src/Security/Voter/UserPreferenceVoter.php line 14

Open in your IDE?
  1. <?php
  3. namespace MedBrief\MSR\Security\Voter;
  5. use InvalidArgumentException;
  6. use MedBrief\MSR\Entity\User;
  7. use MedBrief\MSR\Entity\UserPreference;
  8. use Override;
  9. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  10. use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
  11. use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
  12. use Symfony\Component\Security\Core\User\UserInterface;
  14. class UserPreferenceVoter implements VoterInterface
  15. {
  16. public const READ = 'READ';
  17. public const UPDATE = 'UPDATE';
  18. public const DELETE = 'DELETE';
  20. public function __construct(private readonly AuthorizationCheckerInterface $authorizationChecker)
  21. {
  22. }
  24. /**
  25. * Check if the attribute is supported by this voter.
  26. *
  27. * @param string $attribute The attribute to check.
  28. *
  29. * @return bool
  30. */
  31. public function supportsAttribute($attribute): bool
  32. {
  33. return in_array($attribute, [
  34. self::READ,
  35. self::UPDATE,
  36. self::DELETE,
  37. ]);
  38. }
  40. /**
  41. * Check if the class is supported by this voter.
  42. *
  43. * @param string $class The class name to check.
  44. *
  45. * @return bool
  46. */
  47. public function supportsClass($class): bool
  48. {
  49. return $class === UserPreference::class || is_subclass_of($class, UserPreference::class);
  50. }
  52. /**
  53. * @param mixed $entity
  54. */
  55. #[Override]
  56. public function vote(TokenInterface $token, $entity, array $attributes): int
  57. {
  58. // check if class of this object is supported by this voter
  59. if (!$this->supportsClass($entity && !is_array($entity) ? $entity::class : '')) {
  60. return VoterInterface::ACCESS_ABSTAIN;
  61. }
  63. // check if the voter is used correct, only allow one attribute
  64. if (count($attributes) !== 1) {
  65. throw new InvalidArgumentException('Only one attribute is allowed for MedBrief voters.');
  66. }
  68. // set the attribute to check against
  69. $attribute = $attributes[0];
  71. // check if the given attribute is covered by this voter
  72. if (!$this->supportsAttribute($attribute)) {
  73. return VoterInterface::ACCESS_ABSTAIN;
  74. }
  76. // get current logged in user
  77. /** @var User $user */
  78. $user = $token->getUser();
  80. // make sure there is a user object (i.e. that the user is logged in)
  81. if (!$user instanceof UserInterface) {
  82. return VoterInterface::ACCESS_DENIED;
  83. }
  85. // Admin users can do everything
  86. if ($this->authorizationChecker->isGranted('ROLE_ADMIN')) {
  87. return VoterInterface::ACCESS_GRANTED;
  88. }
  90. // Only allow access to own preferences
  91. return $entity->getUser()?->getId() === $user->getId()
  92. ? VoterInterface::ACCESS_GRANTED
  93. : VoterInterface::ACCESS_DENIED;
  94. }
  95. }