src/Security/Voter/MatterRequest/SupportingDocumentVoter.php line 13

Open in your IDE?
  1. <?php
  3. namespace MedBrief\MSR\Security\Voter\MatterRequest;
  5. use InvalidArgumentException;
  6. use MedBrief\MSR\Entity\MatterRequest\SupportingDocument;
  7. use MedBrief\MSR\Traits\Security\Authorization\Voter\MatterRequestVotableTrait;
  8. use Override;
  9. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  10. use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
  11. use Symfony\Component\Security\Core\User\UserInterface;
  13. class SupportingDocumentVoter implements VoterInterface
  14. {
  15. use MatterRequestVotableTrait;
  17. public const CREATE = 'CREATE';
  18. public const READ = 'READ';
  19. public const UPDATE = 'UPDATE';
  20. public const DELETE = 'DELETE';
  22. public function supportsAttribute($attribute): bool
  23. {
  24. return in_array($attribute, [
  25. self::CREATE,
  26. self::READ,
  27. self::UPDATE,
  28. self::DELETE,
  29. ]);
  30. }
  32. public function supportsClass($class): bool
  33. {
  34. $supportedClass = SupportingDocument::class;
  36. return $supportedClass === $class || is_subclass_of($class, $supportedClass);
  37. }
  39. /**
  40. *
  41. * @param mixed $entity
  42. */
  43. #[Override]
  44. public function vote(TokenInterface $token, $entity, array $attributes)
  45. {
  46. /**
  47. * START: This is common code for all Voter::vote() methods
  48. */
  49. // check if class of this object is supported by this voter
  50. if (!$this->supportsClass($entity && !is_array($entity) ? $entity::class : '')) {
  51. return VoterInterface::ACCESS_ABSTAIN;
  52. }
  54. // check if the voter is used correct, only allow one attribute
  55. // this isn't a requirement, it's just one easy way for you to
  56. // design your voter
  57. if (1 !== count($attributes)) {
  58. throw new InvalidArgumentException(
  59. 'Only one attribute is allowed for Medbrief Voters.'
  60. );
  61. }
  63. // set the attribute to check against
  64. $attribute = $attributes[0];
  66. // check if the given attribute is covered by this voter
  67. if (!$this->supportsAttribute($attribute)) {
  68. return VoterInterface::ACCESS_ABSTAIN;
  69. }
  71. // get current logged in user
  72. /** @var \MedBrief\MSR\Entity\User $user */
  73. $user = $token->getUser();
  75. // make sure there is a user object (i.e. that the user is logged in)
  76. if (!$user instanceof UserInterface) {
  77. return VoterInterface::ACCESS_DENIED;
  78. }
  79. /**
  80. * END: Common code for all Voter:vote() methods. Put custom logic below.
  81. */
  82. $matterRequest = $entity->getMatterRequest();
  84. if ($attribute === self::CREATE) {
  85. return $this->canCreate($matterRequest, $user);
  86. }
  88. if ($attribute === self::READ) {
  89. return $this->canRead($matterRequest, $user);
  90. }
  92. if ($attribute === self::UPDATE) {
  93. return $this->canUpdate($matterRequest, $user);
  94. }
  96. if ($attribute === self::DELETE) {
  97. return $this->canDelete($matterRequest, $user);
  98. }
  100. // If we get to the end of this function, then no decisions have been
  101. // made so we deny access
  102. return VoterInterface::ACCESS_DENIED;
  103. }
  104. }