diff options
| -rw-r--r-- | Core/Authorization/Voter/ExpressionVoter.php | 31 |
1 files changed, 18 insertions, 13 deletions
diff --git a/Core/Authorization/Voter/ExpressionVoter.php b/Core/Authorization/Voter/ExpressionVoter.php index 50c8d5c..690bd87 100644 --- a/Core/Authorization/Voter/ExpressionVoter.php +++ b/Core/Authorization/Voter/ExpressionVoter.php @@ -62,6 +62,23 @@ class ExpressionVoter implements VoterInterface */ public function vote(TokenInterface $token, $object, array $attributes) { + $result = VoterInterface::ACCESS_ABSTAIN; + foreach ($attributes as $attribute) { + if (!$this->supportsAttribute($attribute)) { + continue; + } + + $result = VoterInterface::ACCESS_DENIED; + if ($this->expressionLanguage->evaluate($attribute, $this->getVariables())) { + return VoterInterface::ACCESS_GRANTED; + } + } + + return $result; + } + + private function getVariables(TokenInterface $token, $object) + { if (null !== $this->roleHierarchy) { $roles = $this->roleHierarchy->getReachableRoles($token->getRoles()); } else { @@ -83,18 +100,6 @@ class ExpressionVoter implements VoterInterface $variables['request'] = $object; } - $result = VoterInterface::ACCESS_ABSTAIN; - foreach ($attributes as $attribute) { - if (!$this->supportsAttribute($attribute)) { - continue; - } - - $result = VoterInterface::ACCESS_DENIED; - if ($this->expressionLanguage->evaluate($attribute, $variables)) { - return VoterInterface::ACCESS_GRANTED; - } - } - - return $result; + return $variables; } } |