src/Security/Voter/OnlineShop/OrderSecurityVoter.php line 16

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter\OnlineShop;
  5. use App\Entity\OnlineShop\Order;
  6. use App\Entity\User;
  7. use App\Enum\MenuRolesAssociatedEnum;
  8. use App\Enum\MenuRolesManagerEnum;
  9. use App\Enum\UserRolesEnum;
  10. use App\Enum\VotersEnum;
  11. use LogicException;
  12. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  13. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  14. use Symfony\Component\Security\Core\Security;
  16. final class OrderSecurityVoter extends Voter
  17. {
  18.     private Security $security;
  19.     private array $voters;
  21.     public function __construct(Security $security)
  22.     {
  23.         $this->security $security;
  24.         $this->voters = [
  25.             VotersEnum::LIST_ORDER,
  26.             VotersEnum::LIST_ORDER_ASSOCIATED,
  27.             VotersEnum::LIST_ORDER_COORDINATOR,
  28.             VotersEnum::READ,
  29.             VotersEnum::UPDATE,
  30.             VotersEnum::DELETE,
  31.             VotersEnum::EXPORT_ORDER,
  32.             VotersEnum::LIST_SUPPLIER_PROMOTIONS,
  33.             VotersEnum::LIST_RATES_ONLINESHOP,
  34.             VotersEnum::LIST_PRODUCTS_ONLINESHOP,
  35.             VotersEnum::PLACE_ORDER_ONLINESHOP,
  36.             VotersEnum::PROCESS,
  37.             VotersEnum::REOPEN,
  38.         ];
  39.     }
  41.     protected function supports(string $attribute$subject): bool
  42.     {
  43.         // first check the $subject and last if the $attribute is supported,
  44.         // because there are attributes (with subject) used as well by other voters (like UPDATE, ...)
  45.         if ($subject && !$subject instanceof Order) {
  46.             // only vote on these objects
  47.             return false;
  48.         }
  49.         if (in_array($attribute$this->voters)) {
  50.             // if the attribute is one we support
  51.             return true;
  52.         }
  54.         return false;
  55.     }
  57.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  58.     {
  59.         $user $token->getUser();
  60.         if (!$user instanceof User) {
  61.             // the user must be logged in; if not, deny access
  62.             return false;
  63.         }
  64.         switch ($attribute) {
  65.             case VotersEnum::LIST_ORDER:
  66.                 return $this->canList();
  67.             case VotersEnum::LIST_ORDER_ASSOCIATED:
  68.                 return $this->canListAssociated();
  69.             case VotersEnum::LIST_ORDER_COORDINATOR:
  70.                 return $this->canListCoordinator();
  71.             case VotersEnum::READ:
  72.                 return $this->canRead();
  73.             case VotersEnum::UPDATE:
  74.                 return $this->canUpdate($subject);
  75.             case VotersEnum::DELETE:
  76.                 return $this->canDelete();
  77.             case VotersEnum::EXPORT_ORDER:
  78.                 return $this->canExport();
  79.             case VotersEnum::LIST_SUPPLIER_PROMOTIONS:
  80.                 return $this->canListSupplierPromotions();
  81.             case VotersEnum::LIST_RATES_ONLINESHOP:
  82.                 return $this->canListRates();
  83.             case VotersEnum::LIST_PRODUCTS_ONLINESHOP:
  84.                 return $this->canListProducts();
  85.             case VotersEnum::PLACE_ORDER_ONLINESHOP:
  86.                 return $this->canPlaceOrder();
  87.             case VotersEnum::PROCESS:
  88.                 return $this->canProcessOrder($subject);
  89.             case VotersEnum::REOPEN:
  90.                 return $this->canReopenOrder($subject);
  91.         }
  93.         throw new LogicException('This code should not be reached!');
  94.     }
  96.     private function canList(): bool
  97.     {
  98.         return $this->isAdminUser();
  99.     }
  101.     private function canListAssociated(): bool
  102.     {
  103.         return $this->isAssociatedUser() || $this->isProviderUser();
  104.     }
  106.     private function canListCoordinator(): bool
  107.     {
  108.         return $this->isCoordinatorUser();
  109.     }
  111.     private function canRead(): bool
  112.     {
  113.         return $this->isAdminUser()
  114.             || $this->isCoordinatorUser()
  115.             || $this->isAssociatedUser()
  116.             || $this->isProviderUser()
  117.             ;
  118.     }
  120.     private function canUpdate(Order $order): bool
  121.     {
  122.         return $this->isAdminUser() && $order->isPending();
  123.     }
  125.     private function canDelete(): bool
  126.     {
  127.         return $this->isAdminUser();
  128.     }
  130.     private function canExport(): bool
  131.     {
  132.         return $this->isAdminUser();
  133.     }
  135.     private function canListSupplierPromotions(): bool
  136.     {
  137.         return $this->isAdminUser()
  138.             || $this->isCoordinatorUser()
  139.             || $this->isAssociatedUser()
  140.             ;
  141.     }
  143.     private function canListRates(): bool
  144.     {
  145.         return $this->isAdminUser()
  146.             || $this->isCoordinatorUser()
  147.             || $this->isAssociatedUser()
  148.             ;
  149.     }
  151.     private function canListProducts(): bool
  152.     {
  153.         return $this->isAdminUser()
  154.             || $this->isCoordinatorUser()
  155.             || $this->isAssociatedUser()
  156.             || $this->isProviderUser()
  157.             ;
  158.     }
  160.     private function canPlaceOrder(): bool
  161.     {
  162.         return $this->isAdminUser()
  163.             || $this->isCoordinatorUser()
  164.             || $this->isAssociatedUser()
  165.             || $this->isProviderUser()
  166.             ;
  167.     }
  169.     private function canProcessOrder(Order $order): bool
  170.     {
  171.         return $this->isAdminUser() && $order->isPending();
  172.     }
  174.     private function canReopenOrder(Order $order): bool
  175.     {
  176.         return $this->isAdminUser() && $order->isPending();
  177.     }
  179.     private function isAssociatedUser(): bool
  180.     {
  181.         return $this->security->isGranted(MenuRolesAssociatedEnum::ROLE_MENU_ONLINE_SHOP_ASSOCIATED);
  182.     }
  184.     private function isProviderUser(): bool
  185.     {
  186.         return $this->security->isGranted(UserRolesEnum::ROLE_PROVIDER_LONG);
  187.     }
  189.     private function isCoordinatorUser(): bool
  190.     {
  191.         return $this->security->isGranted(UserRolesEnum::ROLE_COORDINATOR_LONG);
  192.     }
  194.     private function isAdminUser(): bool
  195.     {
  196.         return $this->security->isGranted(MenuRolesManagerEnum::ROLE_MENU_ONLINE_SHOP);
  197.     }
  198. }