src/Security/Voter/LicenceRenewalTermVoter.php line 12

Open in your IDE?
  1. <?php
  3. namespace MedBrief\MSR\Security\Voter;
  5. use MedBrief\MSR\Entity\LicenceRenewalTerm;
  6. use Override;
  7. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  8. use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
  9. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  10. use Symfony\Component\Security\Core\User\UserInterface;
  12. class LicenceRenewalTermVoter extends Voter
  13. {
  14. public const EDIT = 'EDIT';
  15. public const DELETE = 'DELETE';
  17. public function __construct(private readonly AuthorizationCheckerInterface $authorizationChecker)
  18. {
  19. }
  21. #[Override]
  22. protected function supports($attribute, $subject): bool
  23. {
  24. return in_array($attribute, [
  25. self::EDIT,
  26. self::DELETE,
  27. ])
  28. && $subject instanceof LicenceRenewalTerm;
  29. }
  31. #[Override]
  32. protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
  33. {
  34. $user = $token->getUser();
  35. // if the user is anonymous, do not grant access
  36. if (!$user instanceof UserInterface) {
  37. return false;
  38. }
  39. // ... (check conditions and return true to grant permission) ...
  40. return match ($attribute) {
  41. self::EDIT => $this->canUpdate(),
  42. self::DELETE => $this->canDelete(),
  43. default => false,
  44. };
  45. }
  47. private function canUpdate(): bool
  48. {
  49. // if a user can delete, they can also update
  50. if ($this->canDelete()) {
  51. return true;
  52. }
  54. return $this->authorizationChecker->isGranted('ROLE_ADMIN');
  55. }
  57. private function canDelete(): bool
  58. {
  59. return $this->authorizationChecker->isGranted('ROLE_ADMIN');
  60. }
  61. }