src/Security/BlogVoter.php line 14

Open in your IDE?
  1. <?php
  2. //----------------------------------------------------------------------
  3. // src/Security/BlogVoter.php
  4. //----------------------------------------------------------------------
  6. namespace App\Security;
  8. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  9. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  11. use App\Entity\Access;
  12. use App\Entity\Blog\Article;
  14. class BlogVoter extends Voter
  15. {
  16.     //--------------------------------------------------------------------------------
  17.     const DASHBOARD "blog_dashboard";
  18.     const ADD_ARTICLE "blog_article_add";
  19.     const VIEW_ARTICLE "blog_article_view";
  20.     const EDIT_ARTICLE "blog_article_edit";
  21.     const PUBLISH_ARTICLE "blog_article_publish";
  22.     const DELETE_ARTICLE "blog_article_delete";
  23.     //--------------------------------------------------------------------------------
  24.     const PERMISSIONS = array(
  25.         self::DASHBOARD,
  26.         self::ADD_ARTICLE,
  27.         self::VIEW_ARTICLE,
  28.         self::EDIT_ARTICLE,
  29.         self::PUBLISH_ARTICLE,
  30.         self::DELETE_ARTICLE,
  31.     );
  32.     //--------------------------------------------------------------------------------
  34.     protected function supports(string $attribute$subject): bool
  35.     {
  36.         // if the attribute isn't one we support, return false
  37.         if (!in_array($attributeself::PERMISSIONS))
  38.         {
  39.             return false;
  40.         }
  42.         // Only vote on Article objects (if subject is not null)
  43.         if ($subject !== null && !$subject instanceof Article)
  44.         {
  45.             return false;
  46.         }
  48.         return true;
  49.     }
  51.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  52.     {
  53.         $user $token->getUser();
  55.         if (!$user instanceof Access)
  56.         {
  57.             // the user must be logged in; if not, deny access
  58.             return false;
  59.         }
  61.         // The user must be the owner of the object
  62.         // if ($subject !== null)
  63.         // {
  64.         //     $owner = $subject->getOwner();
  65.         //     if ($owner === null)
  66.         //         return false;
  67.         //     if (!$owner->equals($user))
  68.         //         return false;
  69.         // }
  71.         switch ($attribute)
  72.         {
  73.             case self::DASHBOARD:
  74.                 return $this->canAccessDashboard($user);
  75.             case self::ADD_ARTICLE:
  76.                 return $this->canAddArticle($user);
  77.             case self::VIEW_ARTICLE:
  78.                 return $this->canViewArticle($user$subject);
  79.             case self::EDIT_ARTICLE:
  80.                 return $this->canEditArticle($user$subject);
  81.             case self::PUBLISH_ARTICLE:
  82.                 return $this->canPublishArticle($user$subject);
  83.             case self::DELETE_ARTICLE:
  84.                 return $this->canDeleteArticle($user$subject);
  85.         }
  87.         throw new \LogicException('This code should not be reached!');
  88.     }
  90.     private function canAccessDashboard(Access $user): bool
  91.     {
  92.         return true;
  93.     }
  95.     private function canAddArticle(Access $user): bool
  96.     {
  97.         return true;
  98.     }
  100.     private function canViewArticle(Access $userArticle $subject): bool
  101.     {
  102.         return true;
  103.     }
  105.     private function canEditArticle(Access $userArticle $subject): bool
  106.     {
  107.         return true;
  108.     }
  110.     private function canPublishArticle(Access $userArticle $subject): bool
  111.     {
  112.         return true;
  113.     }
  115.     private function canDeleteArticle(Access $userArticle $subject): bool
  116.     {
  117.         return true;
  118.     }
  119. }