Symfony Profiler

<?php
namespace App\Security\Voter;
use App\Entity\Client\Client;
use App\Entity\File;
use App\Entity\User;
use Doctrine\ORM\EntityManagerInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\Security;
class FileVoter extends Voter
{
// these strings are just invented: you can use anything
const VIEW = 'view';
const EDIT = 'edit';
const DELETE = 'delete';
/**
* @var Security
*/
private Security $security;
/**
* @var EntityManagerInterface
*/
private EntityManagerInterface $entityManager;
public function __construct(Security $security, EntityManagerInterface $entityManager)
{
$this->security = $security;
$this->entityManager = $entityManager;
}
protected function supports(string $attribute, $subject): bool
{
// if the attribute isn't one we support, return false
if (!in_array($attribute, [self::VIEW, self::EDIT, self::DELETE], true)) {
return false;
}
// only vote on `File` objects
if (!$subject instanceof File) {
return false;
}
return true;
}
protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
{
$loggedUser = $token->getUser();
if (!$loggedUser instanceof User) {
// the user must be logged in; if not, deny access
return false;
}
// you know $subject is a Post object, thanks to `supports()`
/** @var File $targetFile */
$targetFile = $subject;
switch ($attribute) {
case self::VIEW:
return $this->canSee($targetFile, $loggedUser);
case self::EDIT:
return $this->canEdit($targetFile, $loggedUser);
case self::DELETE:
return $this->canDelete($targetFile, $loggedUser);
}
throw new \LogicException('This code should not be reached!');
}
/**
* @param File $targetFile
* @param User $loggedUser
* @return bool
*/
private function canSee(File $targetFile, User $loggedUser): bool
{
if ($targetFile->isCommon() && $this->security->isGranted('IS_AUTHENTICATED_FULLY')) {
return true;
}
// file has no client
if ($targetFile->getClient() === null) {
return false;
}
/** @var Client $fileClient */
$fileClient = $targetFile->getClient();
// sanity check (different client than logged user client)
if ($fileClient->getId() !== $loggedUser->getClient()->getId()) {
return false;
}
/** user who created this file is granted */
if ($targetFile->getCreatedBy() === $loggedUser) {
return true;
}
// vote by sharing options - context client
if ($targetFile->getContext() === File::CONTEXT_CLIENT) {
return in_array($targetFile->getSharedWith(), File::getSharedWithOptionsByRole($loggedUser->getRole()->getName()), true);
}
// vote by buildings
if ($this->security->isGranted('ROLE_CAN_SEE_ALL_BUILDINGS')) {
return true;
}
if (!$targetFile->getBuildings()->isEmpty()) {
foreach ($targetFile->getBuildings() as $building) {
if ($loggedUser->getBuildings()->contains($building)) {
return true;
}
}
}
if (!$targetFile->getGauges()->isEmpty()) {
foreach ($targetFile->getGauges() as $gauge) {
if ($loggedUser->getBuildings()->contains($gauge->getBuilding())) {
return true;
}
}
}
return false;
}
/**
* @param File $targetFile
* @param User $loggedUser
* @return bool
*/
private function canEdit(File $targetFile, User $loggedUser):bool
{
if ($targetFile->isCommon()) {
return $this->security->isGranted('ROLE_CAN_EDIT_COMMON_FILE') && $this->canSee($targetFile, $loggedUser);
}
return $this->security->isGranted('ROLE_CAN_EDIT_FILE') && $this->canSee($targetFile, $loggedUser);
}
/**
* @param File $targetFile
* @param User $loggedUser
* @return bool
*/
private function canDelete(File $targetFile, User $loggedUser):bool
{
if ($targetFile->isCommon()) {
return $this->security->isGranted('ROLE_CAN_DELETE_COMMON_FILE') && $this->canSee($targetFile, $loggedUser);
}
return $this->security->isGranted('ROLE_CAN_DELETE_FILE') && $this->canSee($targetFile, $loggedUser);
}
}

src/Security/Voter/FileVoter.php line 13