src/Security/Voter/LearningCourses/LearningCourseSecurityVoter.php line 16

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter\LearningCourses;
  5. use App\Entity\LearningCourses\LearningCourse;
  6. use App\Entity\User;
  7. use App\Enum\MenuRolesAssociatedEnum;
  8. use App\Enum\MenuRolesManagerEnum;
  9. use App\Enum\UserRolesEnum;
  10. use App\Enum\VotersEnum;
  11. use LogicException;
  12. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  13. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  14. use Symfony\Component\Security\Core\Security;
  16. final class LearningCourseSecurityVoter extends Voter
  17. {
  18.     private Security $security;
  19.     private array $voters;
  21.     public function __construct(Security $security)
  22.     {
  23.         $this->security $security;
  24.         $this->voters = [
  25.             VotersEnum::LIST_LEARNING_COURSE,
  26.             VotersEnum::LIST_LEARNING_COURSE_ASSOCIATED,
  27.             VotersEnum::CREATE_LEARNING_COURSE,
  28.             VotersEnum::READ,
  29.             VotersEnum::UPDATE,
  30.             VotersEnum::DELETE,
  31.             VotersEnum::VIEW,
  32.             VotersEnum::EXPORT_LEARNING_COURSE_REGISTRATIONS,
  33.             VotersEnum::OWN,
  34.             VotersEnum::ACTIVATE,
  35.             VotersEnum::DEACTIVATE,
  36.             VotersEnum::REPORT_LEARNING_COURSE_REGISTRATIONS,
  37.         ];
  38.     }
  40.     protected function supports(string $attribute$subject): bool
  41.     {
  42.         // first check the $subject and last if the $attribute is supported,
  43.         // because there are attributes (with subject) used as well by other voters (like UPDATE, ...)
  44.         if ($subject && !$subject instanceof LearningCourse) {
  45.             // only vote on these objects
  46.             return false;
  47.         }
  48.         if (in_array($attribute$this->voters)) {
  49.             // if the attribute is one we support
  50.             return true;
  51.         }
  53.         return false;
  54.     }
  56.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  57.     {
  58.         $user $token->getUser();
  59.         if (!$user instanceof User) {
  60.             // the user must be logged in; if not, deny access
  61.             return false;
  62.         }
  63.         // you know $subject is a LearningCourse object, thanks to `supports()`
  64.         /** @var LearningCourse $learningCourse */
  65.         $learningCourse $subject;
  66.         switch ($attribute) {
  67.             case VotersEnum::LIST_LEARNING_COURSE:
  68.                 return $this->canList();
  69.             case VotersEnum::LIST_LEARNING_COURSE_ASSOCIATED:
  70.                 return $this->canListAssociated();
  71.             case VotersEnum::CREATE_LEARNING_COURSE:
  72.                 return $this->canCreate();
  73.             case VotersEnum::READ:
  74.                 return $this->canRead();
  75.             case VotersEnum::UPDATE:
  76.                 return $this->canUpdate();
  77.             case VotersEnum::DELETE:
  78.                 return $this->canDelete();
  79.             case VotersEnum::VIEW:
  80.                 return $this->canView($learningCourse);
  81.             case VotersEnum::EXPORT_LEARNING_COURSE_REGISTRATIONS:
  82.                 return $this->canExport();
  83.             case VotersEnum::OWN:
  84.                 return $this->isOwner($learningCourse$user);
  85.             case VotersEnum::ACTIVATE:
  86.                 return $this->canActivate($learningCourse);
  87.             case VotersEnum::DEACTIVATE:
  88.                 return $this->canDeactivate($learningCourse);
  89.             case VotersEnum::REPORT_LEARNING_COURSE_REGISTRATIONS:
  90.                 return $this->canReport();
  91.         }
  93.         throw new LogicException('This code should not be reached!');
  94.     }
  96.     private function canList(): bool
  97.     {
  98.         return $this->isAdminUser();
  99.     }
  101.     private function canListAssociated(): bool
  102.     {
  103.         return $this->isAdminUser()
  104.             || $this->security->isGranted(MenuRolesAssociatedEnum::ROLE_MENU_LEARNING_PLATFORM_ASOCIATED)
  105.             ;
  106.     }
  108.     private function canCreate(): bool
  109.     {
  110.         return $this->isAdminUser();
  111.     }
  113.     private function canRead(): bool
  114.     {
  115.         return $this->isAdminUser();
  116.     }
  118.     private function canUpdate(): bool
  119.     {
  120.         return $this->isAdminUser();
  121.     }
  123.     private function canDelete(): bool
  124.     {
  125.         return $this->isAdminUser();
  126.     }
  128.     private function canView(LearningCourse $learningCourse): bool
  129.     {
  130.         return $this->isAdminUser() && $learningCourse->isActive();
  131.     }
  133.     private function canExport(): bool
  134.     {
  135.         return $this->isAdminUser();
  136.     }
  138.     private function isOwner(LearningCourse $learningCourseUser $user): bool
  139.     {
  140.         if ($this->isAdminUser() || $this->security->isGranted(UserRolesEnum::ROLE_COORDINATOR_LONG)) {
  141.             return true;
  142.         } else {
  143.             foreach ($learningCourse->getAssociatedUsers() as $associatedUser) {
  144.                 if ($associatedUser->getId() === $user->getId()) {
  145.                     return true;
  146.                 }
  147.             }
  148.         }
  150.         return false;
  151.     }
  153.     private function canActivate(LearningCourse $learningCourse): bool
  154.     {
  155.         return $this->canCreate() && !$learningCourse->isActive();
  156.     }
  158.     private function canDeactivate(LearningCourse $learningCourse): bool
  159.     {
  160.         return $this->canCreate() && $learningCourse->isActive();
  161.     }
  163.     private function canReport(): bool
  164.     {
  165.         return $this->isAdminUser();
  166.     }
  168.     private function isAdminUser(): bool
  169.     {
  170.         return $this->security->isGranted(MenuRolesManagerEnum::ROLE_MENU_LEARNING_PLATFORM);
  171.     }
  172. }