src/Security/Voter/MediaLibrary/CooperativeMediaVoter.php line 16

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter\MediaLibrary;
  5. use App\Entity\MediaLibrary\CooperativeMedia;
  6. use App\Entity\User;
  7. use App\Enum\MenuRolesAssociatedEnum;
  8. use App\Enum\MenuRolesManagerEnum;
  9. use App\Enum\UserRolesEnum;
  10. use App\Enum\VotersEnum;
  11. use LogicException;
  12. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  13. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  14. use Symfony\Component\Security\Core\Security;
  16. class CooperativeMediaVoter extends Voter
  17. {
  18.     private Security $security;
  19.     private array $voters;
  21.     public function __construct(Security $security)
  22.     {
  23.         $this->security $security;
  24.         $this->voters = [
  25.             VotersEnum::LIST_COOPERATIVE_MEDIA,
  26.             VotersEnum::LIST_COOPERATIVE_MEDIA_ASSOCIATED,
  27.             VotersEnum::CREATE_COOPERATIVE_MEDIA,
  28.             VotersEnum::READ,
  29.             VotersEnum::UPDATE,
  30.             VotersEnum::DELETE,
  31.             VotersEnum::VIEW,
  32.         ];
  33.     }
  35.     protected function supports(string $attribute$subject): bool
  36.     {
  37.         // first check the $subject and last if the $attribute is supported,
  38.         // because there are attributes (with subject) used as well by other voters (like UPDATE, ...)
  39.         if ($subject && !$subject instanceof CooperativeMedia) {
  40.             // only vote on these objects
  41.             return false;
  42.         }
  43.         if (in_array($attribute$this->voters)) {
  44.             // if the attribute is one we support
  45.             return true;
  46.         }
  48.         return false;
  49.     }
  51.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  52.     {
  53.         $user $token->getUser();
  54.         if (!$user instanceof User) {
  55.             // the user must be logged in; if not, deny access
  56.             return false;
  57.         }
  58.         switch ($attribute) {
  59.             case VotersEnum::LIST_COOPERATIVE_MEDIA:
  60.                 return $this->canList();
  61.             case VotersEnum::LIST_COOPERATIVE_MEDIA_ASSOCIATED:
  62.                 return $this->canListAssociated();
  63.             case VotersEnum::CREATE_COOPERATIVE_MEDIA:
  64.                 return $this->canCreate();
  65.             case VotersEnum::READ:
  66.                 return $this->canRead();
  67.             case VotersEnum::UPDATE:
  68.                 return $this->canUpdate();
  69.             case VotersEnum::DELETE:
  70.                 return $this->canDelete();
  71.             case VotersEnum::VIEW:
  72.                 return $this->canView();
  73.         }
  75.         throw new LogicException('This code should not be reached!');
  76.     }
  78.     private function canList(): bool
  79.     {
  80.         return $this->isAdminUser();
  81.     }
  83.     private function canListAssociated(): bool
  84.     {
  85.         return $this->isAssociatedUser();
  86.     }
  88.     private function canCreate(): bool
  89.     {
  90.         return $this->isAdminUser();
  91.     }
  93.     private function canRead(): bool
  94.     {
  95.         return $this->isAdminUser();
  96.     }
  98.     private function canUpdate(): bool
  99.     {
  100.         return $this->isAdminUser();
  101.     }
  103.     private function canDelete(): bool
  104.     {
  105.         return $this->isAdminUser();
  106.     }
  108.     private function canView(): bool
  109.     {
  110.         return $this->isAdminUser() || $this->isAssociatedUser();
  111.     }
  113.     private function isAdminUser(): bool
  114.     {
  115.         return $this->security->isGranted(MenuRolesManagerEnum::ROLE_MENU_MEDIA_LIBRARY);
  116.     }
  118.     private function isAssociatedUser(): bool
  119.     {
  120.         return $this->security->isGranted(MenuRolesAssociatedEnum::ROLE_MENU_MEDIA_LIBRARY_ASSOCIATED)
  121.             || $this->security->isGranted(UserRolesEnum::ROLE_COORDINATOR_LONG)
  122.             ;
  123.     }
  124. }