<?phpnamespace App\Security\Voter\Savills;use App\Entity\Authorization;use App\Entity\Savills\WorkValidationRequest;use App\Entity\User;use App\Manager\Savills\WorkValidationRequestManager;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;use Symfony\Component\Security\Core\Security;class WorkValidationRequestVoter extends Voter{ public const CREATE = 'CAN_CREATE'; public const READ = 'CAN_READ'; public const EDIT = 'CAN_EDIT'; public const DELETE = 'CAN_DELETE'; private Security $security; private WorkValidationRequestManager $workValidationRequestManager; public function __construct(Security $security, WorkValidationRequestManager $workValidationRequestManager) { $this->security = $security; $this->workValidationRequestManager = $workValidationRequestManager; } protected function supports($attribute, $subject): bool { $supportsAttribute = in_array($attribute, [self::CREATE, self::DELETE, self::EDIT, self::READ]); $supportsSubject = $subject instanceof WorkValidationRequest; return $supportsAttribute && $supportsSubject; } /** * @param mixed $subject */ protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool { $user = $this->security->getUser(); if (!$user) { return false; } switch ($attribute) { case self::CREATE: return $this->canCreate($subject, $user); case self::READ: return $this->canRead($subject, $user); case self::EDIT: return $this->canEdit($subject, $user); case self::DELETE: return $this->canDelete($subject, $user); } return false; } private function canCreate(WorkValidationRequest $workValidationRequest, User $user): bool { if ($this->security->isGranted(Authorization::ROLE_ADMIN) || $this->security->isGranted(Authorization::ROLE_SAVILLS_TECHNICAL_MANAGER)) { return true; } return false; } private function canRead(WorkValidationRequest $workValidationRequest, User $user): bool { if ($this->security->isGranted(Authorization::ROLE_ADMIN)) { return true; } if ($this->security->isGranted(Authorization::ROLE_SAVILLS_RENTAL_MANAGER) || $this->security->isGranted(Authorization::ROLE_SAVILLS_TECHNICAL_ASSISTANT)) { if ($user->getCompany()->getId() === $workValidationRequest->getOwnerCompany()->getId()) { return true; } } /*if ($this->security->isGranted(Authorization::ROLE_SERVICE_PROVIDER_ADMIN)) { if ($user->getCompany()->getId() === $workValidationRequest->getServiceProviderCompany()->getId()) { return true; } }*/ return $this->workValidationRequestManager->hasAccess($workValidationRequest, $this->security->getUser()); } private function canEdit(WorkValidationRequest $workValidationRequest, User $user): bool { if ($this->security->isGranted(Authorization::ROLE_SAVILLS_RENTAL_MANAGER) || $this->security->isGranted(Authorization::ROLE_SAVILLS_TECHNICAL_ASSISTANT)) { if ($user->getCompany()->getId() === $workValidationRequest->getOwnerCompany()->getId()) { return true; } } return $this->canRead($workValidationRequest, $user); } private function canDelete(workValidationRequest $workValidationRequest, User $user): bool { if ($this->security->isGranted(Authorization::ROLE_SAVILLS_OWNER_ADMIN)) { return true; } return false; }}