src/Security/Voter/CourseVoter.php line 16

Open in your IDE?
  1. <?php
  4. namespace App\Security\Voter;
  7. use App\Entity\Course;
  8. use App\Entity\Job\Lecturer;
  9. use App\Entity\Job\Tutor;
  10. use App\Entity\User;
  11. use Doctrine\ORM\EntityManagerInterface;
  12. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  13. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  14. use Symfony\Component\Security\Core\Security;
  16. class CourseVoter extends Voter
  17. {
  18.     const UPDATE 'COURSE_UPDATE';
  19.     const DELETE 'COURSE_DELETE';
  20.     const READ 'COURSE_READ';
  22.     private $security;
  24.     private $entityManager;
  26.     /**
  27.      * @param Security $security
  28.      * @param EntityManagerInterface $entityManager
  29.      */
  30.     public function __construct(Security $securityEntityManagerInterface $entityManager)
  31.     {
  32.         $this->security $security;
  33.         $this->entityManager $entityManager;
  34.     }
  36.     protected function supports($attribute$subject)
  37.     {
  38.         // if the attribute isn't one we support, return false
  39.         if (!in_array($attribute, [self::UPDATEself::DELETEself::READ])) {
  40.             return false;
  41.         }
  43.         // only vote on Course objects inside this voter
  44.         if (!$subject instanceof Course) {
  45.             return false;
  46.         }
  48.         return true;
  49.     }
  51.     protected function voteOnAttribute($attribute$subjectTokenInterface $token)
  52.     {
  53.         $user $token->getUser();
  55.         if (!$user instanceof User) {
  56.             // the user must be logged in; if not, deny access
  57.             return false;
  58.         }
  60.         if ($this->security->isGranted(User::ROLE_ADMIN)) {
  61.             return true;
  62.         }
  64.         /** @var Course $course */
  65.         $course $subject;         // you know $subject is a Course object, thanks to supports
  67.         switch ($attribute) {
  68.             case self::UPDATE:
  69.                 return $this->canUpdate($course$user);
  70.             case self::DELETE:
  71.                 return $this->canDelete($course$user);
  72.             case self::READ:
  73.                 return $this->canRead($course$user);
  74.         }
  76.         throw new \LogicException('This code should not be reached!');
  77.     }
  79.     private function canUpdate(Course $courseUser $user)
  80.     {
  81.         if ($this->security->isGranted(User::ROLE_LECTURER)) {
  82.             return $course->getLecturers()->contains($user->getJob(Lecturer::class));
  83.         }
  85.         return false;
  86.     }
  88.     private function canDelete(Course $courseUser $user)
  89.     {
  90.         if ($this->security->isGranted(User::ROLE_LECTURER)) {
  91.             return $course->getLecturers()->contains($user->getJob(Lecturer::class));
  92.         }
  94.         return false;
  95.     }
  97.     private function canRead(Course $courseUser $user)
  98.     {
  99.         if ($this->security->isGranted(User::ROLE_LECTURER)) {
  100.             return $course->getLecturers()->contains($user->getJob(Lecturer::class));
  101.         }
  103.         if ($this->security->isGranted(User::ROLE_TUTOR)) {
  104.             $tutorsInCourse $this->entityManager->getRepository(Tutor::class)->findByCourse($course);
  106.             return in_array($user->getJob(Tutor::class), $tutorsInCourse);
  107.         }
  109.         return false;
  110.     }
  111. }