src/Security/Content/BlogCommentVoter.php line 11

Open in your IDE?
  1. <?php
  3. namespace App\Security\Content;
  5. use App\Entity\Content\BlogComment;
  6. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  7. use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
  8. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  9. use Symfony\Component\Security\Core\User\UserInterface;
  11. class BlogCommentVoter extends Voter
  12. {
  13. const VIEW = 'BLOG_COMMENT_VIEW';
  14. const VIEW_ANY = 'BLOG_COMMENT_VIEW_ANY';
  15. const APPROVE = 'BLOG_COMMENT_APPROVE';
  16. const DENY = 'BLOG_COMMENT_DENY';
  17. const DELETE = 'BLOG_COMMENT_DELETE';
  19. /**
  20. * @var AccessDecisionManagerInterface
  21. */
  22. private $decisionManager;
  24. /**
  25. * UserVoter constructor.
  26. *
  27. * @param AccessDecisionManagerInterface $decisionManager
  28. */
  29. public function __construct(AccessDecisionManagerInterface $decisionManager)
  30. {
  31. $this->decisionManager = $decisionManager;
  32. }
  34. /**
  35. * @param string $attribute
  36. * @param mixed $subject
  37. *
  38. * @return bool
  39. */
  40. protected function supports($attribute, $subject): bool
  41. {
  42. // if the attribute isn't one we support, return false
  43. if (!in_array($attribute, array(
  44. self::VIEW,
  45. self::VIEW_ANY,
  46. self::APPROVE,
  47. self::DENY,
  48. self::DELETE,
  49. ), true)) {
  50. return false;
  51. }
  53. // only vote on Property objects inside this voter
  54. if ($subject && !$subject instanceof BlogComment) {
  55. return false;
  56. }
  58. return true;
  59. }
  61. /**
  62. * @param string $attribute
  63. * @param mixed $subject
  64. * @param TokenInterface $token
  65. *
  66. * @return bool
  67. */
  68. protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
  69. {
  70. if ($this->decisionManager->decide($token, array('ROLE_SUPER_ADMIN'))) {
  71. return true;
  72. }
  74. $user = $token->getUser();
  76. if (!$user instanceof UserInterface) {
  77. // the user must be logged in; if not, deny access
  78. return false;
  79. }
  81. switch ($attribute) {
  82. case self::VIEW_ANY:
  83. return $this->canViewAny($user);
  84. case self::VIEW:
  85. return $this->canView($user);
  86. case self::APPROVE:
  87. return $this->canApprove($user);
  88. case self::DENY:
  89. return $this->canDeny($user);
  90. case self::DELETE:
  91. return $this->canDelete($user);
  92. }
  94. throw new \LogicException('This code should not be reached!');
  95. }
  97. /**
  98. * Check if logged in User can view Property
  99. */
  100. private function canView(UserInterface $user): bool
  101. {
  102. if ($this->canApprove($user)) {
  103. return true;
  104. }
  106. if ($this->canDeny($user)) {
  107. return true;
  108. }
  110. return $user->hasRole('ROLE_ADMIN');
  111. }
  113. /**
  114. * Check if logged in User can view Property
  115. *
  116. * @param UserInterface $user
  117. *
  118. * @return bool
  119. */
  120. private function canViewAny(UserInterface $user): bool
  121. {
  122. if ($user->hasRight(self::VIEW_ANY)) {
  123. return true;
  124. }
  126. return $user->hasRole('ROLE_ADMIN');
  127. }
  129. /**
  130. * Check if logged in User can create Property
  131. *
  132. * @param UserInterface $user
  133. *
  134. * @return bool
  135. */
  136. private function canApprove(UserInterface $user): bool
  137. {
  138. if ($user->hasRight(self::APPROVE)) {
  139. return true;
  140. }
  142. return $user->hasRole('ROLE_ADMIN');
  143. }
  145. /**
  146. * Check if logged in User can edit Property
  147. */
  148. private function canDeny(UserInterface $user): bool
  149. {
  150. if ($user->hasRight(self::DENY)) {
  151. return true;
  152. }
  154. return $user->hasRole('ROLE_ADMIN');
  155. }
  157. /**
  158. * Check if logged in User can delete Property
  159. */
  160. private function canDelete(UserInterface $user): bool
  161. {
  162. if ($user->hasRight(self::DELETE)) {
  163. return true;
  164. }
  166. return $user->hasRole('ROLE_ADMIN');
  167. }
  168. }