src/Security/Content/BlogCategoryVoter.php line 11

Open in your IDE?
  1. <?php
  3. namespace App\Security\Content;
  5. use App\Entity\Content\BlogCategory;
  6. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  7. use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
  8. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  9. use Symfony\Component\Security\Core\User\UserInterface;
  11. class BlogCategoryVoter extends Voter
  12. {
  13. const VIEW = 'BLOG_CATEGORY_VIEW';
  14. const VIEW_ANY = 'BLOG_CATEGORY_VIEW_ANY';
  15. const CREATE = 'BLOG_CATEGORY_CREATE';
  16. const EDIT = 'BLOG_CATEGORY_EDIT';
  17. const EDIT_ANY = 'BLOG_CATEGORY_EDIT_ANY';
  18. const DELETE = 'BLOG_CATEGORY_DELETE';
  20. /**
  21. * @var AccessDecisionManagerInterface
  22. */
  23. private AccessDecisionManagerInterface $decisionManager;
  25. /**
  26. * UserVoter constructor.
  27. */
  28. public function __construct(AccessDecisionManagerInterface $decisionManager)
  29. {
  30. $this->decisionManager = $decisionManager;
  31. }
  33. protected function supports($attribute, $subject): bool
  34. {
  35. // if the attribute isn't one we support, return false
  36. if (!in_array($attribute, array(
  37. self::VIEW,
  38. self::VIEW_ANY,
  39. self::CREATE,
  40. self::EDIT,
  41. self::EDIT_ANY,
  42. self::DELETE,
  43. ), true)) {
  44. return false;
  45. }
  47. // only vote on Property objects inside this voter
  48. if ($subject && !$subject instanceof BlogCategory) {
  49. return false;
  50. }
  52. return true;
  53. }
  55. protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
  56. {
  57. if ($this->decisionManager->decide($token, array('ROLE_SUPER_ADMIN'))) {
  58. return true;
  59. }
  61. $user = $token->getUser();
  63. if (!$user instanceof UserInterface) {
  64. // the user must be logged in; if not, deny access
  65. return false;
  66. }
  68. switch ($attribute) {
  69. case self::VIEW_ANY:
  70. return $this->canViewAny($user);
  71. case self::VIEW:
  72. return $this->canView($subject, $user);
  73. case self::CREATE:
  74. return $this->canCreate($user);
  75. case self::EDIT:
  76. return $this->canEdit($subject, $user);
  77. case self::EDIT_ANY:
  78. return $this->canEditAny($subject, $user);
  79. case self::DELETE:
  80. return $this->canDelete($subject, $user);
  81. }
  83. throw new \LogicException('This code should not be reached!');
  84. }
  86. /**
  87. * Check if logged in User can view Property
  88. */
  89. private function canView(UserInterface $subject, UserInterface $user): bool
  90. {
  91. if ($this->canEdit($subject, $user)) {
  92. return true;
  93. }
  95. if ($this->isOwner($subject, $user)) {
  96. return true;
  97. }
  99. return false;
  100. }
  102. /**
  103. * Check if logged in User can view Property
  104. */
  105. private function canViewAny(UserInterface $user): bool
  106. {
  107. if ($user->hasRight(self::VIEW_ANY)) {
  108. return true;
  109. }
  111. return false;
  112. }
  114. /**
  115. * Check if logged in User can create Property
  116. */
  117. private function canCreate(UserInterface $user): bool
  118. {
  119. if ($user->hasRight(self::CREATE)) {
  120. return true;
  121. }
  123. return $user->hasRole('ROLE_ADMIN');
  124. }
  126. /**
  127. * Check if logged in User can edit Property
  128. */
  129. private function canEdit(UserInterface $user): bool
  130. {
  131. if ($user->hasRight(self::EDIT)) {
  132. return true;
  133. }
  135. return false;
  136. }
  138. /**
  139. * Check if logged in User can print Property
  140. */
  141. private function canEditAny(UserInterface $subject, UserInterface $user): bool
  142. {
  143. if ($user->hasRight(self::EDIT_ANY)) {
  144. return true;
  145. }
  147. if ($this->isOwner($subject, $user)) {
  148. return true;
  149. }
  151. return false;
  152. }
  154. /**
  155. * Check if logged in User can delete Property
  156. */
  157. private function canDelete(UserInterface $subject, UserInterface $user): bool
  158. {
  159. if ($user->hasRight(self::DELETE)) {
  160. return true;
  161. }
  163. if ($this->isOwner($subject, $user)) {
  164. return true;
  165. }
  167. return false;
  168. }
  170. /**
  171. * Check if User if Owner of Subject/Property
  172. */
  173. private function isOwner(UserInterface $subject, UserInterface $user): bool
  174. {
  175. return $user->getId() === $subject->getId();
  176. }
  178. }