src/Security/Voter/ChronologyItemVoter.php line 13

Open in your IDE?
  1. <?php
  3. namespace MedBrief\MSR\Security\Voter;
  5. use InvalidArgumentException;
  6. use MedBrief\MSR\Entity\ChronologyItem;
  7. use Override;
  8. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  9. use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
  10. use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
  11. use Symfony\Component\Security\Core\User\UserInterface;
  13. class ChronologyItemVoter implements VoterInterface
  14. {
  15. public const EDIT = 'EDIT';
  16. public const DELETE = 'DELETE';
  18. public function __construct(private readonly AuthorizationCheckerInterface $authorizationChecker)
  19. {
  20. }
  22. public function supportsAttribute($attribute): bool
  23. {
  24. return in_array($attribute, [
  25. self::EDIT,
  26. self::DELETE,
  27. ]);
  28. }
  30. public function supportsClass($class): bool
  31. {
  32. $supportedClass = ChronologyItem::class;
  34. return $supportedClass === $class || is_subclass_of($class, $supportedClass);
  35. }
  37. /**
  38. *
  39. * @param mixed $chronologyItem
  40. */
  41. #[Override]
  42. public function vote(TokenInterface $token, $chronologyItem, array $attributes)
  43. {
  44. /**
  45. * START: This is common code for all Voter::vote() methods
  46. */
  47. // check if class of this object is supported by this voter
  48. if (!$this->supportsClass($chronologyItem ? $chronologyItem::class : '')) {
  49. return VoterInterface::ACCESS_ABSTAIN;
  50. }
  52. // check if the voter is used correct, only allow one attribute
  53. // this isn't a requirement, it's just one easy way for you to
  54. // design your voter
  55. if (1 !== count($attributes)) {
  56. throw new InvalidArgumentException(
  57. 'Only one attribute is allowed for medbrief Voters.'
  58. );
  59. }
  61. // set the attribute to check against
  62. $attribute = $attributes[0];
  63. // check if the given attribute is covered by this voter
  64. if (!$this->supportsAttribute($attribute)) {
  65. return VoterInterface::ACCESS_ABSTAIN;
  66. }
  68. // get current logged in user
  69. $user = $token->getUser();
  71. // make sure there is a user object (i.e. that the user is logged in)
  72. if (!$user instanceof UserInterface) {
  73. return VoterInterface::ACCESS_DENIED;
  74. }
  76. // chronology item creator can do anything
  77. if ($user == $chronologyItem->getCreator()) {
  78. return VoterInterface::ACCESS_GRANTED;
  79. }
  81. // get the project
  82. $project = $chronologyItem->getChronology()->getProject();
  84. // check if the user is granted chronology administrative rights
  85. if ($this->authorizationChecker->isGranted(ProjectVoter::CHRONOLOGY_ADMINISTRATION, $project)) {
  86. return VoterInterface::ACCESS_GRANTED;
  87. }
  89. // If we get to the end of this function, then no decisions have been
  90. // made so we deny access
  91. return VoterInterface::ACCESS_DENIED;
  92. }
  93. }