Implement security voter

Question

Implement security voter

PGBastien opened this issue 7 years ago · 1 comments

The documentation talking about security https://github.com/Youshido/GraphQLBundle#using-security-voter but i get an Access denied 403 every time.

Answer 1 · 2018-02-02T14:59:01.000Z

use Implement like this

class GraphQLVoter extends Voter
{
    /** @var RolesCheckerService */
    protected $rolesChecker;

    public function setRolesChecker(RolesCheckerService $rolesChecker)
    {
        $this->rolesChecker = $rolesChecker;
    }

    /**
     * {@inheritdoc}
     */
    protected function supports($attribute, $subject)
    {
        return in_array(
            $attribute,
            [
                SecurityManagerInterface::RESOLVE_FIELD_ATTRIBUTE,
                SecurityManagerInterface::RESOLVE_ROOT_OPERATION_ATTRIBUTE,
            ],
            true
        );
    }

    /**
     * {@inheritdoc}
     *
     * @param Mutation $subject
     */
    protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
    {
        $user = $token->getUser();

        if (! $user instanceof UserInfo) {
            return false;
        }

        if (SecurityManagerInterface::RESOLVE_FIELD_ATTRIBUTE === $attribute) {
            return true;
        }

        if (SecurityManagerInterface::RESOLVE_ROOT_OPERATION_ATTRIBUTE === $attribute) {
            return $this->rolesChecker->hasAccessTo($subject->getName());
        }

        return true;
    }
}