src/Security/SimpleVoter.php line 12

Open in your IDE?
  1. <?php
  2. //----------------------------------------------------------------------
  3. // src/Security/SimpleVoter.php
  4. //----------------------------------------------------------------------
  6. namespace App\Security;
  8. use App\Entity\Access;
  9. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  10. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  12. class SimpleVoter extends Voter
  13. {
  14.     //--------------------------------------------------------------------------------
  15.     const OPEN_SESAME "open_sesame";
  16.     //--------------------------------------------------------------------------------
  17.     const ACCESS_COMMONPLACE "access_commonplace";
  18.     const ACCESS_BLUEPRINT "access_blueprint";
  19.     const ACCESS_BUDGET "access_budget";
  20.     const ACCESS_KEEP "access_keep";
  21.     const ACCESS_READING "access_reading";
  22.     const ACCESS_TRACKING "access_tracking";
  23.     const ACCESS_VEHICLE "access_vehicle";
  24.     //--------------------------------------------------------------------------------
  25.     const ACCESS_GLOBALS = array(
  26.         self::OPEN_SESAME,
  28.         self::ACCESS_COMMONPLACE,
  29.         self::ACCESS_BLUEPRINT,
  30.         self::ACCESS_BUDGET,
  31.         self::ACCESS_KEEP,
  32.         self::ACCESS_READING,
  33.         self::ACCESS_TRACKING,
  34.         self::ACCESS_VEHICLE,
  35.     );
  36.     //--------------------------------------------------------------------------------
  38.     protected function supports(string $attribute$subject): bool
  39.     {
  40.         // if the attribute isn't one we support, return false
  41.         if (!in_array($attributeself::ACCESS_GLOBALS))
  42.         {
  43.             return false;
  44.         }
  46.         // only vote on Post objects
  47.         // if (!$subject instanceof Post)
  48.         // {
  49.         //     return false;
  50.         // }
  52.         return true;
  53.     }
  55.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  56.     {
  57.         $user $token->getUser();
  59.         if (!$user instanceof Access)
  60.         {
  61.             // the user must be logged in; if not, deny access
  62.             return false;
  63.         }
  65.         // The user must be the owner of the object
  66.         if ($subject !== null)
  67.         {
  68.             $owner $subject->getOwner();
  69.             if ($owner === null)
  70.                 return false;
  71.             if (!$owner->equals($user))
  72.                 return false;
  73.         }
  75.         switch ($attribute)
  76.         {
  77.             case self::OPEN_SESAME:
  78.                 return $this->canOpenSesame($user);
  80.             case self::ACCESS_COMMONPLACE:
  81.                 return $this->canAccessCommonplace($user$subject);
  82.             case self::ACCESS_BLUEPRINT:
  83.                 return $this->canAccessBlueprint($user$subject);
  84.             case self::ACCESS_BUDGET:
  85.                 return $this->canAccessBudget($user$subject);
  86.             case self::ACCESS_KEEP:
  87.                 return $this->canAccessKeep($user$subject);
  88.             case self::ACCESS_READING:
  89.                 return $this->canAccessReading($user$subject);
  90.             case self::ACCESS_TRACKING:
  91.                 return $this->canAccessTracking($user$subject);
  92.             case self::ACCESS_VEHICLE:
  93.                 return $this->canAccessVehicle($user$subject);
  94.         }
  96.         throw new \LogicException('This code should not be reached!');
  97.     }
  99.     private function canOpenSesame(Access $user): bool
  100.     {
  101.         if ($user->getId() === 2)
  102.         {
  103.             return true;
  104.         }
  105.         return false;
  106.     }
  108.     private function canAccessCommonplace(Access $user$subject): bool
  109.     {
  110.         return true;
  111.     }
  113.     private function canAccessBlueprint(Access $user$subject): bool
  114.     {
  115.         return true;
  116.     }
  118.     private function canAccessBudget(Access $user$subject): bool
  119.     {
  120.         return true;
  121.     }
  123.     private function canAccessKeep(Access $user$subject): bool
  124.     {
  125.         return true;
  126.     }
  128.     private function canAccessReading(Access $user$subject): bool
  129.     {
  130.         return true;
  131.     }
  133.     private function canAccessTracking(Access $user$subject): bool
  134.     {
  135.         return true;
  136.     }
  138.     private function canAccessVehicle(Access $user$subject): bool
  139.     {
  140.         return true;
  141.     }
  142. }