src/Security/NeaVoter.php line 13

Open in your IDE?
  1. <?php
  3. // src/Security/PostVoter.php
  5. namespace App\Security;
  7. use App\Entity\Nea;
  8. use App\Entity\User;
  9. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  10. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  11. use Symfony\Component\Security\Core\Security;
  13. class NeaVoter extends Voter
  14. {
  15.     // these strings are just invented: you can use anything
  16.     public const EDIT 'edit';
  17.     public const VIEW 'view';
  18.     public const DELETE 'delete';
  19.     public const REFURBISHMENT 'refurbishment';
  20.     public const ZUES 'zues';
  21.     private $security;
  23.     public function __construct(Security $security)
  24.     {
  25.         $this->security $security;
  26.     }
  28.     protected function supports($attribute$subject): bool
  29.     {
  30.         // if the attribute isn't one we support, return false
  31.         if (!in_array($attribute, [self::EDITself::VIEWself::DELETEself::REFURBISHMENTself::ZUES])) {
  32.             return false;
  33.         }
  35.         // only vote on `Post` objects
  36.         if (!$subject instanceof Nea) {
  37.             return false;
  38.         }
  40.         return true;
  41.     }
  43.     protected function voteOnAttribute($attribute$subjectTokenInterface $token): bool
  44.     {
  45.         $user $token->getUser();
  47.         if (!$user instanceof User) {
  48.             // the user must be logged in; if not, deny access
  49.             return false;
  50.         }
  52.         // you know $subject is a Post object, thanks to `supports()`
  53.         /** @var Post $post */
  54.         $nea $subject;
  56.         switch ($attribute) {
  57.             case self::REFURBISHMENT:
  58.                 return $this->canSetRefurbishment($nea$user);
  60.             case self::ZUES:
  61.                 return $this->canSetZues($nea$user);
  62.         }
  64.         throw new \LogicException('This code should not be reached!');
  65.     }
  67.     private function canSetRefurbishment(Nea $neaUser $user): bool
  68.     {
  69.         if ($this->security->isGranted('ROLE_CUSTODIAN')) {
  70.             return true;
  71.         }
  73.         return false;
  74.     }
  76.     private function canSetZues(Nea $neaUser $user): bool
  77.     {
  78.         // this assumes that the Post object has a `getOwner()` method
  79.         if (
  80.             $this->security->isGranted('ROLE_CUSTODIAN')
  81.             || $this->security->isGranted('ROLE_ZUES')
  82.         ) {
  83.             return true;
  84.         }
  86.         return false;
  87.     }
  89.     private function canView(Nea $neaUser $user): bool
  90.     {
  91.         if (
  92.             $this->security->isGranted('ROLE_CUSTODIAN')
  93.             || $this->security->isGranted('ROLE_DL')
  94.             || $this->security->isGranted('ROLE_ZUES')
  95.         ) {
  96.             return true;
  97.         }
  99.         return false;
  100.     }
  101. }