src/Security/Voter/MatterRequest/Details/PostProcessingVoter.php line 14

Open in your IDE?
  1. <?php
  3. namespace MedBrief\MSR\Security\Voter\MatterRequest\Details;
  5. use InvalidArgumentException;
  6. use MedBrief\MSR\Entity\MatterRequest\Details\PostProcessing;
  7. use MedBrief\MSR\Entity\User;
  8. use MedBrief\MSR\Traits\Security\Authorization\Voter\MatterRequestVotableTrait;
  9. use Override;
  10. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  11. use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
  12. use Symfony\Component\Security\Core\User\UserInterface;
  14. class PostProcessingVoter implements VoterInterface
  15. {
  16. use MatterRequestVotableTrait;
  18. public const CREATE = 'CREATE';
  19. public const READ = 'READ';
  20. public const UPDATE = 'UPDATE';
  21. public const DELETE = 'DELETE';
  23. public function supportsAttribute($attribute): bool
  24. {
  25. return in_array($attribute, [
  26. self::CREATE,
  27. self::READ,
  28. self::UPDATE,
  29. self::DELETE,
  30. ]);
  31. }
  33. public function supportsClass($class): bool
  34. {
  35. $supportedClass = PostProcessing::class;
  37. return $supportedClass === $class || is_subclass_of($class, $supportedClass);
  38. }
  40. /**
  41. *
  42. * @param mixed $entity
  43. */
  44. #[Override]
  45. public function vote(TokenInterface $token, $entity, array $attributes)
  46. {
  47. /**
  48. * START: This is common code for all Voter::vote() methods
  49. */
  50. // check if class of this object is supported by this voter
  51. if (!$this->supportsClass($entity && !is_array($entity) ? $entity::class : '')) {
  52. return VoterInterface::ACCESS_ABSTAIN;
  53. }
  55. // check if the voter is used correct, only allow one attribute
  56. // this isn't a requirement, it's just one easy way for you to
  57. // design your voter
  58. if (1 !== count($attributes)) {
  59. throw new InvalidArgumentException(
  60. 'Only one attribute is allowed for Medbrief Voters.'
  61. );
  62. }
  64. // set the attribute to check against
  65. $attribute = $attributes[0];
  67. // check if the given attribute is covered by this voter
  68. if (!$this->supportsAttribute($attribute)) {
  69. return VoterInterface::ACCESS_ABSTAIN;
  70. }
  72. // get current logged in user
  73. /** @var User $user */
  74. $user = $token->getUser();
  76. // make sure there is a user object (i.e. that the user is logged in)
  77. if (!$user instanceof UserInterface) {
  78. return VoterInterface::ACCESS_DENIED;
  79. }
  80. /**
  81. * END: Common code for all Voter:vote() methods. Put custom logic below.
  82. */
  83. $matterRequest = $entity->getMatterRequest();
  85. if ($attribute === self::CREATE) {
  86. return $this->canCreate($matterRequest, $user);
  87. }
  89. if ($attribute === self::READ) {
  90. return $this->canRead($matterRequest, $user);
  91. }
  93. if ($attribute === self::UPDATE) {
  94. return $this->canUpdate($matterRequest, $user);
  95. }
  97. if ($attribute === self::DELETE) {
  98. return $this->canDelete($matterRequest, $user);
  99. }
  101. // If we get to the end of this function, then no decisions have been
  102. // made so we deny access
  103. return VoterInterface::ACCESS_DENIED;
  104. }
  105. }