src/Security/ChangeLogVoter.php line 40

Open in your IDE?
  1. <?php
  2. //------------------------------------------------------------------------------
  3. // src/Security/ChangeLogVoter.php
  4. //------------------------------------------------------------------------------
  5. namespace App\Security;
  7. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  8. use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
  9. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  10. use Doctrine\Persistence\ManagerRegistry;
  12. use App\Entity\Access;
  13. use App\Entity\Security\Acl;
  14. use App\Entity\Log\ChangeLog;
  16. class ChangeLogVoter extends Voter
  17. {
  18.     //--------------------------------------------------------------------------------
  19.     // is_granted constants
  20.     const ADD "add_change_log";
  21.     const LISTING "list_change_logs";
  22.     const VIEW "view_change_log";
  23.     const EDIT "edit_change_log";
  25.     const IS_GRANTED_CONSTANTS = array(
  26.         self::ADD,
  27.         self::LISTING,
  28.         self::VIEW,
  29.         self::EDIT,
  30.     );
  32.     //--------------------------------------------------------------------------------
  33.     // acl constants
  34.     // none
  35.     //--------------------------------------------------------------------------------
  37.     public function __construct(AccessDecisionManagerInterface $accessDecisionManagerManagerRegistry $doctrine)
  38.     {
  39.         $this->accessDecisionManager $accessDecisionManager;
  40.         $this->em $doctrine->getManager();
  41.     }
  43.     // Plan.io Task #4453 [See AccessVoter for details]
  44.     public function supportsAttribute(string $attribute): bool
  45.     {
  46.         return in_array($attributeself::IS_GRANTED_CONSTANTStrue);
  47.     }
  49.     protected function supports(string $attribute$subject): bool
  50.     {
  51.         // if the attribute isn't one we support, return false
  52.         if (!in_array($attributeself::IS_GRANTED_CONSTANTS))
  53.         {
  54.             return false;
  55.         }
  57.         // only vote on Bug objects inside this voter
  58.         if ($subject !== null && !$subject instanceof ChangeLog)
  59.         {
  60.             return false;
  61.         }
  63.         return true;
  64.     }
  66.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  67.     {
  68.         // ROLE_USER and ROLE_ADMIN
  69.         $user $token->getUser();
  71.         if (!$user instanceof Access)
  72.         {
  73.             // the user must be logged in; if not, deny access
  74.             return false;
  75.         }
  77.         $changeLog $subject;
  79.         switch ($attribute)
  80.         {
  81.             case self::ADD:
  82.             {
  83.                 return $this->accessDecisionManager->decide($token, ['is_admin']);
  84.             }
  86.             case self::LISTING:
  87.             {
  88.                 return $this->accessDecisionManager->decide($token, ['IS_AUTHENTICATED_FULLY']);
  89.             }
  91.             case self::VIEW:
  92.             {
  93.                 return $this->canView($changeLog$token);
  94.             }
  96.             case self::EDIT:
  97.             {
  98.                 return $this->accessDecisionManager->decide($token, ['is_admin']);
  99.             }
  100.         }
  102.         throw new \LogicException('This code should not be reached!');
  103.     }
  105.     private function canView(ChangeLog $changeLog$token)
  106.     {
  107.         if ($this->accessDecisionManager->decide($token, ['is_admin']))
  108.         {
  109.             return true;
  110.         }
  111.         // For ROLE_USER check if the change log is published
  112.         if ($this->accessDecisionManager->decide($token, ['ROLE_USER']))
  113.         {
  114.             if ($changeLog->isPublished())
  115.             {
  116.                 return true;
  117.             }
  118.         }
  119.         // All hope is lost
  120.         return false;
  121.     }
  122. }