Symfony Profiler

<?php
namespace App\Security\Voter\Garages;
use App\Entity\Garages\GarageAppointment;
use App\Entity\User;
use App\Enum\MenuRolesAssociatedEnum;
use App\Enum\MenuRolesManagerEnum;
use App\Enum\UserRolesEnum;
use App\Enum\VotersEnum;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\Security;
class GarageAppointmentVoter extends Voter
{
private Security $security;
private array $voters;
public function __construct(Security $security)
{
$this->security = $security;
$this->voters = [
VotersEnum::LIST_GARAGE_APPOINTMENT,
VotersEnum::CREATE_GARAGE_APPOINTMENT,
VotersEnum::READ,
VotersEnum::UPDATE,
VotersEnum::DELETE,
VotersEnum::EXPORT_GARAGE_APPOINTMENT,
];
}
protected function supports(string $attribute, $subject): bool
{
// first check the $subject and last if the $attribute is supported,
// because there are attributes (with subject) used as well by other voters (like UPDATE, ...)
if ($subject && !$subject instanceof GarageAppointment) {
// only vote on these objects
return false;
}
if (in_array($attribute, $this->voters)) {
// if the attribute is one we support
return true;
}
return false;
}
protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
{
$user = $token->getUser();
if (!$user instanceof User) {
// the user must be logged in; if not, deny access
return false;
}
// you know $subject is a GarageAppointment object, thanks to `supports()`
/** @var GarageAppointment $learningCourse */
$garageAppointment = $subject;
switch ($attribute) {
case VotersEnum::LIST_GARAGE_APPOINTMENT:
return $this->canList();
case VotersEnum::CREATE_GARAGE_APPOINTMENT:
return $this->canCreate();
case VotersEnum::READ:
return $this->canRead($garageAppointment, $user);
case VotersEnum::UPDATE:
return $this->canUpdate($garageAppointment, $user);
case VotersEnum::EXPORT_GARAGE_APPOINTMENT:
return $this->canExport();
}
throw new \LogicException('This code should not be reached!');
}
private function canList(): bool
{
return $this->isAdminUser() || $this->security->isGranted(MenuRolesManagerEnum::ROLE_MENU_GARAGE_APPOINTMENTS) || $this->security->isGranted(MenuRolesAssociatedEnum::ROLE_MENU_GARAGE_APPOINTMENTS_ASSOCIATED);
}
private function canCreate(): bool
{
return $this->isAdminUser();
}
private function canRead(GarageAppointment $garageAppointment, User $user): bool
{
return $this->isAdminUser() || $this->isOwner($garageAppointment, $user);
}
private function canUpdate(GarageAppointment $garageAppointment, User $user): bool
{
return $this->isAdminUser() || $this->isOwner($garageAppointment, $user);
}
private function canExport(): bool
{
return $this->isAdminUser();
}
private function isOwner(GarageAppointment $garageAppointment, User $user): bool
{
if ($this->isAdminUser()) {
return true;
} elseif ($this->security->isGranted(UserRolesEnum::ROLE_COORDINATOR_LONG)) {
foreach ($user->getWorkProvinces() as $province) {
if ($garageAppointment->getGarage()->getAddress()->getProvince()->getId() === $province->getId()) {
return true;
}
}
} else {
if ($garageAppointment->getGarage()->getOwner()->getId() === $user->getId()) {
return true;
}
}
return false;
}
private function isAdminUser(): bool
{
return $this->security->isGranted(MenuRolesManagerEnum::ROLE_MENU_GARAGE_APPOINTMENTS)
|| $this->security->isGranted(UserRolesEnum::ROLE_QUALITY_ADVISOR_LONG)
;
}
}

src/Security/Voter/Garages/GarageAppointmentVoter.php line 15