src/Security/Content/BlogVoter.php line 11

Open in your IDE?
  1. <?php
  3. namespace App\Security\Content;
  5. use App\Entity\Content\Blog;
  6. use \Symfony\Component\Security\Core\User\UserInterface;
  7. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  8. use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
  9. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  11. class BlogVoter extends Voter
  12. {
  13. const VIEW = 'BLOG_VIEW';
  14. const VIEW_ANY = 'BLOG_VIEW_ANY';
  15. const CREATE = 'BLOG_CREATE';
  16. const EDIT = 'BLOG_EDIT';
  17. const EDIT_ANY = 'BLOG_EDIT_ANY';
  18. const PRINT = 'BLOG_PRINT';
  19. const DELETE = 'BLOG_DELETE';
  21. /**
  22. * UserVoter constructor.
  23. */
  24. public function __construct(private readonly AccessDecisionManagerInterface $decisionManager)
  25. {
  26. }
  28. /**
  29. * @param string $attribute
  30. * @param mixed $subject
  31. */
  32. protected function supports($attribute, $subject): bool
  33. {
  34. // if the attribute isn't one we support, return false
  35. if (!in_array($attribute, [
  36. self::VIEW,
  37. self::VIEW_ANY,
  38. self::CREATE,
  39. self::EDIT,
  40. self::EDIT_ANY,
  41. self::PRINT,
  42. self::DELETE,
  43. ], true)) {
  44. return false;
  45. }
  46. // only vote on Property objects inside this voter
  47. return !($subject && !$subject instanceof Blog);
  48. }
  50. /**
  51. * @param string $attribute
  52. * @param mixed $subject
  53. *
  54. */
  55. protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
  56. {
  57. if ($this->decisionManager->decide($token, ['ROLE_SUPER_ADMIN'])) {
  58. return true;
  59. }
  61. $user = $token->getUser();
  63. if (!$user instanceof UserInterface) {
  64. // the user must be logged in; if not, deny access
  65. return false;
  66. }
  67. return match ($attribute) {
  68. self::VIEW_ANY => $this->canViewAny($user),
  69. self::VIEW => $this->canView($subject, $user),
  70. self::CREATE => $this->canCreate($user),
  71. self::EDIT => $this->canEdit($user),
  72. self::EDIT_ANY => $this->canEditAny($subject, $user),
  73. self::DELETE => $this->canDelete($subject, $user),
  74. default => throw new \LogicException('This code should not be reached!'),
  75. };
  76. }
  78. /**
  79. * Check if logged in User can view Property
  80. *
  81. *
  82. */
  83. private function canView(UserInterface $subject, UserInterface $user): bool
  84. {
  85. if ($this->canEdit($user)) {
  86. return true;
  87. }
  88. return $this->isOwner($subject, $user);
  89. }
  91. /**
  92. * Check if logged in User can view Property
  93. *
  94. *
  95. */
  96. private function canViewAny(UserInterface $user): bool
  97. {
  98. return (bool) $user->hasRight(self::VIEW_ANY);
  99. }
  101. /**
  102. * Check if logged in User can create Property
  103. *
  104. *
  105. */
  106. private function canCreate(UserInterface $user): bool
  107. {
  108. if ($user->hasRight(self::CREATE)) {
  109. return true;
  110. }
  112. return $user->hasRole('ROLE_ADMIN');
  113. }
  115. /**
  116. * Check if logged in User can edit Property
  117. *
  118. *
  119. */
  120. private function canEdit(UserInterface $user): bool
  121. {
  122. return (bool) $user->hasRight(self::EDIT);
  123. }
  125. /**
  126. * Check if logged in User can print Property
  127. *
  128. *
  129. */
  130. private function canEditAny(UserInterface $subject, UserInterface $user): bool
  131. {
  132. if ($user->hasRight(self::EDIT_ANY)) {
  133. return true;
  134. }
  135. return $this->isOwner($subject, $user);
  136. }
  138. /**
  139. * Check if logged in User can delete Property
  140. *
  141. *
  142. */
  143. private function canDelete(UserInterface $subject, UserInterface $user): bool
  144. {
  145. if ($user->hasRight(self::DELETE)) {
  146. return true;
  147. }
  148. return $this->isOwner($subject, $user);
  149. }
  151. /**
  152. * Check if User if Owner of Subject/Property
  153. *
  154. */
  155. private function isOwner(UserInterface $subject, UserInterface $user): bool
  156. {
  157. return $user->getId() === $subject->getId();
  158. }
  160. }