src/Security/Voter/PointsCatalog/CatalogGiftCategoryVoter.php line 14

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter\PointsCatalog;
  5. use App\Entity\PointsCatalog\CatalogGiftCategory;
  6. use App\Entity\User;
  7. use App\Enum\MenuRolesManagerEnum;
  8. use App\Enum\VotersEnum;
  9. use LogicException;
  10. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  11. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  12. use Symfony\Component\Security\Core\Security;
  14. class CatalogGiftCategoryVoter extends Voter
  15. {
  16.     private Security $security;
  17.     private array $voters;
  19.     public function __construct(Security $security)
  20.     {
  21.         $this->security $security;
  22.         $this->voters = [
  23.             VotersEnum::LIST_CATALOG_GIFT_CATEGORY,
  24.             VotersEnum::CREATE_CATALOG_GIFT_CATEGORY,
  25.             VotersEnum::READ,
  26.             VotersEnum::UPDATE,
  27.             VotersEnum::DELETE,
  28.         ];
  29.     }
  31.     protected function supports(string $attribute$subject): bool
  32.     {
  33.         // first check the $subject and last if the $attribute is supported,
  34.         // because there are attributes (with subject) used as well by other voters (like UPDATE, ...)
  35.         if ($subject && !$subject instanceof CatalogGiftCategory) {
  36.             // only vote on these objects
  37.             return false;
  38.         }
  39.         if (in_array($attribute$this->voters)) {
  40.             // if the attribute is one we support
  41.             return true;
  42.         }
  44.         return false;
  45.     }
  47.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  48.     {
  49.         $user $token->getUser();
  50.         if (!$user instanceof User) {
  51.             // the user must be logged in; if not, deny access
  52.             return false;
  53.         }
  54.         switch ($attribute) {
  55.             case VotersEnum::LIST_CATALOG_GIFT_CATEGORY:
  56.                 return $this->canList();
  57.             case VotersEnum::CREATE_CATALOG_GIFT_CATEGORY:
  58.                 return $this->canCreate();
  59.             case VotersEnum::READ:
  60.                 return $this->canRead();
  61.             case VotersEnum::UPDATE:
  62.                 return $this->canUpdate();
  63.             case VotersEnum::DELETE:
  64.                 return $this->canDelete();
  65.         }
  67.         throw new LogicException('This code should not be reached!');
  68.     }
  70.     private function canList(): bool
  71.     {
  72.         return $this->isAdminUser();
  73.     }
  75.     private function canCreate(): bool
  76.     {
  77.         return $this->isAdminUser();
  78.     }
  80.     private function canRead(): bool
  81.     {
  82.         return $this->isAdminUser();
  83.     }
  85.     private function canUpdate(): bool
  86.     {
  87.         return $this->isAdminUser();
  88.     }
  90.     private function canDelete(): bool
  91.     {
  92.         return $this->isAdminUser();
  93.     }
  95.     private function canExport(): bool
  96.     {
  97.         return $this->isAdminUser();
  98.     }
  100.     private function isAdminUser(): bool
  101.     {
  102.         return $this->security->isGranted(MenuRolesManagerEnum::ROLE_MENU_CATALOG_POINTS);
  103.     }
  104. }