src/Security/Voter/StudyGroupVoter.php line 15

Open in your IDE?
  1. <?php
  4. namespace App\Security\Voter;
  7. use App\Entity\Job\Lecturer;
  8. use App\Entity\User;
  9. use App\Entity\StudyGroup;
  10. use App\Entity\Job\Tutor;
  11. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  12. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  13. use Symfony\Component\Security\Core\Security;
  15. class StudyGroupVoter extends Voter
  16. {
  17.     const UPDATE 'STUDY_GROUP_UPDATE';
  18.     const DELETE 'STUDY_GROUP_DELETE';
  19.     const READ 'STUDY_GROUP_READ';
  21.     private $security;
  23.     /**
  24.      * @param Security $security
  25.      */
  26.     public function __construct(Security $security)
  27.     {
  28.         $this->security $security;
  29.     }
  31.     protected function supports($attribute$subject)
  32.     {
  33.         // if the attribute isn't one we support, return false
  34.         if (!in_array($attribute, [self::UPDATEself::DELETEself::READ])) {
  35.             return false;
  36.         }
  38.         // only vote on StudyGroup objects inside this voter
  39.         if (!$subject instanceof StudyGroup) {
  40.             return false;
  41.         }
  43.         return true;
  44.     }
  46.     protected function voteOnAttribute($attribute$subjectTokenInterface $token)
  47.     {
  48.         $user $token->getUser();
  50.         if (!$user instanceof User) {
  51.             // the user must be logged in; if not, deny access
  52.             return false;
  53.         }
  55.         if ($this->security->isGranted(User::ROLE_ADMIN)) {
  56.             return true;
  57.         }
  59.         /** @var StudyGroup $studyGroup */
  60.         $studyGroup $subject;         // you know $subject is a StudyGroup object, thanks to supports
  62.         switch ($attribute) {
  63.             case self::UPDATE:
  64.                 return $this->canUpdate($studyGroup$user);
  65.             case self::DELETE:
  66.                 return $this->canDelete($studyGroup$user);
  67.             case self::READ:
  68.                 return $this->canRead($studyGroup$user);
  69.         }
  71.         throw new \LogicException('This code should not be reached!');
  72.     }
  74.     private function canUpdate(StudyGroup $studyGroupUser $user)
  75.     {
  76.         if ($this->security->isGranted(User::ROLE_TUTOR)) {
  77.             return $studyGroup->getTutors()->contains($user->getJob(Tutor::class));
  78.         } elseif ($this->security->isGranted(User::ROLE_LECTURER)) {
  79.             return $studyGroup->getCourse()->getLecturers()->contains($user->getJob(Lecturer::class));
  80.         }
  82.         return false;
  83.     }
  85.     private function canDelete(StudyGroup $studyGroupUser $user)
  86.     {
  87.         if ($this->security->isGranted(User::ROLE_LECTURER)) {
  88.             return $studyGroup->getCourse()->getLecturers()->contains($user->getJob(Lecturer::class));
  89.         }
  91.         return false;
  92.     }
  94.     private function canRead(StudyGroup $studyGroupUser $user)
  95.     {
  96.         if ($this->security->isGranted(User::ROLE_TUTOR)) {
  97.             return $studyGroup->getTutors()->contains($user->getJob(Tutor::class));
  98.         } elseif ($this->security->isGranted(User::ROLE_LECTURER)) {
  99.             return $studyGroup->getCourse()->getLecturers()->contains($user->getJob(Lecturer::class));
  100.         }
  102.         return false;
  103.     }
  104. }