src/Security/Voter/FirmVoter.php line 13

Open in your IDE?
  1. <?php
  3. namespace MedBrief\MSR\Security\Voter;
  5. use MedBrief\MSR\Entity\Firm;
  6. use MedBrief\MSR\Entity\User;
  7. use Override;
  8. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  9. use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
  10. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  11. use Symfony\Component\Security\Core\User\UserInterface;
  13. class FirmVoter extends Voter
  14. {
  15. public const EDIT = 'EDIT';
  16. public const VIEW = 'VIEW';
  17. public const DELETE = 'DELETE';
  19. public function __construct(private readonly AuthorizationCheckerInterface $authorizationChecker)
  20. {
  21. }
  23. #[Override]
  24. protected function supports($attribute, $subject): bool
  25. {
  26. // replace with your own logic
  27. // https://symfony.com/doc/current/security/voters.html
  28. return in_array($attribute, [
  29. self::EDIT,
  30. self::VIEW,
  31. self::DELETE,
  32. ])
  33. && $subject instanceof Firm;
  34. }
  36. #[Override]
  37. protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
  38. {
  39. $user = $token->getUser();
  40. // if the user is anonymous, do not grant access
  41. if (!$user instanceof UserInterface) {
  42. return false;
  43. }
  45. /** @var Firm $firm */
  46. $firm = $subject;
  48. if ($this->authorizationChecker->isGranted('ROLE_ADMIN', $user)) {
  49. return true;
  50. }
  52. if ($attribute === self::VIEW) {
  53. // A technical admin role on ONE clientArea is all that's required to view the firm.
  54. foreach ($firm->getClientAreas() as $clientArea) {
  55. if ($this->authorizationChecker->isGranted(sprintf('ROLE_ACCOUNT_%1$s_TECHNICAL_ADMIN', $clientArea->getId()), $clientArea) === true) {
  56. return true;
  57. }
  58. }
  59. }
  61. return false;
  62. }
  63. }