src/Security/Voter/PointsCatalog/CatalogGiftVoter.php line 17

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter\PointsCatalog;
  5. use App\Entity\PointsCatalog\CatalogGift;
  6. use App\Entity\User;
  7. use App\Enum\MenuRolesAssociatedEnum;
  8. use App\Enum\MenuRolesManagerEnum;
  9. use App\Enum\UserRolesEnum;
  10. use App\Enum\VotersEnum;
  11. use LogicException;
  12. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  13. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  14. use Symfony\Component\Security\Core\Security;
  15. use Symfony\Component\Security\Core\User\UserInterface;
  17. class CatalogGiftVoter extends Voter
  18. {
  19.     private Security $security;
  20.     private array $voters;
  22.     public function __construct(Security $security)
  23.     {
  24.         $this->security $security;
  25.         $this->voters = [
  26.             VotersEnum::LIST_CATALOG_GIFT,
  27.             VotersEnum::CREATE_CATALOG_GIFT,
  28.             VotersEnum::READ,
  29.             VotersEnum::UPDATE,
  30.             VotersEnum::DELETE,
  31.             VotersEnum::EXPORT_CATALOG_GIFT,
  32.             VotersEnum::IMPORT_CATALOG_GIFT,
  33.             VotersEnum::REMOVE_MULTIPLE_CATALOG_GIFT,
  34.         ];
  35.     }
  37.     protected function supports(string $attribute$subject): bool
  38.     {
  39.         // first check the $subject and last if the $attribute is supported,
  40.         // because there are attributes (with subject) used as well by other voters (like UPDATE, ...)
  41.         if ($subject && !$subject instanceof CatalogGift) {
  42.             // only vote on these objects
  43.             return false;
  44.         }
  45.         if (in_array($attribute$this->voters)) {
  46.             // if the attribute is one we support
  47.             return true;
  48.         }
  50.         return false;
  51.     }
  53.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  54.     {
  55.         $user $token->getUser();
  56.         if (!$user instanceof User) {
  57.             // the user must be logged in; if not, deny access
  58.             return false;
  59.         }
  60.         switch ($attribute) {
  61.             case VotersEnum::LIST_CATALOG_GIFT:
  62.                 return $this->canList();
  63.             case VotersEnum::CREATE_CATALOG_GIFT:
  64.                 return $this->canCreate();
  65.             case VotersEnum::READ:
  66.                 return $this->canRead($subject$user);
  67.             case VotersEnum::UPDATE:
  68.                 return $this->canUpdate($subject$user);
  69.             case VotersEnum::DELETE:
  70.                 return $this->canDelete($subject$user);
  71.             case VotersEnum::EXPORT_CATALOG_GIFT:
  72.                 return $this->canExport();
  73.             case VotersEnum::IMPORT_CATALOG_GIFT:
  74.                 return $this->canImport();
  75.             case VotersEnum::REMOVE_MULTIPLE_CATALOG_GIFT:
  76.                 return $this->canRemoveMultiple();
  77.         }
  79.         throw new LogicException('This code should not be reached!');
  80.     }
  82.     private function canList(): bool
  83.     {
  84.         return $this->isAdminUser()
  85.             || $this->isCoordinatorUser()
  86.             ;
  87.     }
  89.     private function canCreate(): bool
  90.     {
  91.         return $this->isAdminUser()
  92.             || $this->isCoordinatorUser()
  93.             ;
  94.     }
  96.     private function canRead(CatalogGift $catalogGiftUserInterface $user): bool
  97.     {
  98.         return $this->isAdminUser()
  99.             || ($this->isCoordinatorUser() && $catalogGift->userHasAccess($user))
  100.             || ($this->isAssociatedUser() && $catalogGift->userHasAccess($user))
  101.             ;
  102.     }
  104.     private function canUpdate(CatalogGift $catalogGiftUserInterface $user): bool
  105.     {
  106.         return $this->isAdminUser();
  107.     }
  109.     private function canDelete(CatalogGift $catalogGiftUserInterface $user): bool
  110.     {
  111.         return $this->isAdminUser();
  112.     }
  114.     private function canExport(): bool
  115.     {
  116.         return $this->isAdminUser();
  117.     }
  119.     private function canImport(): bool
  120.     {
  121.         return $this->isAdminUser();
  122.     }
  124.     private function canRemoveMultiple(): bool
  125.     {
  126.         return $this->isAdminUser();
  127.     }
  129.     private function isAssociatedUser(): bool
  130.     {
  131.         return $this->security->isGranted(MenuRolesAssociatedEnum::ROLE_MENU_CATALOG_POINTS_ASSOCIATED);
  132.     }
  134.     private function isCoordinatorUser(): bool
  135.     {
  136.         return $this->security->isGranted(UserRolesEnum::ROLE_COORDINATOR_LONG);
  137.     }
  139.     private function isAdminUser(): bool
  140.     {
  141.         return $this->security->isGranted(MenuRolesManagerEnum::ROLE_MENU_CATALOG_POINTS);
  142.     }
  143. }