src/Security/DashboardVoter.php line 13

Open in your IDE?
  1. <?php
  3. // src/Security/PostVoter.php
  5. namespace App\Security;
  7. use App\Entity\Nea;
  8. use App\Entity\User;
  9. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  10. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  11. use Symfony\Component\Security\Core\Security;
  13. class DashboardVoter extends Voter
  14. {
  15.     // these strings are just invented: you can use anything
  16.     public const CAN_VIEW_ELEVATOR 'canViewElevator';
  17.     public const CAN_VIEW_NEA 'canViewNea';
  19.     private $security;
  21.     public function __construct(Security $security)
  22.     {
  23.         $this->security $security;
  24.     }
  26.     protected function supports($attribute$subject): bool
  27.     {
  28.         // if the attribute isn't one we support, return false
  29.         if (!in_array($attribute, [self::CAN_VIEW_ELEVATORself::CAN_VIEW_NEA])) {
  30.             return false;
  31.         }
  33.         // only vote on `Post` objects
  34.         if (!$subject instanceof Nea) {
  35.             return false;
  36.         }
  38.         return true;
  39.     }
  41.     protected function voteOnAttribute($attribute$subjectTokenInterface $token): bool
  42.     {
  43.         $user $token->getUser();
  45.         if (!$user instanceof User) {
  46.             // the user must be logged in; if not, deny access
  47.             return false;
  48.         }
  50.         // you know $subject is a Post object, thanks to `supports()`
  51.         /** @var Post $post */
  52.         $nea $subject;
  54.         switch ($attribute) {
  55.             case self::CAN_VIEW_ELEVATOR:
  56.                 return $this->canViewElevator($user);
  58.             case self::CAN_VIEW_NEA:
  59.                 return $this->canViewNea($user);
  60.         }
  62.         throw new \LogicException('This code should not be reached!');
  63.     }
  65.     private function canViewElevator(User $user): bool
  66.     {
  67.         if (
  68.             in_array('ROLE_ELV'$user->getRoles())
  69.             && (
  70.                 $this->security->isGranted('ROLE_OPERATOR')
  71.                 || $this->security->isGranted('ROLE_CUSTODIAN')
  72.                 || $this->security->isGranted('ROLE_DL')
  73.                 || $this->security->isGranted('ROLE_SBS')
  74.                 || $this->security->isGranted('ROLE_LIFTMANAGER')
  75.             )
  76.         ) {
  77.             return true;
  78.         }
  80.         return false;
  81.     }
  83.     private function canViewNea(User $user): bool
  84.     {
  85.         if (
  86.             in_array('ROLE_NEA'$user->getRoles())
  87.             && (
  88.                 $this->security->isGranted('ROLE_OPERATOR')
  89.                 || $this->security->isGranted('ROLE_CUSTODIAN')
  90.                 || $this->security->isGranted('ROLE_DL')
  91.                 || $this->security->isGranted('ROLE_SBS')
  92.                 || $this->security->isGranted('ROLE_LIFTMANAGER')
  93.             )
  94.         ) {
  95.             return true;
  96.         }
  98.         return false;
  99.     }
  100. }