src/Security/ECommerce/CartVoter.php line 17

Open in your IDE?
  1. <?php
  3. namespace App\Security\ECommerce;
  5. use App\Entity\ECommerce\Cart;
  6. use App\Entity\App\User;
  7. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  8. use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
  9. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  10. use Symfony\Component\Security\Core\User\UserInterface;
  12. /**
  13. * Class CartVoter
  14. *
  15. * @package MDL\ECommerceBundle\Security
  16. */
  17. class CartVoter extends Voter
  18. {
  19. // these strings are just invented: you can use anything
  20. const CREATE = 'CART_CREATE';
  21. const VIEW = 'CART_VIEW';
  22. const EDIT = 'CART_EDIT';
  23. const DELETE = 'CART_DELETE';
  25. /**
  26. * CartVoter constructor.
  27. */
  28. public function __construct(private readonly AccessDecisionManagerInterface $decisionManager)
  29. {
  30. }
  33. /**
  34. * @param string $attribute
  35. * @param mixed $subject
  36. *
  37. * @return bool
  38. */
  39. protected function supports($attribute, $subject)
  40. {
  41. // if the attribute isn't one we support, return false
  42. if (!in_array($attribute, [
  43. self::CREATE,
  44. self::VIEW,
  45. self::EDIT,
  46. self::DELETE,
  47. ])) {
  48. return false;
  49. }
  51. // only vote on Cart objects inside this voter
  52. if (!$subject instanceof Cart && $attribute !== self::CREATE) {
  53. return false;
  54. }
  56. return true;
  57. }
  59. /**
  60. * @param string $attribute
  61. * @param Cart $individualOrder
  62. *
  63. * @return bool
  64. */
  65. protected function voteOnAttribute($attribute, $individualOrder, TokenInterface $token)
  66. {
  67. if ($this->decisionManager->decide($token, ['ROLE_SUPER_ADMIN'])) {
  68. return true;
  69. }
  71. $user = $token->getUser();
  73. if (!$user instanceof UserInterface) {
  74. return false;
  75. }
  76. return match ($attribute) {
  77. self::CREATE => $this->canCreate($user),
  78. self::VIEW => $this->canView($individualOrder, $user),
  79. self::EDIT => $this->canEdit($individualOrder, $user),
  80. self::DELETE => $this->canDelete(),
  81. default => throw new \LogicException('This code should not be reached!'),
  82. };
  83. }
  85. private function canCreate(User $user): bool
  86. {
  87. return !$user->hasRole('ROLE_GUEST');
  88. }
  90. /**
  91. *
  92. * @return bool
  93. */
  94. private function canView(Cart $cart, User $user)
  95. {
  96. return $this->canEdit($cart, $user);
  97. }
  99. /**
  100. *
  101. * @return bool
  102. */
  103. private function canEdit(Cart $cart, UserInterface $user)
  104. {
  105. if (!$cart->isCheckedOut()) {
  106. return $user === $cart->getUser();
  107. }
  109. return false;
  110. }
  112. private function canDelete(): bool
  113. {
  114. return false;
  115. }
  116. }