Merge branch 'develop'

CHANGELOG.md

@@ -1,6 +1,10 @@
 ## [Unreleased]
 
-## [v1.22.0] 2023-09-28
+## [v1.23.0] - 2023-09-28
+### Changed
+* upgrade murph/murph-core
+
+## [v1.22.0] - 2023-09-28
 ### Added
 * update woodpecker ci base file
 ### Fixed
@@ -8,11 +12,11 @@
 ### Changed
 * upgrade murph/murph-core
 
-## [1.21.0] 2023-08-11
+## [1.21.0] - 2023-08-11
 ### Changed
 * upgrade murph/murph-core
 
-## [1.20.0] 2023-07-27
+## [1.20.0] - 2023-07-27
 ### Fixed
 * fix collection widget: allow_add/allow_delete and prototype
 ### Added
@@ -21,11 +25,11 @@
 ### Changed
 * upgrade murph/murph-core
 
-## [1.19.0] 2023-04-15
+## [1.19.0] - 2023-04-15
 ### Changed
 * upgrade murph/murph-core
 
-## [1.18.0] 2023-01-13
+## [1.18.0] - 2023-01-13
 ### Added
 * feat(dep): update dependencies
 * feat(update): apply new recipe for phpunit
@@ -53,7 +57,7 @@
 * fix(config): fix firewall config
 
 
-## [1.17.0] 2022-11-19
+## [1.17.0] - 2022-11-19
 ### Changed
 * upgrade murph/murph-core
 * replace annotation with attributes

composer.json

@@ -7,7 +7,7 @@
     "prefer-stable": true,
     "require": {
         "php": ">=8.0.0",
-        "murph/murph-core": "^1.20"
+        "murph/murph-core": "^1.23"
     },
     "require-dev": {
         "symfony/browser-kit": "^5.4",

config/packages/security.yaml

@@ -3,6 +3,10 @@ security:
         App\Entity\User:
             algorithm: auto
 
+    access_decision_manager:
+        strategy: consensus
+        allow_if_all_abstain: false
+
     # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
     enable_authenticator_manager: true
     # https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords

src/Security/Voter/EntityVoter.php

@@ -0,0 +1,51 @@
+<?php
+
+namespace App\Security\Voter;
+
+use App\Core\Entity\EntityInterface;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\Voter;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+class EntityVoter extends Voter
+{
+    public const EDIT = 'edit';
+    public const VIEW = 'show';
+    public const DELETE = 'delete';
+
+    protected function supports(string $attribute, mixed $subject): bool
+    {
+        // replace with your own logic
+        // https://symfony.com/doc/current/security/voters.html
+        return in_array($attribute, [self::EDIT, self::VIEW, self::DELETE])
+            && $subject instanceof EntityInterface;
+    }
+
+    protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool
+    {
+        $user = $token->getUser();
+
+        if (!$user instanceof UserInterface) {
+            return false;
+        }
+
+        switch ($attribute) {
+            case self::EDIT:
+                return true;
+
+                break;
+
+            case self::VIEW:
+                return true;
+
+                break;
+
+            case self::DELETE:
+                return true;
+
+                break;
+        }
+
+        return false;
+    }
+}