<?php/* * This file is part of the Symfony package. * * (c) Fabien Potencier <[email protected]> * * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */namespace Symfony\Component\Security\Core\Authorization\Voter;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Role\Role;/** * RoleVoter votes if any attribute starts with a given prefix. * * @author Fabien Potencier <[email protected]> */class RoleVoter implements VoterInterface{ private $prefix; public function __construct(string $prefix = 'ROLE_') { $this->prefix = $prefix; } /** * {@inheritdoc} */ public function vote(TokenInterface $token, $subject, array $attributes) { $result = VoterInterface::ACCESS_ABSTAIN; $roles = $this->extractRoles($token); foreach ($attributes as $attribute) { if ($attribute instanceof Role) { $attribute = $attribute->getRole(); } if (!\is_string($attribute) || 0 !== strpos($attribute, $this->prefix)) { continue; } $result = VoterInterface::ACCESS_DENIED; foreach ($roles as $role) { if ($attribute === $role) { return VoterInterface::ACCESS_GRANTED; } } } return $result; } protected function extractRoles(TokenInterface $token) { if (method_exists($token, 'getRoleNames')) { return $token->getRoleNames(); } @trigger_error(sprintf('Not implementing the "%s::getRoleNames()" method in "%s" is deprecated since Symfony 4.3.', TokenInterface::class, \get_class($token)), E_USER_DEPRECATED); return array_map(function (Role $role) { return $role->getRole(); }, $token->getRoles(false)); }}