src/Security/ECommerce/IndividualOrderVoter.php line 17

Open in your IDE?
  1. <?php
  3. namespace App\Security\ECommerce;
  5. use App\Entity\ECommerce\IndividualOrder;
  6. use App\Entity\App\User;
  7. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  8. use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
  9. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  10. use Symfony\Component\Security\Core\User\UserInterface;
  12. /**
  13. * Class IndividualOrderVoter
  14. *
  15. * @package MDL\ECommerceBundle\Security
  16. */
  17. class IndividualOrderVoter extends Voter
  18. {
  19. // these strings are just invented: you can use anything
  20. const CREATE = 'INDIVIDUAL_ORDER_CREATE';
  21. const VIEW = 'INDIVIDUAL_ORDER_VIEW';
  22. const EDIT = 'INDIVIDUAL_ORDER_EDIT';
  23. const DELETE = 'INDIVIDUAL_ORDER_DELETE';
  25. /**
  26. * IndividualOrderVoter constructor.
  27. */
  28. public function __construct(private readonly AccessDecisionManagerInterface $decisionManager)
  29. {
  30. }
  33. /**
  34. * @param string $attribute
  35. * @param mixed $subject
  36. *
  37. * @return bool
  38. */
  39. protected function supports($attribute, $subject)
  40. {
  41. // if the attribute isn't one we support, return false
  42. if (!in_array($attribute, [
  43. self::CREATE,
  44. self::VIEW,
  45. self::EDIT,
  46. self::DELETE,
  47. ])) {
  48. return false;
  49. }
  51. // only vote on IndividualOrder objects inside this voter
  52. if (!$subject instanceof IndividualOrder && $attribute !== self::CREATE) {
  53. return false;
  54. }
  56. return true;
  57. }
  59. /**
  60. * @param string $attribute
  61. * @param IndividualOrder $individualOrder
  62. *
  63. * @return bool
  64. */
  65. protected function voteOnAttribute($attribute, $individualOrder, TokenInterface $token)
  66. {
  67. if ($this->decisionManager->decide($token, ['ROLE_SUPER_ADMIN'])) {
  68. return true;
  69. }
  71. $user = $token->getUser();
  73. if (!$user instanceof UserInterface) {
  74. return false;
  75. }
  76. return match ($attribute) {
  77. self::CREATE => $this->canCreate($user),
  78. self::VIEW => $this->canView($user),
  79. self::EDIT => $this->canEdit(),
  80. self::DELETE => $this->canDelete(),
  81. default => throw new \LogicException('This code should not be reached!'),
  82. };
  83. }
  85. /**
  86. * @param IndividualOrder $individualOrder
  87. * @param UserInterface $user
  88. *
  89. * @return bool
  90. */
  91. private function canCreate(?User $user=null): bool
  92. {
  93. return $user && $user->hasRole('ROLE_GUEST');
  94. }
  96. /**
  97. *
  98. * @return bool
  99. */
  100. private function canView(User $user)
  101. {
  102. if ($user->hasRole('ROLE_GUEST')) {
  103. return true;
  104. }
  105. return $this->canEdit();
  106. }
  108. private function canEdit(): bool
  109. {
  110. return false;
  111. }
  113. private function canDelete(): bool
  114. {
  115. return false;
  116. }
  117. }