src/Security/Voter/DataImportVoter.php line 11

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter;
  5. use App\Entity\Import\DataImport;
  6. use App\Entity\User;
  7. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  8. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  9. use Symfony\Component\Security\Core\Security;
  11. class DataImportVoter extends Voter
  12. {
  13. // these strings are just invented: you can use anything
  14. const VIEW = 'view';
  15. const EDIT = 'edit';
  16. const DELETE = 'delete';
  17. /**
  18. * @var Security
  19. */
  20. private Security $security;
  22. public function __construct(Security $security)
  23. {
  24. $this->security = $security;
  25. }
  27. protected function supports(string $attribute, $subject): bool
  28. {
  29. // if the attribute isn't one we support, return false
  30. if (!in_array($attribute, [self::VIEW, self::EDIT, self::DELETE], true)) {
  31. return false;
  32. }
  34. // only vote on `File` objects
  35. if (!$subject instanceof DataImport) {
  36. return false;
  37. }
  39. return true;
  40. }
  42. protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
  43. {
  44. $loggedUser = $token->getUser();
  46. if (!$loggedUser instanceof User) {
  47. // the user must be logged in; if not, deny access
  48. return false;
  49. }
  51. // you know $subject is a Post object, thanks to `supports()`
  52. /** @var DataImport $targetObj */
  53. $targetObj = $subject;
  55. switch ($attribute) {
  56. case self::VIEW:
  57. case self::EDIT:
  58. return $this->canSee($targetObj, $loggedUser);
  59. case self::DELETE:
  60. return $this->canDelete($targetObj, $loggedUser);
  62. }
  64. throw new \LogicException('This code should not be reached!');
  65. }
  67. private function canSee(DataImport $targetObj, User $loggedUser): bool
  68. {
  69. // sanity check (different client than logged user client)
  70. if ($targetObj->getClient()->getId() !== $loggedUser->getClient()->getId()) {
  71. return false;
  72. }
  74. if ($targetObj->isInvoiceType() && $this->security->isGranted('ROLE_CAN_IMPORT_INVOICES')) {
  75. return true;
  76. }
  78. if ($targetObj->isReadingsType() && $this->security->isGranted('ROLE_CAN_IMPORT_GAUGE_READINGS')) {
  79. return true;
  80. }
  82. if (in_array($targetObj->getType(), [DataImport::TYPE_GAUGES, DataImport::TYPE_GAUGES_EDIT]) && $this->security->isGranted('ROLE_CAN_IMPORT_GAUGES')) {
  83. return true;
  84. }
  86. return false;
  87. }
  89. private function canDelete(DataImport $targetObj, User $loggedUser): bool
  90. {
  91. if (!$this->canSee($targetObj, $loggedUser)) {
  92. return false;
  93. }
  95. if ($targetObj->isInvoiceType() && $this->security->isGranted('ROLE_CAN_DELETE_IMPORT_INVOICES')) {
  96. return true;
  97. }
  99. if ($targetObj->isReadingsType() && $this->security->isGranted('ROLE_CAN_DELETE_IMPORT_GAUGE_READINGS')) {
  100. return true;
  101. }
  103. return false;
  104. }
  105. }