src/Security/ECommerce/InvoiceVoter.php line 16

Open in your IDE?
  1. <?php
  3. namespace App\Security\ECommerce;
  5. use App\Entity\ECommerce\Invoice;
  6. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  7. use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
  8. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  9. use Symfony\Component\Security\Core\User\UserInterface;
  11. /**
  12. * Class CartArchiveVoter
  13. *
  14. * @package MDL\ECommerceBundle\Security
  15. */
  16. class InvoiceVoter extends Voter
  17. {
  18. // these strings are just invented: you can use anything
  19. const VIEW = 'INVOICE_VIEW';
  20. const PRINT = 'INVOICE_PRINT';
  21. const EDIT = 'INVOICE_EDIT';
  22. const DELETE = 'INVOICE_DELETE';
  24. /**
  25. * CartVoter constructor.
  26. */
  27. public function __construct(private readonly AccessDecisionManagerInterface $decisionManager)
  28. {
  29. }
  32. /**
  33. * @param string $attribute
  34. * @param mixed $subject
  35. *
  36. * @return bool
  37. */
  38. protected function supports($attribute, $subject)
  39. {
  40. // if the attribute isn't one we support, return false
  41. if (!in_array($attribute, [
  42. self::VIEW,
  43. self::PRINT,
  44. self::EDIT,
  45. self::DELETE,
  46. ])) {
  47. return false;
  48. }
  49. // only vote on Cart objects inside this voter
  50. return $subject instanceof Invoice;
  51. }
  53. /**
  54. * @param string $attribute
  55. * @param Invoice $invoice
  56. *
  57. * @return bool
  58. */
  59. protected function voteOnAttribute($attribute, $invoice, TokenInterface $token)
  60. {
  61. if ($this->decisionManager->decide($token, ['ROLE_SUPER_ADMIN'])) {
  62. return true;
  63. }
  65. $user = $token->getUser();
  67. if (!$user instanceof UserInterface) {
  68. return false;
  69. }
  70. return match ($attribute) {
  71. self::VIEW => $this->canView($invoice, $user),
  72. self::PRINT => $this->canPrint($invoice, $user),
  73. self::EDIT => $this->canEdit(),
  74. self::DELETE => $this->canDelete(),
  75. default => throw new \LogicException('This code should not be reached!'),
  76. };
  77. }
  79. private function canView(Invoice $invoice, UserInterface $user): bool
  80. {
  81. return $invoice->getCart()->getUser() === $user;
  82. }
  84. private function canPrint(Invoice $invoice, UserInterface $user): bool
  85. {
  86. return $invoice->getCart()->getUser() === $user;
  87. }
  89. private function canEdit(): bool
  90. {
  91. return false;
  92. }
  94. private function canDelete(): bool
  95. {
  96. return false;
  97. }
  98. }