src/Security/Voter/SortingSessionSaveVoter.php line 14

Open in your IDE?
  1. <?php
  3. namespace MedBrief\MSR\Security\Voter;
  5. use InvalidArgumentException;
  6. use MedBrief\MSR\Entity\SortingSessionSave;
  7. use MedBrief\MSR\Entity\User;
  8. use Override;
  9. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  10. use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
  11. use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
  12. use Symfony\Component\Security\Core\User\UserInterface;
  14. class SortingSessionSaveVoter implements VoterInterface
  15. {
  16. public const RESTORE_SAVE_POINT = 'RESTORE_SAVE_POINT';
  18. public function __construct(private readonly AuthorizationCheckerInterface $authorizationChecker)
  19. {
  20. }
  22. public function supportsAttribute($attribute): bool
  23. {
  24. return $attribute == self::RESTORE_SAVE_POINT;
  25. }
  27. public function supportsClass($class): bool
  28. {
  29. $supportedClass = SortingSessionSave::class;
  31. return $supportedClass === $class || is_subclass_of($class, $supportedClass);
  32. }
  34. /**
  35. *
  36. * @param mixed $entity
  37. */
  38. #[Override]
  39. public function vote(TokenInterface $token, $entity, array $attributes)
  40. {
  41. /**
  42. * START: This is common code for all Voter::vote() methods
  43. */
  44. // check if class of this object is supported by this voter
  45. if (!$this->supportsClass($entity && !is_array($entity) ? $entity::class : '')) {
  46. return VoterInterface::ACCESS_ABSTAIN;
  47. }
  49. // check if the voter is used correct, only allow one attribute
  50. // this isn't a requirement, it's just one easy way for you to
  51. // design your voter
  52. if (1 !== count($attributes)) {
  53. throw new InvalidArgumentException(
  54. 'Only one attribute is allowed for Medbrief Voters.'
  55. );
  56. }
  58. // set the attribute to check against
  59. $attribute = $attributes[0];
  61. // check if the given attribute is covered by this voter
  62. if (!$this->supportsAttribute($attribute)) {
  63. return VoterInterface::ACCESS_ABSTAIN;
  64. }
  66. // get current logged in user
  67. /** @var User $user */
  68. $user = $token->getUser();
  70. // make sure there is a user object (i.e. that the user is logged in)
  71. if (!$user instanceof UserInterface) {
  72. return VoterInterface::ACCESS_DENIED;
  73. }
  75. // SuperAdmin users can do everything
  76. if ($attribute === self::RESTORE_SAVE_POINT && $this->authorizationChecker->isGranted('ROLE_SUPER_ADMIN')) {
  77. return VoterInterface::ACCESS_GRANTED;
  78. }
  79. /**
  80. * END: Common code for all Voter:vote() methods. Put custom logic below.
  81. */
  83. // If we get to the end of this function, then no decisions have been
  84. // made so we deny access
  85. return VoterInterface::ACCESS_DENIED;
  86. }
  87. }