src/Security/EmployeeRouteVoter.php line 17

Open in your IDE?
  1. <?php
  3. namespace App\Security;
  5. use App\Entity\AppActions;
  6. use App\Entity\AppUser;
  7. use App\Entity\Employee;
  8. use App\Entity\RoleAction;
  9. use App\Entity\UserRole;
  10. use App\Utils\Consts;
  11. use Doctrine\ORM\EntityManagerInterface;
  12. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  13. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  14. use Symfony\Component\Security\Core\Security;
  15. use Symfony\Component\Security\Core\User\UserInterface;
  17. class EmployeeRouteVoter extends Voter
  18. {
  19.     public const CREATE 'CREATE';
  20.     public const VIEW 'VIEW';
  21.     public const EDIT 'EDIT';
  23.     protected function supports(string $attribute$subject): bool
  24.     {
  25.         // replace with your own logic
  26.         // https://symfony.com/doc/current/security/voters.html
  27.         return in_array($attribute, [self::CREATEself::VIEWself::EDIT])
  28.             && $subject instanceof \App\Entity\Employee;
  29.     }
  31.     private $entityManager;
  32.     private $security;
  34.     public function __construct(EntityManagerInterface $entityManager,Security $security)
  35.     {
  36.         $this->entityManager $entityManager;
  37.         $this->security $security;
  38.     }
  40.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  41.     {
  42.         $user $token->getUser();
  44.         if (!$user instanceof AppUser) {
  45.             // the user must be logged in; if not, deny access
  46.             return false;
  47.         }
  49.         // you know $subject is a Post object, thanks to `supports()`
  50.         /** @var Employee $employee */
  51.         $employee $subject;
  53.         switch ($attribute) {
  54.             case self::VIEW:
  55.                 return $this->canView($employee$user);
  56.             case self::EDIT:
  57.                 return $this->canEdit($employee$user);
  58.             case self::CREATE:
  59.                 return $this->canCreate($employee$user);
  60.         }
  62.         return false;
  63.     }
  65.     private function canView(Employee $employeeAppUser $user): bool
  66.     {
  67.         // if they can edit, they can view
  68.         return $this->entityManager->getRepository(RoleAction::class)->
  69.         hasRoleActionWithReadPermission($user,'Employee');
  71.     }
  73.     private function canEdit(Employee $employeeAppUser $user): bool
  74.     {
  75.         // this assumes that the Employee object has a `getOwner()` method
  76.         return $this->entityManager->getRepository(RoleAction::class)->
  77.         hasRoleActionWithEditPermission($user,'Employee');
  78.     }
  80.     private function canCreate(Employee $employeeAppUser $user): bool
  81.     {
  82.         // this assumes that the Employee object has a `getOwner()` method
  83.         return $this->entityManager->getRepository(RoleAction::class)->
  84.         hasRoleActionWithCreatePermission($user,'Employee');
  85.     }
  86. }