src/Security/Voter/Garages/GarageVoter.php line 14

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter\Garages;
  5. use App\Entity\Garages\Garage;
  6. use App\Entity\User;
  7. use App\Enum\MenuRolesManagerEnum;
  8. use App\Enum\UserRolesEnum;
  9. use App\Enum\VotersEnum;
  10. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  11. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  12. use Symfony\Component\Security\Core\Security;
  14. final class GarageVoter extends Voter
  15. {
  16.     private Security $security;
  17.     private array $voters;
  19.     public function __construct(Security $security)
  20.     {
  21.         $this->security $security;
  22.         $this->voters = [
  23.             VotersEnum::LIST_GARAGE,
  24.             VotersEnum::CREATE_GARAGE,
  25.             VotersEnum::READ,
  26.             VotersEnum::UPDATE,
  27.             VotersEnum::DELETE,
  28.             VotersEnum::EXPORT_GARAGE,
  29.             VotersEnum::EXPORT_GARAGE_WHATSAPP,
  30.             VotersEnum::PURCHASE_TRACKING_READ,
  31.             VotersEnum::UPDATE_GARAGE_OWNER,
  32.         ];
  33.     }
  35.     protected function supports(string $attribute$subject): bool
  36.     {
  37.         // first check the $subject and last if the $attribute is supported,
  38.         // because there are attributes (with subject) used as well by other voters (like UPDATE, ...)
  39.         if ($subject && !$subject instanceof Garage) {
  40.             // only vote on these objects
  41.             return false;
  42.         }
  43.         if (in_array($attribute$this->voters)) {
  44.             // if the attribute is one we support
  45.             return true;
  46.         }
  48.         return false;
  49.     }
  51.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  52.     {
  53.         $user $token->getUser();
  54.         if (!$user instanceof User) {
  55.             // the user must be logged in; if not, deny access
  56.             return false;
  57.         }
  58.         switch ($attribute) {
  59.             case VotersEnum::LIST_GARAGE:
  60.                 return $this->canList();
  61.             case VotersEnum::CREATE_GARAGE:
  62.                 return $this->canCreate();
  63.             case VotersEnum::READ:
  64.                 return $this->canRead($subject$user);
  65.             case VotersEnum::UPDATE:
  66.                 return $this->canUpdate($subject$user);
  67.             case VotersEnum::UPDATE_GARAGE_OWNER:
  68.                 return $this->canUpdateGarageOwner($subject$user);
  69.             case VotersEnum::DELETE:
  70.                 return $this->canDelete();
  71.             case VotersEnum::EXPORT_GARAGE:
  72.                 return $this->canExport();
  73.             case VotersEnum::EXPORT_GARAGE_WHATSAPP:
  74.                 return $this->canExportWhatsapp();
  75.             case VotersEnum::PURCHASE_TRACKING_READ:
  76.                 return $this->canReadPurchaseTracking($subject$user);
  77.         }
  79.         throw new \LogicException('This code should not be reached!');
  80.     }
  82.     private function canList(): bool
  83.     {
  84.         return $this->isAdminUser() || $this->isQualityAdvisorUser() || $this->isAssociatedManagerUser();
  85.     }
  87.     private function canCreate(): bool
  88.     {
  89.         return $this->isAdminUser();
  90.     }
  92.     private function canRead(Garage $garageUser $user): bool
  93.     {
  94.         if ($this->isAdminUser() || $this->isAssociatedManagerUser() || $garage->isOwner($user) || $garage->isCoordinator($user)) {
  95.             return true;
  96.         }
  98.         return false;
  99.     }
  101.     private function canUpdate(Garage $garageUser $user): bool
  102.     {
  103.         if (($this->isAdminUser() || $garage->isOwner($user) || $garage->isCoordinator($user)) && !$this->isQualityAdvisorUser() && !$this->isAssociatedManagerUser()) {
  104.             return true;
  105.         }
  107.         return false;
  108.     }
  110.     private function canUpdateGarageOwner(Garage $garageUser $user): bool
  111.     {
  112.         if (($this->isAdminUser() || $garage->isOwner($user) || $garage->isCoordinator($user)) && !$this->isAssociatedManagerUser()) {
  113.             return true;
  114.         }
  116.         return false;
  117.     }
  119.     private function canDelete(): bool
  120.     {
  121.         return $this->isAdminUser();
  122.     }
  124.     private function canExport(): bool
  125.     {
  126.         return $this->isAdminUser();
  127.     }
  129.     private function canExportWhatsapp(): bool
  130.     {
  131.         return $this->isAdminUser() || $this->security->isGranted(MenuRolesManagerEnum::ROLE_MENU_WHATSAPP) || $this->isCoordinatorUser();
  132.     }
  134.     private function canReadPurchaseTracking(Garage $garageUser $user): bool
  135.     {
  136.         if (($this->isAdminUser() || $garage->isOwner($user) || $garage->isCoordinator($user)) || $this->isAssociatedManagerUser()) {
  137.             return true;
  138.         }
  140.         return false;
  141.     }
  143.     private function isAdminUser(): bool
  144.     {
  145.         return $this->security->isGranted(UserRolesEnum::ROLE_ADMIN_LONG);
  146.     }
  148.     private function isCoordinatorUser(): bool
  149.     {
  150.         return $this->security->isGranted(UserRolesEnum::ROLE_COORDINATOR_LONG);
  151.     }
  153.     private function isAssociatedManagerUser(): bool
  154.     {
  155.         return $this->security->isGranted(UserRolesEnum::ROLE_ASSOCIATED_MANAGER_LONG);
  156.     }
  158.     private function isQualityAdvisorUser(): bool
  159.     {
  160.         return $this->security->isGranted(UserRolesEnum::ROLE_QUALITY_ADVISOR_LONG);
  161.     }
  162. }