src/Security/Voter/PurchaseItemVoter.php line 11

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter;
  5. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  6. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  7. use Symfony\Component\Security\Core\User\UserInterface;
  8. use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
  9. use App\Entity\PurchaseItem;
  11. class PurchaseItemVoter extends Voter
  12. {
  13.     const ROLE_SUPER 'ROLE_ADMIN';
  14.     const ROLE_ALL 'ROLE_PURCHASE';
  15.     const ROLE_CREATE 'ROLE_PURCHASE_CREATE';
  16.     const ROLE_SHOW 'ROLE_USER';
  17.     const ROLE_EDIT 'ROLE_PURCHASE_EDIT';
  18.     const ROLE_DELETE 'ROLE_PURCHASE_DELETE';
  20.     const GRANT_CREATE 'create';
  21.     const GRANT_SHOW 'show';
  22.     const GRANT_EDIT 'edit';
  23.     const GRANT_DELETE 'delete';
  25.     private $decisionManager;
  27.     public function __construct(AccessDecisionManagerInterface $decisionManager)
  28.     {
  29.         $this->decisionManager $decisionManager;
  30.     }
  32.     protected function supports($attribute$subject)
  33.     {
  34.         return $subject instanceof PurchaseItem && in_array($attribute, [self::GRANT_SHOWself::GRANT_CREATEself::GRANT_EDITself::GRANT_DELETE], true);
  35.     }
  37.     protected function voteOnAttribute($attribute$subjectTokenInterface $token)
  38.     {
  39.         // ROLE_SUPER_ADMIN can do anything! The power!
  40.         if ($this->decisionManager->decide($token, array(static::ROLE_SUPER))) {
  41.             return true;
  42.         }
  44.         $user $token->getUser();
  46.         switch ($attribute) {
  47.             case self::GRANT_CREATE:
  48.                 return $this->canCreate($user$subject);
  49.             case self::GRANT_SHOW:
  50.                 return $this->canShow($user$subject);
  51.             case self::GRANT_EDIT:
  52.                 return $this->canEdit($user$subject);
  53.             case self::GRANT_DELETE:
  54.                 return $this->canDelete($user$subject);
  55.         }
  57.         throw new \LogicException('This code should not be reached!');
  58.     }
  60.     private function canDoAll($user$subject)
  61.     {
  62.         if ($user->hasRole(static::ROLE_ALL)) {
  63.             return true;
  64.         }
  65.         return false;
  66.     }
  68.     private function canCreate($user$subject)
  69.     {
  70.         // if they can do all, they can edit
  71.         if ($this->canDoAll($user$subject)) {
  72.             return true;
  73.         }
  75.         if ($user->hasRole(static::ROLE_CREATE)) {
  76.             return true;
  77.         }
  78.         return false;
  79.     }
  81.     private function canShow($user$subject)
  82.     {
  83.         // if they can do all, they can show
  84.         if ($this->canDoAll($user$subject)) {
  85.             return true;
  86.         }
  88.         if ($user->hasRole(static::ROLE_SHOW)) {
  89.             return true;
  90.         }
  91.         return false;
  92.     }
  94.     private function canEdit($user$subject)
  95.     {
  96.         // if they can do all, they can edit
  97.         if ($this->canDoAll($user$subject)) {
  98.             return true;
  99.         }
  101.         if ($user->hasRole(static::ROLE_EDIT)) {
  102.             return true;
  103.         }
  104.         return false;
  105.     }
  107.     private function canDelete($user$subject)
  108.     {
  109.         // if they can do all, they can delete
  110.         if ($this->canDoAll($user$subject)) {
  111.             return true;
  112.         }
  114.         if ($user->hasRole(static::ROLE_DELETE)) {
  115.             return true;
  116.         }
  117.         return false;
  118.     }
  119. }