src/Security/Voter/RecordsRequestLetterVoter.php line 13

Open in your IDE?
  1. <?php
  3. namespace MedBrief\MSR\Security\Voter;
  5. use InvalidArgumentException;
  6. use MedBrief\MSR\Entity\RecordsRequestLetter;
  7. use Override;
  8. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  9. use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
  10. use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
  11. use Symfony\Component\Security\Core\User\UserInterface;
  13. class RecordsRequestLetterVoter implements VoterInterface
  14. {
  15. public const UPDATE = 'UPDATE';
  16. public const DELETE = 'DELETE';
  17. public const VIEW = 'VIEW';
  18. public const STREAM = 'STREAM';
  19. public const GENERATE = 'GENERATE';
  20. public const PUSH = 'PUSH';
  22. public function __construct(private readonly AuthorizationCheckerInterface $authorizationChecker)
  23. {
  24. }
  26. public function supportsAttribute($attribute): bool
  27. {
  28. return in_array($attribute, [
  29. self::UPDATE,
  30. self::DELETE,
  31. self::VIEW,
  32. self::STREAM,
  33. self::GENERATE,
  34. self::PUSH,
  35. ]);
  36. }
  38. public function supportsClass($class): bool
  39. {
  40. $supportedClass = RecordsRequestLetter::class;
  42. return $supportedClass === $class || is_subclass_of($class, $supportedClass);
  43. }
  45. /**
  46. *
  47. * @param mixed $entity
  48. */
  49. #[Override]
  50. public function vote(TokenInterface $token, $entity, array $attributes)
  51. {
  52. /**
  53. * START: This is common code for all Voter::vote() methods
  54. */
  55. // check if class of this object is supported by this voter
  56. if (!$this->supportsClass($entity && !is_array($entity) ? $entity::class : '')) {
  57. return VoterInterface::ACCESS_ABSTAIN;
  58. }
  60. // check if the voter is used correct, only allow one attribute
  61. // this isn't a requirement, it's just one easy way for you to
  62. // design your voter
  63. if (1 !== count($attributes)) {
  64. throw new InvalidArgumentException(
  65. 'Only one attribute is allowed for Medbrief Voters.'
  66. );
  67. }
  69. // set the attribute to check against
  70. $attribute = $attributes[0];
  72. // check if the given attribute is covered by this voter
  73. if (!$this->supportsAttribute($attribute)) {
  74. return VoterInterface::ACCESS_ABSTAIN;
  75. }
  77. // get current logged in user
  78. $user = $token->getUser();
  80. // make sure there is a user object (i.e. that the user is logged in)
  81. if (!$user instanceof UserInterface) {
  82. return VoterInterface::ACCESS_DENIED;
  83. }
  85. // SuperAdmin users can do everything
  86. if ($this->authorizationChecker->isGranted('ROLE_ADMIN')) {
  87. return VoterInterface::ACCESS_GRANTED;
  88. }
  90. /**
  91. * END: Common code for all Voter:vote() methods. Put custom logic below.
  92. */
  94. // If we get to the end of this function, then no decisions have been
  95. // made so we deny access
  96. return VoterInterface::ACCESS_DENIED;
  97. }
  98. }