src/Security/Voter/PointsCatalog/CatalogPointMovementVoter.php line 16

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter\PointsCatalog;
  5. use App\Entity\PointsCatalog\CatalogPointMovement;
  6. use App\Entity\User;
  7. use App\Enum\MenuRolesAssociatedEnum;
  8. use App\Enum\MenuRolesManagerEnum;
  9. use App\Enum\UserRolesEnum;
  10. use App\Enum\VotersEnum;
  11. use LogicException;
  12. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  13. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  14. use Symfony\Component\Security\Core\Security;
  16. class CatalogPointMovementVoter extends Voter
  17. {
  18.     private Security $security;
  19.     private array $voters;
  21.     public function __construct(Security $security)
  22.     {
  23.         $this->security $security;
  24.         $this->voters = [
  25.             VotersEnum::LIST_CATALOG_POINT_MOVEMENT,
  26.             VotersEnum::CREATE_CATALOG_POINT_MOVEMENT,
  27.             VotersEnum::IMPORT_CATALOG_POINT_MOVEMENT,
  28.             VotersEnum::READ,
  29.             VotersEnum::UPDATE,
  30.             VotersEnum::DELETE,
  31.             VotersEnum::EXPORT_CATALOG_POINT_MOVEMENT,
  32.             VotersEnum::CONFIG_CATALOG_POINT,
  33.             VotersEnum::GARAGES_BALANCE_CATALOG_POINT_MOVEMENT,
  34.             VotersEnum::GARAGES_BALANCE_CATALOG_POINT_MOVEMENT_ASSOCIATED,
  35.         ];
  36.     }
  38.     protected function supports(string $attribute$subject): bool
  39.     {
  40.         // first check the $subject and last if the $attribute is supported,
  41.         // because there are attributes (with subject) used as well by other voters (like UPDATE, ...)
  42.         if ($subject && !$subject instanceof CatalogPointMovement) {
  43.             // only vote on these objects
  44.             return false;
  45.         }
  46.         if (in_array($attribute$this->voters)) {
  47.             // if the attribute is one we support
  48.             return true;
  49.         }
  51.         return false;
  52.     }
  54.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  55.     {
  56.         $user $token->getUser();
  57.         if (!$user instanceof User) {
  58.             // the user must be logged in; if not, deny access
  59.             return false;
  60.         }
  61.         switch ($attribute) {
  62.             case VotersEnum::LIST_CATALOG_POINT_MOVEMENT:
  63.                 return $this->canList();
  64.             case VotersEnum::CREATE_CATALOG_POINT_MOVEMENT:
  65.                 return $this->canCreate();
  66.             case VotersEnum::IMPORT_CATALOG_POINT_MOVEMENT:
  67.                 return $this->canImport();
  68.             case VotersEnum::READ:
  69.                 return $this->canRead();
  70.             case VotersEnum::UPDATE:
  71.                 return $this->canUpdate();
  72.             case VotersEnum::DELETE:
  73.                 return $this->canDelete();
  74.             case VotersEnum::EXPORT_CATALOG_POINT_MOVEMENT:
  75.                 return $this->canExport();
  76.             case VotersEnum::CONFIG_CATALOG_POINT:
  77.                 return $this->canConfig();
  78.             case VotersEnum::GARAGES_BALANCE_CATALOG_POINT_MOVEMENT:
  79.                 return $this->canGaragesBalance();
  80.             case VotersEnum::GARAGES_BALANCE_CATALOG_POINT_MOVEMENT_ASSOCIATED:
  81.                 return $this->canGaragesBalanceAssociated();
  82.         }
  84.         throw new LogicException('This code should not be reached!');
  85.     }
  87.     private function canList(): bool
  88.     {
  89.         return $this->isAdminUser() || $this->isCoordinatorUser();
  90.     }
  92.     private function canCreate(): bool
  93.     {
  94.         return $this->isAdminUser();
  95.     }
  97.     private function canImport(): bool
  98.     {
  99.         return $this->isAdminUser();
  100.     }
  102.     private function canRead(): bool
  103.     {
  104.         return $this->isAdminUser() || $this->isCoordinatorUser();
  105.     }
  107.     private function canUpdate(): bool
  108.     {
  109.         return $this->isAdminUser();
  110.     }
  112.     private function canDelete(): bool
  113.     {
  114.         return $this->isAdminUser();
  115.     }
  117.     private function canExport(): bool
  118.     {
  119.         return $this->isAdminUser();
  120.     }
  122.     private function canConfig(): bool
  123.     {
  124.         return $this->isAdminUser();
  125.     }
  127.     private function canGaragesBalance(): bool
  128.     {
  129.         return $this->isAdminUser() || $this->isCoordinatorUser();
  130.     }
  132.     private function canGaragesBalanceAssociated(): bool
  133.     {
  134.         return $this->isAssociatedUser();
  135.     }
  137.     private function isAssociatedUser(): bool
  138.     {
  139.         return $this->security->isGranted(MenuRolesAssociatedEnum::ROLE_MENU_CATALOG_POINTS_ASSOCIATED);
  140.     }
  142.     private function isCoordinatorUser(): bool
  143.     {
  144.         return $this->security->isGranted(UserRolesEnum::ROLE_COORDINATOR_LONG);
  145.     }
  147.     private function isAdminUser(): bool
  148.     {
  149.         return $this->security->isGranted(MenuRolesManagerEnum::ROLE_MENU_CATALOG_POINTS);
  150.     }
  151. }