src/Security/Content/BlogCategoryVoter.php line 11

Open in your IDE?
  1. <?php
  3. namespace App\Security\Content;
  5. use App\Entity\Content\BlogCategory;
  6. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  7. use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
  8. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  9. use Symfony\Component\Security\Core\User\UserInterface;
  11. class BlogCategoryVoter extends Voter
  12. {
  13. const VIEW = 'BLOG_CATEGORY_VIEW';
  14. const VIEW_ANY = 'BLOG_CATEGORY_VIEW_ANY';
  15. const CREATE = 'BLOG_CATEGORY_CREATE';
  16. const EDIT = 'BLOG_CATEGORY_EDIT';
  17. const EDIT_ANY = 'BLOG_CATEGORY_EDIT_ANY';
  18. const DELETE = 'BLOG_CATEGORY_DELETE';
  20. /**
  21. * UserVoter constructor.
  22. */
  23. public function __construct(private readonly AccessDecisionManagerInterface $decisionManager)
  24. {
  25. }
  27. protected function supports($attribute, $subject): bool
  28. {
  29. // if the attribute isn't one we support, return false
  30. if (!in_array($attribute, [
  31. self::VIEW,
  32. self::VIEW_ANY,
  33. self::CREATE,
  34. self::EDIT,
  35. self::EDIT_ANY,
  36. self::DELETE,
  37. ], true)) {
  38. return false;
  39. }
  40. // only vote on Property objects inside this voter
  41. return !($subject && !$subject instanceof BlogCategory);
  42. }
  44. protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
  45. {
  46. if ($this->decisionManager->decide($token, ['ROLE_SUPER_ADMIN'])) {
  47. return true;
  48. }
  50. $user = $token->getUser();
  52. if (!$user instanceof UserInterface) {
  53. // the user must be logged in; if not, deny access
  54. return false;
  55. }
  56. return match ($attribute) {
  57. self::VIEW_ANY => $this->canViewAny($user),
  58. self::VIEW => $this->canView($subject, $user),
  59. self::CREATE => $this->canCreate($user),
  60. self::EDIT => $this->canEdit($subject),
  61. self::EDIT_ANY => $this->canEditAny($subject, $user),
  62. self::DELETE => $this->canDelete($subject, $user),
  63. default => throw new \LogicException('This code should not be reached!'),
  64. };
  65. }
  67. /**
  68. * Check if logged in User can view Property
  69. */
  70. private function canView(UserInterface $subject, UserInterface $user): bool
  71. {
  72. if ($this->canEdit($subject)) {
  73. return true;
  74. }
  75. return $this->isOwner($subject, $user);
  76. }
  78. /**
  79. * Check if logged in User can view Property
  80. */
  81. private function canViewAny(UserInterface $user): bool
  82. {
  83. return (bool) $user->hasRight(self::VIEW_ANY);
  84. }
  86. /**
  87. * Check if logged in User can create Property
  88. */
  89. private function canCreate(UserInterface $user): bool
  90. {
  91. if ($user->hasRight(self::CREATE)) {
  92. return true;
  93. }
  95. return $user->hasRole('ROLE_ADMIN');
  96. }
  98. /**
  99. * Check if logged in User can edit Property
  100. */
  101. private function canEdit(UserInterface $user): bool
  102. {
  103. return (bool) $user->hasRight(self::EDIT);
  104. }
  106. /**
  107. * Check if logged in User can print Property
  108. */
  109. private function canEditAny(UserInterface $subject, UserInterface $user): bool
  110. {
  111. if ($user->hasRight(self::EDIT_ANY)) {
  112. return true;
  113. }
  114. return $this->isOwner($subject, $user);
  115. }
  117. /**
  118. * Check if logged in User can delete Property
  119. */
  120. private function canDelete(UserInterface $subject, UserInterface $user): bool
  121. {
  122. if ($user->hasRight(self::DELETE)) {
  123. return true;
  124. }
  125. return $this->isOwner($subject, $user);
  126. }
  128. /**
  129. * Check if User if Owner of Subject/Property
  130. */
  131. private function isOwner(UserInterface $subject, UserInterface $user): bool
  132. {
  133. return $user->getId() === $subject->getId();
  134. }
  136. }