src/Security/Voter/GaugeVoter.php line 12

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter;
  5. use App\Entity\Gauge\Gauge;
  6. use App\Entity\User;
  7. use Doctrine\ORM\EntityManagerInterface;
  8. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  9. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  10. use Symfony\Component\Security\Core\Security;
  12. class GaugeVoter extends Voter
  13. {
  14. // these strings are just invented: you can use anything
  15. const VIEW = 'view';
  16. const EDIT = 'edit';
  17. const DELETE = 'delete';
  18. /**
  19. * @var Security
  20. */
  21. private Security $security;
  22. /**
  23. * @var EntityManagerInterface
  24. */
  25. private EntityManagerInterface $entityManager;
  27. public function __construct(Security $security, EntityManagerInterface $entityManager)
  28. {
  29. $this->security = $security;
  30. $this->entityManager = $entityManager;
  31. }
  33. protected function supports(string $attribute, $subject): bool
  34. {
  35. // if the attribute isn't one we support, return false
  36. if (!in_array($attribute, [self::VIEW, self::EDIT, self::DELETE], true)) {
  37. return false;
  38. }
  40. // only vote on `Gauge` objects
  41. if (!$subject instanceof Gauge) {
  42. return false;
  43. }
  45. return true;
  46. }
  48. protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
  49. {
  50. $loggedUser = $token->getUser();
  52. if (!$loggedUser instanceof User) {
  53. // the user must be logged in; if not, deny access
  54. return false;
  55. }
  57. // you know $subject is a Post object, thanks to `supports()`
  58. /** @var Gauge $targetGauge */
  59. $targetGauge = $subject;
  61. switch ($attribute) {
  62. case self::VIEW:
  63. return $this->canSee($targetGauge, $loggedUser);
  64. case self::EDIT:
  65. return $this->canEdit($targetGauge, $loggedUser);
  66. case self::DELETE:
  67. return $this->canDelete($targetGauge, $loggedUser);
  68. }
  70. throw new \LogicException('This code should not be reached!');
  71. }
  74. /**
  75. * @param Gauge $targetGauge
  76. * @param User $loggedUser
  77. * @return bool
  78. */
  79. private function canEdit(Gauge $targetGauge, User $loggedUser): bool
  80. {
  81. if ($this->canSee($targetGauge, $loggedUser) && $this->security->isGranted('ROLE_CAN_EDIT_GAUGE')) {
  82. return true;
  83. }
  84. return false;
  85. }
  87. /**
  88. * @param Gauge $targetGauge
  89. * @param User $loggedUser
  90. * @return bool
  91. */
  92. private function canDelete(Gauge $targetGauge, User $loggedUser): bool
  93. {
  94. if ($this->canSee($targetGauge, $loggedUser) && $this->security->isGranted('ROLE_CAN_DELETE_GAUGE')) {
  95. return true;
  96. }
  97. return false;
  98. }
  100. /**
  101. * @param Gauge $targetGauge
  102. * @param User $loggedUser
  103. * @return bool
  104. */
  105. private function canSee(Gauge $targetGauge, User $loggedUser): bool
  106. {
  107. // if can see gauge building and has permission ROLE_CAN_SEE_GAUGE_DETAIL
  108. if ($this->security->isGranted('view', $targetGauge->getBuilding()) && $this->security->isGranted('ROLE_CAN_SEE_GAUGE_DETAIL')) {
  109. return true;
  110. }
  112. return false;
  113. }
  114. }