feature #59129 [SecurityBundle][TwigBridge] Add is_granted_for_user() function (natewiebe13)

chalasr · chalasr · commit 78f4d9a10597 · 2024-12-22T14:04:21.000+01:00
This PR was merged into the 7.3 branch. Discussion ---------- [SecurityBundle][TwigBridge] Add `is_granted_for_user()` function | Q | A | ------------- | --- | Branch? | 7.3 | Bug fix? | no | New feature? | yes | Deprecations? | no | Issues | N/A | License | MIT Twig function to accompany #48142 Commits ------- 82ff3a5 Add is_granted_for_user() function to twig
diff --git a/src/Symfony/Bridge/Twig/CHANGELOG.md b/src/Symfony/Bridge/Twig/CHANGELOG.md
@@ -1,6 +1,11 @@
 CHANGELOG
 =========
 
+7.3
+---
+
+ * Add `is_granted_for_user()` Twig function
+
 7.2
 ---
 
diff --git a/src/Symfony/Bridge/Twig/Extension/SecurityExtension.php b/src/Symfony/Bridge/Twig/Extension/SecurityExtension.php
@@ -13,7 +13,9 @@
 
 use Symfony\Component\Security\Acl\Voter\FieldVote;
 use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
+use Symfony\Component\Security\Core\Authorization\UserAuthorizationCheckerInterface;
 use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException;
+use Symfony\Component\Security\Core\User\UserInterface;
 use Symfony\Component\Security\Http\Impersonate\ImpersonateUrlGenerator;
 use Twig\Extension\AbstractExtension;
 use Twig\TwigFunction;
@@ -28,6 +30,7 @@ final class SecurityExtension extends AbstractExtension
     public function __construct(
         private ?AuthorizationCheckerInterface $securityChecker = null,
         private ?ImpersonateUrlGenerator $impersonateUrlGenerator = null,
+        private ?UserAuthorizationCheckerInterface $userSecurityChecker = null,
     ) {
     }
 
@@ -48,6 +51,19 @@ public function isGranted(mixed $role, mixed $object = null, ?string $field = nu
         }
     }
 
+    public function isGrantedForUser(UserInterface $user, mixed $attribute, mixed $subject = null, ?string $field = null): bool
+    {
+        if (!$this->userSecurityChecker) {
+            throw new \LogicException(\sprintf('An instance of "%s" must be provided to use "%s()".', UserAuthorizationCheckerInterface::class, __METHOD__));
+        }
+
+        if ($field) {
+            $subject = new FieldVote($subject, $field);
+        }
+
+        return $this->userSecurityChecker->isGrantedForUser($user, $attribute, $subject);
+    }
+
     public function getImpersonateExitUrl(?string $exitTo = null): string
     {
         if (null === $this->impersonateUrlGenerator) {
@@ -86,12 +102,18 @@ public function getImpersonatePath(string $identifier): string
 
     public function getFunctions(): array
     {
-        return [
+        $functions = [
             new TwigFunction('is_granted', $this->isGranted(...)),
             new TwigFunction('impersonation_exit_url', $this->getImpersonateExitUrl(...)),
             new TwigFunction('impersonation_exit_path', $this->getImpersonateExitPath(...)),
             new TwigFunction('impersonation_url', $this->getImpersonateUrl(...)),
             new TwigFunction('impersonation_path', $this->getImpersonatePath(...)),
         ];
+
+        if ($this->userSecurityChecker) {
+            $functions[] = new TwigFunction('is_granted_for_user', $this->isGrantedForUser(...));
+        }
+
+        return $functions;
     }
 }
diff --git a/src/Symfony/Bridge/Twig/UndefinedCallableHandler.php b/src/Symfony/Bridge/Twig/UndefinedCallableHandler.php
@@ -61,6 +61,7 @@ class UndefinedCallableHandler
         'logout_url' => 'security-http',
         'logout_path' => 'security-http',
         'is_granted' => 'security-core',
+        'is_granted_for_user' => 'security-core',
         'impersonation_path' => 'security-http',
         'impersonation_url' => 'security-http',
         'impersonation_exit_path' => 'security-http',
diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/templating_twig.php b/src/Symfony/Bundle/SecurityBundle/Resources/config/templating_twig.php
@@ -26,6 +26,7 @@
             ->args([
                 service('security.authorization_checker')->ignoreOnInvalid(),
                 service('security.impersonate_url_generator')->ignoreOnInvalid(),
+                service('security.user_authorization_checker')->ignoreOnInvalid(),
             ])
             ->tag('twig.extension')
     ;

Original file line number	Diff line number	Diff line change
`@@ -26,6 +26,7 @@`
`26`	`26`	`->args([`
`27`	`27`	`service('security.authorization_checker')->ignoreOnInvalid(),`
`28`	`28`	`service('security.impersonate_url_generator')->ignoreOnInvalid(),`
	`29`	`+ service('security.user_authorization_checker')->ignoreOnInvalid(),`
`29`	`30`	`])`
`30`	`31`	`->tag('twig.extension')`
`31`	`32`	`;`