src/Security/PosteRouteVoter.php line 18

Open in your IDE?
  1. <?php
  3. namespace App\Security;
  5. use App\Entity\AppActions;
  6. use App\Entity\AppUser;
  7. use App\Entity\Employee;
  8. use App\Entity\Poste;
  9. use App\Entity\RoleAction;
  10. use App\Entity\UserRole;
  11. use App\Utils\Consts;
  12. use Doctrine\ORM\EntityManagerInterface;
  13. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  14. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  15. use Symfony\Component\Security\Core\Security;
  16. use Symfony\Component\Security\Core\User\UserInterface;
  18. class PosteRouteVoter extends Voter
  19. {
  20.     public const CREATE 'CREATE';
  21.     public const VIEW 'VIEW';
  22.     public const EDIT 'EDIT';
  24.     protected function supports(string $attribute$subject): bool
  25.     {
  26.         // replace with your own logic
  27.         // https://symfony.com/doc/current/security/voters.html
  28.         return in_array($attribute, [self::CREATEself::VIEWself::EDIT])
  29.             && $subject instanceof \App\Entity\Poste;
  30.     }
  32.     private $entityManager;
  33.     private $security;
  35.     public function __construct(EntityManagerInterface $entityManager,Security $security)
  36.     {
  37.         $this->entityManager $entityManager;
  38.         $this->security $security;
  39.     }
  41.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  42.     {
  43.         $user $token->getUser();
  45.         if (!$user instanceof AppUser) {
  46.             // the user must be logged in; if not, deny access
  47.             return false;
  48.         }
  50.         // you know $subject is a Post object, thanks to `supports()`
  51.         /** @var Poste $poste */
  52.         $poste $subject;
  54.         $isCentral false;
  56.         $userPosteDirector $this->entityManager->getRepository(Employee::class)->findOneBy(['partner' => $user->getPartner()])->getPosteDirector();
  57.         $subjectPosteDirector $subject->getPosteDirector();
  59.         if ($this->entityManager->getRepository(RoleAction::class)->hasRoleAction($user,'isCentrale')) {
  60.             $isCentral true;
  61.         }
  63.         switch ($attribute) {
  64.             case self::VIEW:
  65.                 return $this->canView($poste$user$userPosteDirector$subjectPosteDirector$isCentral);
  66.             case self::EDIT:
  67.                 return $this->canEdit($poste$user$userPosteDirector$subjectPosteDirector$isCentral);
  68.             case self::CREATE:
  69.                 return $this->canCreate($poste$user);
  70.         }
  72.         return false;
  73.     }
  75.     private function canView(Poste $posteAppUser $user$userPosteDirector$subjectPosteDirector$isCentral): bool
  76.     {
  77.         // if they can edit, they can view
  78.         if ($this->entityManager->getRepository(RoleAction::class)->hasRoleActionWithReadPermission($user,'Poste')) {
  79.             if (($userPosteDirector == $subjectPosteDirector) || ($isCentral)) {
  80.                 return true;
  81.             }
  82.             else{ return false; }
  83.         }
  84.         else{ return false; }
  86.     }
  88.     private function canEdit(Poste $posteAppUser $user$userPosteDirector$subjectPosteDirector$isCentral): bool
  89.     {
  90.         // this assumes that the Poste object has a `getOwner()` method
  91.         if ($this->entityManager->getRepository(RoleAction::class)->hasRoleActionWithEditPermission($user,'Poste')) {
  92.             if (($userPosteDirector == $subjectPosteDirector) || ($isCentral)) {
  93.                 return true;
  94.             }
  95.             else{ return false; }
  96.         }
  97.         else{ return false; }
  98.     }
  100.     private function canCreate(Poste $posteAppUser $user): bool
  101.     {
  102.         // this assumes that the Poste object has a `getOwner()` method
  103.         return $this->entityManager->getRepository(RoleAction::class)->
  104.         hasRoleActionWithCreatePermission($user,'Poste');
  105.     }
  106. }