src/Security/Voter/OnlineShop/ProductSecurityVoter.php line 17

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter\OnlineShop;
  5. use App\Entity\OnlineShop\Product;
  6. use App\Entity\User;
  7. use App\Enum\MenuRolesAssociatedEnum;
  8. use App\Enum\MenuRolesManagerEnum;
  9. use App\Enum\UserRolesEnum;
  10. use App\Enum\VotersEnum;
  11. use App\Manager\ProvidersManager;
  12. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  13. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  14. use Symfony\Component\Security\Core\Security;
  15. use Symfony\Component\Security\Core\User\UserInterface;
  17. final class ProductSecurityVoter extends Voter
  18. {
  19.     private Security $security;
  20.     private array $voters;
  21.     private ProvidersManager $providersManager;
  23.     public function __construct(Security $securityProvidersManager $providersManager)
  24.     {
  25.         $this->security $security;
  26.         $this->voters = [
  27.             VotersEnum::LIST_PRODUCT,
  28.             VotersEnum::CREATE_PRODUCT,
  29.             VotersEnum::READ,
  30.             VotersEnum::UPDATE,
  31.             VotersEnum::DELETE,
  32.             VotersEnum::EXPORT_PRODUCT,
  33.             VotersEnum::IMPORT_PRODUCT,
  34.             VotersEnum::REMOVE_MULTIPLE_PRODUCT,
  35.             VotersEnum::LIST_PRODUCTS_META_CATALOG,
  36.         ];
  37.         $this->providersManager $providersManager;
  38.     }
  40.     protected function supports(string $attribute$subject): bool
  41.     {
  42.         // first check the $subject and last if the $attribute is supported,
  43.         // because there are attributes (with subject) used as well by other voters (like UPDATE, ...)
  44.         if ($subject && !$subject instanceof Product) {
  45.             // only vote on these objects
  46.             return false;
  47.         }
  48.         if (in_array($attribute$this->voters)) {
  49.             // if the attribute is one we support
  50.             return true;
  51.         }
  53.         return false;
  54.     }
  56.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  57.     {
  58.         $user $token->getUser();
  59.         if (!$user instanceof User) {
  60.             // the user must be logged in; if not, deny access
  61.             return false;
  62.         }
  63.         switch ($attribute) {
  64.             case VotersEnum::LIST_PRODUCT:
  65.                 return $this->canList();
  66.             case VotersEnum::CREATE_PRODUCT:
  67.                 return $this->canCreate();
  68.             case VotersEnum::READ:
  69.                 return $this->canRead($subject$user);
  70.             case VotersEnum::UPDATE:
  71.                 return $this->canUpdate($subject$user);
  72.             case VotersEnum::DELETE:
  73.                 return $this->canDelete($subject$user);
  74.             case VotersEnum::EXPORT_PRODUCT:
  75.                 return $this->canExport();
  76.             case VotersEnum::IMPORT_PRODUCT:
  77.                 return $this->canImport();
  78.             case VotersEnum::REMOVE_MULTIPLE_PRODUCT:
  79.                 return $this->canRemoveMultiple();
  80.             case VotersEnum::LIST_PRODUCTS_META_CATALOG:
  81.                 return $this->canListProductsMetaCatalog();
  82.         }
  84.         throw new \LogicException('This code should not be reached!');
  85.     }
  87.     private function canList(): bool
  88.     {
  89.         return $this->isAdminUser()
  90.             || $this->security->isGranted(UserRolesEnum::ROLE_PROVIDER_LONG)
  91.             ;
  92.     }
  94.     private function canCreate(): bool
  95.     {
  96.         return $this->isAdminUser()
  97.             || $this->security->isGranted(UserRolesEnum::ROLE_PROVIDER_LONG)
  98.             ;
  99.     }
  101.     private function canRead(Product $productUserInterface $user): bool
  102.     {
  103.         return $this->isAdminUser()
  104.             || ($this->security->isGranted(UserRolesEnum::ROLE_PROVIDER_LONG) && $this->providersManager->isProductAvailableForProvider($product$user))
  105.             || ($this->security->isGranted(UserRolesEnum::ROLE_COORDINATOR_LONG) && $product->userHasAccess($user))
  106.             || ($this->security->isGranted(MenuRolesAssociatedEnum::ROLE_MENU_ONLINE_SHOP_ASSOCIATED) && $product->userHasAccess($user))
  107.             ;
  108.     }
  110.     private function canUpdate(Product $productUserInterface $user): bool
  111.     {
  112.         return $this->isAdminUser()
  113.             || ($this->security->isGranted(UserRolesEnum::ROLE_PROVIDER_LONG) && $this->providersManager->isProductAvailableForProvider($product$user))
  114.             ;
  115.     }
  117.     private function canDelete(Product $productUserInterface $user): bool
  118.     {
  119.         return $this->isAdminUser()
  120.             || ($this->security->isGranted(UserRolesEnum::ROLE_PROVIDER_LONG) && $this->providersManager->isProductAvailableForProvider($product$user))
  121.             ;
  122.     }
  124.     private function canExport(): bool
  125.     {
  126.         return $this->isAdminUser();
  127.     }
  129.     private function canImport(): bool
  130.     {
  131.         return $this->isAdminUser();
  132.     }
  134.     private function canRemoveMultiple(): bool
  135.     {
  136.         return $this->isAdminUser();
  137.     }
  139.     private function canListProductsMetaCatalog(): bool
  140.     {
  141.         return $this->isAdminUser();
  142.     }
  144.     private function isAdminUser(): bool
  145.     {
  146.         return $this->security->isGranted(MenuRolesManagerEnum::ROLE_MENU_ONLINE_SHOP);
  147.     }
  148. }