src/Security/Voter/InterventionRequestVoter.php line 13

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter;
  5. use App\Entity\Authorization;
  6. use App\Entity\InterventionRequest;
  7. use App\Entity\User;
  8. use App\Manager\InterventionRequestManager;
  9. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  10. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  11. use Symfony\Component\Security\Core\Security;
  13. class InterventionRequestVoter extends Voter
  14. {
  15.     public const CREATE 'CAN_CREATE';
  16.     public const READ 'CAN_READ';
  17.     public const EDIT 'CAN_EDIT';
  18.     public const DELETE 'CAN_DELETE';
  20.     private Security $security;
  21.     private InterventionRequestManager $interventionRequestManager;
  23.     public function __construct(Security $securityInterventionRequestManager $interventionRequestManager)
  24.     {
  25.         $this->security $security;
  26.         $this->interventionRequestManager $interventionRequestManager;
  27.     }
  29.     protected function supports($attribute$subject): bool
  30.     {
  31.         $supportsAttribute in_array($attribute, [self::CREATEself::DELETEself::EDITself::READ]);
  32.         $supportsSubject $subject instanceof InterventionRequest;
  34.         return $supportsAttribute && $supportsSubject;
  35.     }
  37.     /**
  38.      * @param mixed $subject
  39.      */
  40.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  41.     {
  42.         $user $this->security->getUser();
  43.         if (!$user) {
  44.             return false;
  45.         }
  47.         switch ($attribute) {
  48.             case self::CREATE:
  49.                 return $this->canCreate($subject$user);
  50.             case self::READ:
  51.                 return $this->canRead($subject$user);
  52.             case self::EDIT:
  53.                 return $this->canEdit($subject$user);
  54.             case self::DELETE:
  55.                 return $this->canDelete($subject$user);
  56.         }
  58.         return false;
  59.     }
  61.     private function canCreate(InterventionRequest $interventionRequestUser $user): bool
  62.     {
  63.         if ($this->security->isGranted(Authorization::ROLE_ADMIN)
  64.             || $this->security->isGranted(Authorization::ROLE_OWNER_REQUESTER)
  65.         ) {
  66.             return true;
  67.         }
  69.         return false;
  70.     }
  72.     private function canRead(InterventionRequest $interventionRequestUser $user): bool
  73.     {
  74.         if ($this->security->isGranted(Authorization::ROLE_ADMIN)) {
  75.             return true;
  76.         }
  78.         if ($this->security->isGranted(Authorization::ROLE_OWNER_ADMIN)) {
  79.             if ($user->getCompany()->getId() === $interventionRequest->getOwnerCompany()->getId()) {
  80.                 return true;
  81.             }
  82.         }
  84.         if ($this->security->isGranted(Authorization::ROLE_SERVICE_PROVIDER_ADMIN)) {
  85.             if ($user->getCompany()->getId() === $interventionRequest->getServiceProviderCompany()->getId()) {
  86.                 return true;
  87.             }
  88.         }
  90.         return $this->interventionRequestManager->hasAccess($interventionRequest$this->security->getUser());
  91.     }
  93.     private function canEdit(InterventionRequest $interventionRequestUser $user): bool
  94.     {
  95.         if (!$this->security->isGranted(Authorization::ROLE_OWNER)
  96.             && !$this->security->isGranted(Authorization::ROLE_SERVICE_PROVIDER)) {
  97.             return false;
  98.         }
  100.         return $this->canRead($interventionRequest$user);
  101.     }
  103.     private function canDelete(InterventionRequest $interventionRequestUser $user): bool
  104.     {
  105.         if ($this->security->isGranted(Authorization::ROLE_ADMIN)) {
  106.             return true;
  107.         }
  109.         return false;
  110.     }
  111. }