Dbp\Relay\CoreBundle\Authorization\AuthorizationConfigDefinition;
use Symfony\Component\Config\Definition\Builder\TreeBuilder;
use Symfony\Component\Config\Definition\ConfigurationInterface;
class Configuration implements ConfigurationInterface
{
public const AUTHORIZATON_NODE = 'authorization';
public const MAY_POST_PROXYDATA = 'MAY_POST_PROXYDATA';
public function getConfigTreeBuilder(): TreeBuilder
{
$treeBuilder = new TreeBuilder('dbp_relay_proxy');
$authorizationConfigDefinition = AuthorizationConfigDefinition::create()
->addRole(self::MAY_POST_PROXYDATA, 'false',
'The (boolean) expression checking whether the current user may post the given proxy data. Available parameters: user, subject (of type ProxyData)');
$treeBuilder = new TreeBuilder('dbp_relay_proxy');
$treeBuilder->getRootNode()
->children()
->arrayNode(self::AUTHORIZATON_NODE)
->addDefaultsIfNotSet()
->children()
->arrayNode('rights')
->children()
->scalarNode(self::MAY_POST_PROXYDATA)
->info('The (boolean) expression checking whether the current user may post the given proxy data. Available parameters: user, subject (of type ProxyData)')
->example('user.get("CALL_PROXY_FUNCTIONS") === true || subject.getNamespace() === "public"')
->end()
->end()
->end()
->end()
->end()
->end()
;
->append($authorizationConfigDefinition->getNodeDefinition());
return $treeBuilder;
}
......
......@@ -35,6 +35,6 @@ class DbpRelayProxyExtension extends ConfigurableExtension
$loader->load('services.yaml');
$definition = $container->getDefinition(AuthorizationService::class);
$definition->addMethodCall('setConfig', [$mergedConfig[Configuration::AUTHORIZATON_NODE]]);
$definition->addMethodCall('setConfig', [$mergedConfig]);
}
}
......@@ -3,12 +3,10 @@ services:
autowire: true
autoconfigure: true
Dbp\Relay\ProxyBundle\DataProvider\:
resource: '../../DataProvider'
Dbp\Relay\ProxyBundle\DataProvider\ProxyDataProvider:
autowire: true
autoconfigure: true
Dbp\Relay\ProxyBundle\DataPersister\:
resource: '../../DataPersister'
Dbp\Relay\ProxyBundle\DataPersister\ProxyDataPersister:
autowire: true
autoconfigure: true
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment