src/Security/Voter/JoinTheNetwork/JoinTheNetworkVoter.php line 14

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter\JoinTheNetwork;
  5. use App\Entity\JoinTheNetwork\JoinTheNetwork;
  6. use App\Entity\User;
  7. use App\Enum\UserRolesEnum;
  8. use App\Enum\VotersEnum;
  9. use LogicException;
  10. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  11. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  12. use Symfony\Component\Security\Core\Security;
  14. class JoinTheNetworkVoter extends Voter
  15. {
  16.     private Security $security;
  17.     private array $voters;
  19.     public function __construct(Security $security)
  20.     {
  21.         $this->security $security;
  22.         $this->voters = [
  23.             VotersEnum::LIST_JOIN_THE_NETWORK,
  24.             VotersEnum::CREATE_JOIN_THE_NETWORK,
  25.             VotersEnum::READ,
  26.             VotersEnum::UPDATE,
  27.             VotersEnum::DELETE,
  28.             VotersEnum::EXPORT_JOIN_THE_NETWORK,
  29.         ];
  30.     }
  32.     protected function supports(string $attribute$subject): bool
  33.     {
  34.         // first check the $subject and last if the $attribute is supported,
  35.         // because there are attributes (with subject) used as well by other voters (like UPDATE, ...)
  36.         if ($subject && !$subject instanceof JoinTheNetwork) {
  37.             // only vote on these objects
  38.             return false;
  39.         }
  40.         if (in_array($attribute$this->voters)) {
  41.             // if the attribute is one we support
  42.             return true;
  43.         }
  45.         return false;
  46.     }
  48.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  49.     {
  50.         $user $token->getUser();
  51.         if (!$user instanceof User) {
  52.             // the user must be logged in; if not, deny access
  53.             return false;
  54.         }
  55.         switch ($attribute) {
  56.             case VotersEnum::LIST_JOIN_THE_NETWORK:
  57.                 return $this->canList();
  58.             case VotersEnum::CREATE_JOIN_THE_NETWORK:
  59.                 return $this->canCreate();
  60.             case VotersEnum::READ:
  61.                 return $this->canRead();
  62.             case VotersEnum::UPDATE:
  63.                 return $this->canUpdate();
  64.             case VotersEnum::DELETE:
  65.                 return $this->canDelete();
  66.             case VotersEnum::EXPORT_JOIN_THE_NETWORK:
  67.                 return $this->canExport();
  68.         }
  70.         throw new LogicException('This code should not be reached!');
  71.     }
  73.     private function canList(): bool
  74.     {
  75.         return $this->isAdminUser();
  76.     }
  78.     private function canCreate(): bool
  79.     {
  80.         return $this->isAdminUser();
  81.     }
  83.     private function canRead(): bool
  84.     {
  85.         return $this->isAdminUser();
  86.     }
  88.     private function canUpdate(): bool
  89.     {
  90.         return $this->isAdminUser();
  91.     }
  93.     private function canDelete(): bool
  94.     {
  95.         return $this->isAdminUser();
  96.     }
  98.     private function canExport(): bool
  99.     {
  100.         return $this->isAdminUser();
  101.     }
  103.     private function isAdminUser(): bool
  104.     {
  105.         return $this->security->isGranted(UserRolesEnum::ROLE_ADMIN_LONG);
  106.     }
  107. }