symfony-cmf · dbu · Jul 14, 2013 · Jun 22, 2013 · Jun 24, 2013 · Jun 27, 2013
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,14 @@
 Changelog
 =========
 
+* **2013-06-20**: [PublishWorkflow] Moved the access checks to security voter
+  and using isGranted 'VIEW' instead.
+  Removed twig function cmf_is_published, just use is_granted('VIEW', content)
+  instead.
+  Configuration was adjusted: The parameter for the role that may see unpublished
+  content moved from `role` to `publish_workflow.view_non_published_role`. The
+  publish_workflow_listener moved to `publish_workflow.request_listener`.
+
 * **2013-05-16**: [PublishWorkFlowChecker] Removed Request argument
   from check method. Class now accepts a DateTime object to
   optionally "set" the current time.
diff --git a/DependencyInjection/CmfCoreExtension.php b/DependencyInjection/CmfCoreExtension.php
@@ -17,13 +17,23 @@ public function load(array $configs, ContainerBuilder $container)
         $loader = new XmlFileLoader($container, new FileLocator(__DIR__.'/../Resources/config'));
         $loader->load('services.xml');
 
-        $container->setParameter($this->getAlias().'.role', $config['role']);
         $container->setParameter($this->getAlias() . '.document_manager_name', $config['document_manager_name']);
 
-        if (!$config['publish_workflow_listener']) {
-            $container->removeDefinition($this->getAlias() . '.publish_workflow_listener');
-        } elseif (!class_exists('Symfony\Cmf\Bundle\RoutingBundle\Routing\DynamicRouter')) {
-            throw new InvalidConfigurationException("The 'publish_workflow_listener' may not be enabled unless 'Symfony\Cmf\Bundle\RoutingBundle\Routing\DynamicRouter' is available.");
+        if (isset($config['publish_workflow'])) {
+            $this->loadPublishWorkflow($config['publish_workflow'], $loader, $container);
+        }
+    }
+
+    public function loadPublishWorkflow($config, XmlFileLoader $loader, ContainerBuilder $container) {
+        $container->setParameter($this->getAlias().'.publish_workflow.view_non_published_role', $config['view_non_published_role']);
+        $loader->load('publish_workflow.xml');
+
+        if ($config['request_listener']) {
+            if (!class_exists('Symfony\Cmf\Bundle\RoutingBundle\Routing\DynamicRouter')) {
+                throw new InvalidConfigurationException('The "publish_workflow.request_listener" may not be enabled unless "Symfony\Cmf\Bundle\RoutingBundle\Routing\DynamicRouter" is available.');
+            }
+        } else {
+            $container->removeDefinition($this->getAlias() . '.publish_workflow.request_listener');
         }
     }
 

diff --git a/DependencyInjection/Configuration.php b/DependencyInjection/Configuration.php
@@ -15,8 +15,12 @@ public function getConfigTreeBuilder()
         $rootNode
             ->children()
                 ->scalarNode('document_manager_name')->defaultValue('default')->end()
-                ->scalarNode('role')->defaultValue('IS_AUTHENTICATED_ANONYMOUSLY')->end()
-                ->booleanNode('publish_workflow_listener')->defaultFalse()->end()
+                ->arrayNode('publish_workflow')
+                    ->children()
+                        ->scalarNode('view_non_published_role')->defaultValue('CAN_VIEW_NON_PUBLISHED')->end()
+                        ->booleanNode('request_listener')->defaultTrue()->end()
+                    ->end()
+                ->end()
             ->end()
         ;
 

diff --git a/EventListener/PublishWorkflowListener.php b/EventListener/PublishWorkflowListener.php
@@ -8,24 +8,24 @@
 use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 
 use Symfony\Cmf\Bundle\RoutingBundle\Routing\DynamicRouter;
-use Symfony\Cmf\Bundle\CoreBundle\PublishWorkflow\PublishWorkflowCheckerInterface;
+use Symfony\Component\Security\Core\SecurityContext;
 
 /**
  * Makes sure only published routes and content can be accessed
  */
 class PublishWorkflowListener implements EventSubscriberInterface
 {
     /**
-     * @var PublishWorkflowCheckerInterface
+     * @var SecurityContext
      */
-    protected $publishWorkflowChecker;
+    protected $context;
 
     /**
-     * @param PublishWorkflowCheckerInterface $publishWorkflowChecker
+     * @param SecurityContext $context
      */
-    public function __construct(PublishWorkflowCheckerInterface $publishWorkflowChecker)
+    public function __construct(SecurityContext $context)
     {
-        $this->publishWorkflowChecker = $publishWorkflowChecker;
+        $this->context = $context;
     }
 
     /**
@@ -38,12 +38,12 @@ public function onKernelRequest(GetResponseEvent $event)
         $request = $event->getRequest();
 
         $route = $request->attributes->get(DynamicRouter::ROUTE_KEY);
-        if ($route && !$this->publishWorkflowChecker->checkIsPublished($route, false, $request)) {
+        if ($route && !$this->context->isGranted('VIEW', $route)) {
             throw new NotFoundHttpException('Route not found at: ' . $request->getPathInfo());
         }
 
         $content = $request->attributes->get(DynamicRouter::CONTENT_KEY);
-        if ($content && !$this->publishWorkflowChecker->checkIsPublished($content, false, $request)) {
+        if ($content && !$this->context->isGranted('VIEW', $content)) {
             throw new NotFoundHttpException('Content not found for: ' . $request->getPathInfo());
         }
     }

diff --git a/PublishWorkflow/PublishTimePeriodInterface.php b/PublishWorkflow/PublishTimePeriodInterface.php
@@ -0,0 +1,30 @@
+<?php
+
+namespace Symfony\Cmf\Bundle\CoreBundle\PublishWorkflow;
+
+/**
+ * Interface models can implement if they want to support time based publish
+ * checking.
+ */
+interface PublishTimePeriodInterface
+{
+    /**
+     * Return the date from which the content should be published.
+     *
+     * A NULL value is interpreted as a date in the past, meaning the content
+     * is publishable unless publish end date is set and in the past.
+     *
+     * @return \DateTime|null
+     */
+    public function getPublishStartDate();
+
+    /**
+     * Return the date at which the content should stop being published.
+     *
+     * A NULL value is interpreted as saying that the document will
+     * never end being publishable.
+     *
+     * @return \DateTime|null
+     */
+    public function getPublishEndDate();
+}
diff --git a/PublishWorkflow/PublishWorkflowChecker.php b/PublishWorkflow/PublishWorkflowChecker.php
diff --git a/PublishWorkflow/PublishWorkflowCheckerInterface.php b/PublishWorkflow/PublishWorkflowCheckerInterface.php
diff --git a/PublishWorkflow/PublishWorkflowInterface.php b/PublishWorkflow/PublishWorkflowInterface.php
@@ -3,43 +3,21 @@
 namespace Symfony\Cmf\Bundle\CoreBundle\PublishWorkflow;
 
 /**
- * Interface models can implement if they want to support publish workflow checking
+ * Interface models can implement to expose editable publishing settings.
  */
-interface PublishWorkflowInterface
+interface PublishWorkflowInterface extends PublishableInterface, PublishTimePeriodInterface
 {
-    /**
-     * Return the date from which the content should
-     * be considered publishable.
-     *
-     * A NULL value should be interpreted as saying that 
-     * the content has always been publishable.
-     *
-     * @return \DateTime|null
-     */
-    public function getPublishStartDate();
-
     /**
      * Set the date from which the content should
      * be considered publishable.
      *
      * Setting a NULL value asserts that the content
-     * has always been publishable. 
+     * has always been publishable.
      *
      * @param \DateTime|null $publishDate
      */
     public function setPublishStartDate(\DateTime $publishDate = null);
 
-    /**
-     * Return the date at which the content should
-     * stop being published.
-     *
-     * A NULL value should be interpreted as saying that
-     * the document will always be publishable.
-     *
-     * @return \DateTime|null
-     */
-    public function getPublishEndDate();
-
     /**
      * Set the date at which the content should
      * stop being published.
@@ -52,15 +30,9 @@ public function getPublishEndDate();
     public function setPublishEndDate(\DateTime $publishDate = null);
 
     /**
-     * Return the base publishable state of the content.
-     *
-     * A false value indicates that the content should, under
-     * no circumstances, be published. A true value indicates
-     * that the content is publishable - but is subject to
-     * the $publishStartDate and $publishEndDate if they are
-     * set.
+     * Set the boolean flag if this content should be published or not.
      *
      * @return boolean
      */
-    public function isPublishable();
+    public function setPublishable($publishable);
 }
diff --git a/PublishWorkflow/PublishableInterface.php b/PublishWorkflow/PublishableInterface.php
@@ -0,0 +1,24 @@
+<?php
+
+namespace Symfony\Cmf\Bundle\CoreBundle\PublishWorkflow;
+
+/**
+ * Interface models can implement if they want to support publish checking with
+ * a binary flag.
+ *
+ * Several publish interfaces can be combined. Publish voters will return DENY
+ * if the condition is not met and ABSTAIN if it is met, to allow other voters
+ * to influence the decision as well.
+ */
+interface PublishableInterface
+{
+    /**
+     * Whether this content is publishable at all.
+     *
+     * A false value indicates that the content is not published. True means it
+     * is allowed to show this content.
+     *
+     * @return boolean
+     */
+    public function isPublishable();
+}
diff --git a/Resources/config/publish_workflow.xml b/Resources/config/publish_workflow.xml
@@ -0,0 +1,40 @@
+<?xml version="1.0" ?>
+
+<container xmlns="http://symfony.com/schema/dic/services"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
+
+    <parameters>
+        <parameter key="cmf_core.twig_extension_class">Symfony\Cmf\Bundle\CoreBundle\Twig\TwigExtension</parameter>
+        <parameter key="cmf_core.publish_workflow_listener_class">Symfony\Cmf\Bundle\CoreBundle\EventListener\PublishWorkflowListener</parameter>
+        <parameter key="cmf_core.security.publishable_voter_class">Symfony\Cmf\Bundle\CoreBundle\Security\Authorization\Voter\PublishableVoter</parameter>
+        <parameter key="cmf_core.security.publish_time_period_voter_class">Symfony\Cmf\Bundle\CoreBundle\Security\Authorization\Voter\PublishTimePeriodVoter</parameter>
+        <parameter key="cmf_core.listener.request_aware_class">Symfony\Cmf\Bundle\CoreBundle\EventListener\RequestAwareListener</parameter>
+        <parameter key="cmf_core.admin_extension.publish_workflow_class">Symfony\Cmf\Bundle\CoreBundle\Admin\Extension\PublishWorkflowExtension</parameter>
+    </parameters>
+
+    <services>
+
+        <service id="cmf_core.security.publishable_voter" class="%cmf_core.security.publishable_voter_class%">
+            <argument type="service" id="service_container" on-invalid="ignore"/>
+            <argument>%cmf_core.publish_workflow.view_non_published_role%</argument>
+            <tag name="security.voter"/>
+        </service>
+
+        <service id="cmf_core.security.publish_time_period_voter" class="%cmf_core.security.publish_time_period_voter_class%">
+            <argument type="service" id="service_container" on-invalid="ignore"/>
+            <argument>%cmf_core.publish_workflow.view_non_published_role%</argument>
+            <tag name="security.voter"/>
+        </service>
+
+        <service id="cmf_core.publish_workflow.request_listener" class="%cmf_core.publish_workflow_listener_class%">
+            <tag name="kernel.event_subscriber"/>
+            <argument type="service" id="security.context"/>
+        </service>
+
+        <service id="cmf_core.admin_extension.publish_workflow" class="%cmf_core.admin_extension.publish_workflow_class%">
+            <tag name="sonata.admin.extension"/>
+        </service>
+
+    </services>
+</container>