src/Security/Voter/MatterRequest/MatterRequestVoter.php line 14

Open in your IDE?
  1. <?php
  3. namespace MedBrief\MSR\Security\Voter\MatterRequest;
  5. use InvalidArgumentException;
  6. use MedBrief\MSR\Entity\MatterRequest\MatterRequest;
  7. use MedBrief\MSR\Entity\User;
  8. use MedBrief\MSR\Traits\Security\Authorization\Voter\MatterRequestVotableTrait;
  9. use Override;
  10. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  11. use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
  12. use Symfony\Component\Security\Core\User\UserInterface;
  14. class MatterRequestVoter implements VoterInterface
  15. {
  16. use MatterRequestVotableTrait;
  18. public const CREATE = 'CREATE';
  19. public const READ = 'READ';
  20. public const UPDATE = 'UPDATE';
  21. public const DELETE = 'DELETE';
  22. public const DOWNLOAD_SUMMARY = 'DOWNLOAD_SUMMARY';
  23. public const UPDATE_STATUS = 'UPDATE_STATUS';
  25. public function supportsAttribute($attribute): bool
  26. {
  27. return in_array($attribute, [
  28. self::CREATE,
  29. self::READ,
  30. self::UPDATE,
  31. self::DELETE,
  32. self::DOWNLOAD_SUMMARY,
  33. self::UPDATE_STATUS,
  34. ]);
  35. }
  37. public function supportsClass($class): bool
  38. {
  39. $supportedClass = MatterRequest::class;
  41. return $supportedClass === $class || is_subclass_of($class, $supportedClass);
  42. }
  44. /**
  45. *
  46. * @param mixed $entity
  47. */
  48. #[Override]
  49. public function vote(TokenInterface $token, $entity, array $attributes)
  50. {
  51. /**
  52. * START: This is common code for all Voter::vote() methods
  53. */
  54. // check if class of this object is supported by this voter
  55. if (!$this->supportsClass($entity && !is_array($entity) ? $entity::class : '')) {
  56. return VoterInterface::ACCESS_ABSTAIN;
  57. }
  59. // check if the voter is used correct, only allow one attribute
  60. // this isn't a requirement, it's just one easy way for you to
  61. // design your voter
  62. if (1 !== count($attributes)) {
  63. throw new InvalidArgumentException(
  64. 'Only one attribute is allowed for Medbrief Voters.'
  65. );
  66. }
  68. // set the attribute to check against
  69. $attribute = $attributes[0];
  71. // check if the given attribute is covered by this voter
  72. if (!$this->supportsAttribute($attribute)) {
  73. return VoterInterface::ACCESS_ABSTAIN;
  74. }
  76. if ($attribute === self::DOWNLOAD_SUMMARY) {
  77. return VoterInterface::ACCESS_DENIED;
  78. }
  80. // get current logged in user
  81. /** @var User $user */
  82. $user = $token->getUser();
  84. // make sure there is a user object (i.e. that the user is logged in)
  85. if (!$user instanceof UserInterface) {
  86. return VoterInterface::ACCESS_DENIED;
  87. }
  88. /**
  89. * END: Common code for all Voter:vote() methods. Put custom logic below.
  90. */
  91. $matterRequest = $entity;
  93. if ($attribute === self::CREATE) {
  94. return $this->canCreate($matterRequest, $user);
  95. }
  97. if ($attribute === self::READ) {
  98. return $this->canRead($matterRequest, $user);
  99. }
  101. if ($attribute === self::UPDATE) {
  102. return $this->canUpdate($matterRequest, $user);
  103. }
  105. if ($attribute === self::DELETE) {
  106. return $this->canDelete($matterRequest, $user);
  107. }
  108. if ($attribute === self::UPDATE_STATUS) {
  109. return $this->canUpdateStatus($matterRequest, $user);
  110. }
  112. // If we get to the end of this function, then no decisions have been
  113. // made so we deny access
  114. return VoterInterface::ACCESS_DENIED;
  115. }
  116. }