src/Security/Voter/Garages/GarageVoter.php line 13

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter\Garages;
  5. use App\Entity\Garages\Garage;
  6. use App\Entity\User;
  7. use App\Enum\UserRolesEnum;
  8. use App\Enum\VotersEnum;
  9. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  10. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  11. use Symfony\Component\Security\Core\Security;
  13. final class GarageVoter extends Voter
  14. {
  15.     private Security $security;
  16.     private array $voters;
  18.     public function __construct(Security $security)
  19.     {
  20.         $this->security $security;
  21.         $this->voters = [
  22.             VotersEnum::LIST_GARAGE,
  23.             VotersEnum::CREATE_GARAGE,
  24.             VotersEnum::READ,
  25.             VotersEnum::UPDATE,
  26.             VotersEnum::DELETE,
  27.             VotersEnum::EXPORT_GARAGE,
  28.             VotersEnum::PURCHASE_TRACKING_READ,
  29.             VotersEnum::UPDATE_GARAGE_OWNER,
  30.         ];
  31.     }
  33.     protected function supports(string $attribute$subject): bool
  34.     {
  35.         // first check the $subject and last if the $attribute is supported,
  36.         // because there are attributes (with subject) used as well by other voters (like UPDATE, ...)
  37.         if ($subject && !$subject instanceof Garage) {
  38.             // only vote on these objects
  39.             return false;
  40.         }
  41.         if (in_array($attribute$this->voters)) {
  42.             // if the attribute is one we support
  43.             return true;
  44.         }
  46.         return false;
  47.     }
  49.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  50.     {
  51.         $user $token->getUser();
  52.         if (!$user instanceof User) {
  53.             // the user must be logged in; if not, deny access
  54.             return false;
  55.         }
  56.         switch ($attribute) {
  57.             case VotersEnum::LIST_GARAGE:
  58.                 return $this->canList();
  59.             case VotersEnum::CREATE_GARAGE:
  60.                 return $this->canCreate();
  61.             case VotersEnum::READ:
  62.                 return $this->canRead($subject$user);
  63.             case VotersEnum::UPDATE:
  64.                 return $this->canUpdate($subject$user);
  65.             case VotersEnum::UPDATE_GARAGE_OWNER:
  66.                 return $this->canUpdateGarageOwner($subject$user);
  67.             case VotersEnum::DELETE:
  68.                 return $this->canDelete();
  69.             case VotersEnum::EXPORT_GARAGE:
  70.                 return $this->canExport();
  71.             case VotersEnum::PURCHASE_TRACKING_READ:
  72.                 return $this->canReadPurchaseTracking($subject$user);
  73.         }
  75.         throw new \LogicException('This code should not be reached!');
  76.     }
  78.     private function canList(): bool
  79.     {
  80.         return $this->isAdminUser() || $this->isQualityAdvisorUser() || $this->isAssociatedManagerUser();
  81.     }
  83.     private function canCreate(): bool
  84.     {
  85.         return $this->isAdminUser();
  86.     }
  88.     private function canRead(Garage $garageUser $user): bool
  89.     {
  90.         if ($this->isAdminUser() || $this->isAssociatedManagerUser() || $garage->isOwner($user) || $garage->isCoordinator($user)) {
  91.             return true;
  92.         }
  94.         return false;
  95.     }
  97.     private function canUpdate(Garage $garageUser $user): bool
  98.     {
  99.         if (($this->isAdminUser() || $garage->isOwner($user) || $garage->isCoordinator($user)) && !$this->isQualityAdvisorUser() && !$this->isAssociatedManagerUser()) {
  100.             return true;
  101.         }
  103.         return false;
  104.     }
  106.     private function canUpdateGarageOwner(Garage $garageUser $user): bool
  107.     {
  108.         if (($this->isAdminUser() || $garage->isOwner($user) || $garage->isCoordinator($user)) && !$this->isAssociatedManagerUser()) {
  109.             return true;
  110.         }
  112.         return false;
  113.     }
  115.     private function canDelete(): bool
  116.     {
  117.         return $this->isAdminUser();
  118.     }
  120.     private function canExport(): bool
  121.     {
  122.         return $this->isAdminUser();
  123.     }
  125.     private function canReadPurchaseTracking(Garage $garageUser $user): bool
  126.     {
  127.         if (($this->isAdminUser() || $garage->isOwner($user) || $garage->isCoordinator($user)) || $this->isAssociatedManagerUser()) {
  128.             return true;
  129.         }
  131.         return false;
  132.     }
  134.     private function isAdminUser(): bool
  135.     {
  136.         return $this->security->isGranted(UserRolesEnum::ROLE_ADMIN_LONG);
  137.     }
  139.     private function isAssociatedManagerUser(): bool
  140.     {
  141.         return $this->security->isGranted(UserRolesEnum::ROLE_ASSOCIATED_MANAGER_LONG);
  142.     }
  144.     private function isQualityAdvisorUser(): bool
  145.     {
  146.         return $this->security->isGranted(UserRolesEnum::ROLE_QUALITY_ADVISOR_LONG);
  147.     }
  148. }