src/Security/Voter/SortingSessionMemoVoter.php line 17

Open in your IDE?
  1. <?php
  3. namespace MedBrief\MSR\Security\Voter;
  5. use InvalidArgumentException;
  6. use MedBrief\MSR\Entity\Project;
  7. use MedBrief\MSR\Entity\SortingSession;
  8. use MedBrief\MSR\Entity\SortingSessionMemo;
  9. use MedBrief\MSR\Entity\User;
  10. use MedBrief\MSR\Traits\Security\Authorization\Voter\ClientSortingSessionTrait;
  11. use Override;
  12. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  13. use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
  14. use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
  15. use Symfony\Component\Security\Core\User\UserInterface;
  17. class SortingSessionMemoVoter implements VoterInterface
  18. {
  19. use ClientSortingSessionTrait;
  21. public const READ = 'READ';
  22. public const DELETE = 'DELETE';
  23. public const SYNC = 'SYNC';
  25. public function __construct(private AuthorizationCheckerInterface $authorizationChecker)
  26. {
  27. }
  29. public function supportsAttribute($attribute): bool
  30. {
  31. return in_array($attribute, [
  32. self::READ,
  33. self::DELETE,
  34. self::SYNC,
  35. ]);
  36. }
  38. public function supportsClass($class): bool
  39. {
  40. $supportedClass = SortingSessionMemo::class;
  42. return $supportedClass === $class || is_subclass_of($class, $supportedClass);
  43. }
  45. /**
  46. *
  47. * @param mixed $entity
  48. */
  49. #[Override]
  50. public function vote(TokenInterface $token, $entity, array $attributes)
  51. {
  52. /**
  53. * START: This is common code for all Voter::vote() methods
  54. */
  55. // check if class of this object is supported by this voter
  56. if (!$this->supportsClass($entity && !is_array($entity) ? $entity::class : '')) {
  57. return VoterInterface::ACCESS_ABSTAIN;
  58. }
  60. // check if the voter is used correct, only allow one attribute
  61. // this isn't a requirement, it's just one easy way for you to
  62. // design your voter
  63. if (1 !== count($attributes)) {
  64. throw new InvalidArgumentException(
  65. 'Only one attribute is allowed for Medbrief Voters.'
  66. );
  67. }
  69. // set the attribute to check against
  70. $attribute = $attributes[0];
  72. // check if the given attribute is covered by this voter
  73. if (!$this->supportsAttribute($attribute)) {
  74. return VoterInterface::ACCESS_ABSTAIN;
  75. }
  77. /** @var SortingSessionMemo $sortingSessionMemo */
  78. $sortingSessionMemo = $entity;
  80. // get current logged in user
  81. /** @var User $user */
  82. $user = $token->getUser();
  84. // get current project
  85. /** @var Project $project */
  86. $project = $sortingSessionMemo->getProject();
  88. // get current sorting session
  89. /** @var SortingSession $sortingSession */
  90. $sortingSession = $sortingSessionMemo->getSortingSession();
  92. // make sure there is a user object (i.e. that the user is logged in)
  93. if (!$user instanceof UserInterface) {
  94. return VoterInterface::ACCESS_DENIED;
  95. }
  97. // Admin users can do everything
  98. if ($this->authorizationChecker->isGranted('ROLE_ADMIN')) {
  99. return VoterInterface::ACCESS_GRANTED;
  100. }
  101. /**
  102. * END: Common code for all Voter:vote() methods. Put custom logic below.
  103. */
  105. // For all permissions on a memo/file note, if it is a client sorting session,
  106. // and client is ADMIN, ProjectManager for the Account, or is granted an invite
  107. // as an external ProjectManager to the specific project.... grant full access
  108. if ($this->hasClientSessionAccess($project, $user, $sortingSession)) {
  109. return VoterInterface::ACCESS_GRANTED;
  110. };
  112. // If we get to the end of this function, then no decisions have been
  113. // made so we deny access
  114. return VoterInterface::ACCESS_DENIED;
  115. }
  116. }