src/Security/Voter/Promotions/LocalPromotionVoter.php line 16

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter\Promotions;
  5. use App\Entity\Promotions\LocalPromotion;
  6. use App\Entity\User;
  7. use App\Enum\MenuRolesAssociatedEnum;
  8. use App\Enum\MenuRolesManagerEnum;
  9. use App\Enum\UserRolesEnum;
  10. use App\Enum\VotersEnum;
  11. use LogicException;
  12. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  13. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  14. use Symfony\Component\Security\Core\Security;
  16. class LocalPromotionVoter extends Voter
  17. {
  18.     private Security $security;
  19.     private array $voters;
  21.     public function __construct(Security $security)
  22.     {
  23.         $this->security $security;
  24.         $this->voters = [
  25.             VotersEnum::LIST_LOCAL_PROMOTION,
  26.             VotersEnum::LIST_LOCAL_PROMOTION_ASSOCIATED,
  27.             VotersEnum::LIST_LOCAL_PROMOTION_COORDINATOR,
  28.             VotersEnum::CREATE_LOCAL_PROMOTION,
  29.             VotersEnum::READ,
  30.             VotersEnum::UPDATE,
  31.             VotersEnum::DELETE,
  32.         ];
  33.     }
  35.     protected function supports(string $attribute$subject): bool
  36.     {
  37.         // first check the $subject and last if the $attribute is supported,
  38.         // because there are attributes (with subject) used as well by other voters (like UPDATE, ...)
  39.         if ($subject && !$subject instanceof LocalPromotion) {
  40.             // only vote on these objects
  41.             return false;
  42.         }
  43.         if (in_array($attribute$this->voters)) {
  44.             // if the attribute is one we support
  45.             return true;
  46.         }
  48.         return false;
  49.     }
  51.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  52.     {
  53.         $user $token->getUser();
  54.         if (!$user instanceof User) {
  55.             // the user must be logged in; if not, deny access
  56.             return false;
  57.         }
  59.         // you know $subject is a LocalPromotion object, thanks to `supports()`
  60.         /** @var LocalPromotion $localPromotion */
  61.         $localPromotion $subject;
  62.         switch ($attribute) {
  63.             case VotersEnum::LIST_LOCAL_PROMOTION:
  64.                 return $this->canList();
  65.             case VotersEnum::LIST_LOCAL_PROMOTION_ASSOCIATED:
  66.                 return $this->canListAssociated();
  67.             case VotersEnum::LIST_LOCAL_PROMOTION_COORDINATOR:
  68.                 return $this->canListCoordinator();
  69.             case VotersEnum::CREATE_LOCAL_PROMOTION:
  70.                 return $this->canCreate();
  71.             case VotersEnum::READ:
  72.                 return $this->canRead($localPromotion$user);
  73.             case VotersEnum::UPDATE:
  74.                 return $this->canUpdate($localPromotion$user);
  75.             case VotersEnum::DELETE:
  76.                 return $this->canDelete($localPromotion$user);
  77.         }
  79.         throw new LogicException('This code should not be reached!');
  80.     }
  82.     private function canList(): bool
  83.     {
  84.         return $this->isAdminUser();
  85.     }
  87.     private function canListAssociated(): bool
  88.     {
  89.         return $this->isAdminUser()
  90.             || $this->isAssociatedUser()
  91.             ;
  92.     }
  94.     private function canListCoordinator(): bool
  95.     {
  96.         return $this->isAdminUser()
  97.             || $this->isCoordinatorUser()
  98.             ;
  99.     }
  101.     private function canCreate(): bool
  102.     {
  103.         if ($this->isAdminUser()
  104.             || $this->isCoordinatorUser()
  105.             || $this->isAssociatedUser()) {
  106.             return true;
  107.         }
  109.         return false;
  110.     }
  112.     private function canRead(LocalPromotion $localPromotionUser $user): bool
  113.     {
  114.         return $this->isOwner($localPromotion$user);
  115.     }
  117.     private function canUpdate(LocalPromotion $localPromotionUser $user): bool
  118.     {
  119.         return $this->isOwner($localPromotion$user);
  120.     }
  122.     private function canDelete(LocalPromotion $localPromotionUser $user): bool
  123.     {
  124.         return $this->isOwner($localPromotion$user);
  125.     }
  127.     private function isOwner(LocalPromotion $localPromotionUser $user): bool
  128.     {
  129.         if ($this->isAdminUser()) {
  130.             return true;
  131.         } elseif ($this->isCoordinatorUser()) {
  132.             foreach ($user->getWorkProvinces() as $province) {
  133.                 if ($localPromotion->getGarage()->getAddress()->getProvince()->getId() === $province->getId()) {
  134.                     return true;
  135.                 }
  136.             }
  137.         } elseif ($this->isAssociatedUser()) {
  138.             if ($localPromotion->getGarage()->getOwner()->getId() === $user->getId()) {
  139.                 return true;
  140.             }
  141.         }
  143.         return false;
  144.     }
  146.     private function isAssociatedUser(): bool
  147.     {
  148.         return $this->security->isGranted(MenuRolesAssociatedEnum::ROLE_MENU_LOCAL_PROMOTIONS_ASSOCIATED);
  149.     }
  151.     private function isCoordinatorUser(): bool
  152.     {
  153.         return $this->security->isGranted(UserRolesEnum::ROLE_COORDINATOR_LONG);
  154.     }
  156.     private function isAdminUser(): bool
  157.     {
  158.         return $this->security->isGranted(MenuRolesManagerEnum::ROLE_MENU_LOCAL_PROMOTIONS);
  159.     }
  160. }