src/Security/Voter/RecordsRequestCentreChildVoter.php line 13

Open in your IDE?
  1. <?php
  3. namespace MedBrief\MSR\Security\Voter;
  5. use InvalidArgumentException;
  6. use MedBrief\MSR\Entity\RecordsRequestCentreChild;
  7. use Override;
  8. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  9. use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
  10. use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
  11. use Symfony\Component\Security\Core\User\UserInterface;
  13. class RecordsRequestCentreChildVoter implements VoterInterface
  14. {
  15. public const CREATE = 'CREATE';
  16. public const READ = 'READ';
  17. public const UPDATE = 'UPDATE';
  18. public const DELETE = 'DELETE';
  20. public function __construct(private readonly AuthorizationCheckerInterface $authorizationChecker)
  21. {
  22. }
  24. public function supportsAttribute($attribute): bool
  25. {
  26. return in_array($attribute, [
  27. self::CREATE,
  28. self::READ,
  29. self::UPDATE,
  30. self::DELETE,
  31. ]);
  32. }
  34. public function supportsClass($class): bool
  35. {
  36. $supportedClass = RecordsRequestCentreChild::class;
  38. return $supportedClass === $class || is_subclass_of($class, $supportedClass);
  39. }
  41. /**
  42. *
  43. * @param mixed $entity
  44. */
  45. #[Override]
  46. public function vote(TokenInterface $token, $entity, array $attributes)
  47. {
  48. /**
  49. * START: This is common code for all Voter::vote() methods
  50. */
  51. // check if class of this object is supported by this voter
  52. if (!$this->supportsClass($entity && !is_array($entity) ? $entity::class : '')) {
  53. return VoterInterface::ACCESS_ABSTAIN;
  54. }
  56. // check if the voter is used correct, only allow one attribute
  57. // this isn't a requirement, it's just one easy way for you to
  58. // design your voter
  59. if (1 !== count($attributes)) {
  60. throw new InvalidArgumentException(
  61. 'Only one attribute is allowed for Medbrief Voters.'
  62. );
  63. }
  65. // set the attribute to check against
  66. $attribute = $attributes[0];
  68. // check if the given attribute is covered by this voter
  69. if (!$this->supportsAttribute($attribute)) {
  70. return VoterInterface::ACCESS_ABSTAIN;
  71. }
  73. // get current logged in user
  74. $user = $token->getUser();
  76. // make sure there is a user object (i.e. that the user is logged in)
  77. if (!$user instanceof UserInterface) {
  78. return VoterInterface::ACCESS_DENIED;
  79. }
  81. // Admin users can do everything
  82. if ($this->authorizationChecker->isGranted('ROLE_ADMIN')) {
  83. return VoterInterface::ACCESS_GRANTED;
  84. }
  85. /**
  86. * END: Common code for all Voter:vote() methods. Put custom logic below.
  87. */
  89. // If we get to the end of this function, then no decisions have been
  90. // made so we deny access
  91. return VoterInterface::ACCESS_DENIED;
  92. }
  93. }