src/Security/VacationRouteVoter.php line 18

Open in your IDE?
  1. <?php
  3. namespace App\Security;
  5. use App\Entity\AppActions;
  6. use App\Entity\AppUser;
  7. use App\Entity\Employee;
  8. use App\Entity\RoleAction;
  9. use App\Entity\UserRole;
  10. use App\Entity\Vacation;
  11. use App\Utils\Consts;
  12. use Doctrine\ORM\EntityManagerInterface;
  13. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  14. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  15. use Symfony\Component\Security\Core\Security;
  16. use Symfony\Component\Security\Core\User\UserInterface;
  18. class VacationRouteVoter extends Voter
  19. {
  20.     public const CREATE 'CREATE';
  21.     public const VIEW 'VIEW';
  22.     public const EDIT 'EDIT';
  24.     protected function supports(string $attribute$subject): bool
  25.     {
  26.         // replace with your own logic
  27.         // https://symfony.com/doc/current/security/voters.html
  28.         return in_array($attribute, [self::CREATEself::VIEWself::EDIT])
  29.             && $subject instanceof \App\Entity\Vacation;
  30.     }
  32.     private $entityManager;
  33.     private $security;
  35.     public function __construct(EntityManagerInterface $entityManager,Security $security)
  36.     {
  37.         $this->entityManager $entityManager;
  38.         $this->security $security;
  39.     }
  41.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  42.     {
  43.         $user $token->getUser();
  45.         if (!$user instanceof AppUser) {
  46.             // the user must be logged in; if not, deny access
  47.             return false;
  48.         }
  50.         // you know $subject is a Post object, thanks to `supports()`
  51.         /** @var Vacation $vacation */
  52.         $vacation $subject;
  54.         switch ($attribute) {
  55.             case self::VIEW:
  56.                 return $this->canView($vacation$user);
  57.             case self::EDIT:
  58.                 return $this->canEdit($vacation$user);
  59.             case self::CREATE:
  60.                 return $this->canCreate($vacation$user);
  61.         }
  63.         return false;
  64.     }
  66.     private function canView(Vacation $vacationAppUser $user): bool
  67.     {
  68.         // if they can edit, they can view
  69.         return $this->entityManager->getRepository(RoleAction::class)->
  70.         hasRoleActionWithReadPermission($user,'Vacation');
  72.     }
  74.     private function canEdit(Vacation $vacationAppUser $user): bool
  75.     {
  76.         // this assumes that the Vacation object has a `getOwner()` method
  77.         return $this->entityManager->getRepository(RoleAction::class)->
  78.         hasRoleActionWithEditPermission($user,'Vacation');
  79.     }
  81.     private function canCreate(Vacation $vacationAppUser $user): bool
  82.     {
  83.         // this assumes that the Vacation object has a `getOwner()` method
  84.         return $this->entityManager->getRepository(RoleAction::class)->
  85.         hasRoleActionWithCreatePermission($user,'Vacation');
  86.     }
  87. }