src/Security/CollaboratorVoter.php line 12

Open in your IDE?
  1. <?php
  2. namespace App\Security;
  4. use App\Entity\Collaborator;
  6. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  7. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  8. use Symfony\Component\Security\Core\Exception\AccessDeniedException;
  9. use Symfony\Component\Security\Core\Security;
  10. use Symfony\Contracts\Translation\TranslatorInterface;
  12. class CollaboratorVoter extends Voter
  13. {
  14.     const VIEW              'view';
  15.     const EDIT_PROFIL_LIGHT 'edit_profil_light';
  16.     const EDIT_INTERVIEW    'edit_interview';
  17.     const NEW               = 'new';
  20.     private $security;
  21.     private $translator;
  23.     public function __construct(Security $security,TranslatorInterface $translator)
  24.     {
  25.         $this->security $security;
  26.         $this->translator=$translator;
  27.     }
  29.     protected function supports(string $attribute$subject): bool
  30.     {
  31.         // if the attribute isn't one we support, return false
  32.         if (!in_array($attribute, [self::VIEWself::EDIT_PROFIL_LIGHT,self::EDIT_INTERVIEW,self::NEW])) {
  33.             return false;
  34.         }
  36.         // only vote on `Collaborator` objects
  37.         if (!$subject instanceof Collaborator) {
  38.             return false;
  39.         }
  41.         return true;
  42.     }
  44.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  45.     {
  46.         $collaborator_connected $token->getUser()->getCollaborator();
  48.         if (!$collaborator_connected instanceof Collaborator) {
  49.             return false;
  50.         }
  52.         // you know $subject is a Collaborator object, thanks to `supports()`
  53.         /** @var Collaborator $collaborator */
  54.         $collaborator $subject;
  56.         switch ($attribute) {
  57.             case self::VIEW:
  58.                 return $this->canView($collaborator,$collaborator_connected);
  59.             case self::NEW:
  60.                 return $this->canNew($collaborator,$collaborator_connected);
  61.             case self::EDIT_PROFIL_LIGHT:
  62.                 return $this->canEditProfileLight($collaborator,$collaborator_connected);
  63.             case self::EDIT_INTERVIEW:
  64.                 return $this->canEditInterview($collaborator,$collaborator_connected);
  65.         }
  67.         throw new \LogicException('This code should not be reached!');
  68.     }
  70.     private function canNew(Collaborator $collaborator,Collaborator $collaborator_connected): bool
  71.     {
  72.         return $this->isGranted('ROLE_ASSISTANT_RH');
  73.     }
  75.     private function canView(Collaborator $collaborator,Collaborator $collaborator_connected): bool
  76.     {
  77.         if(
  78.             !$this->isGranted('ROLE_ASSISTANT_RH')
  79.             and $collaborator_connected!=$collaborator
  80.             and !in_array($collaborator,$collaborator_connected->getAllListNMoins()->toArray())
  81.         ){
  82.             return false;
  83.         }
  84.         return true;
  85.     }
  87.     private function canEditProfileLight(Collaborator $collaborator,Collaborator $collaborator_connected)
  88.     {
  90.         return $this->isGranted('ROLE_ASSISTANT_RH') or $collaborator->getId()==$collaborator_connected->getId();
  91.     }
  93.     private function canEditInterview(Collaborator $collaborator,Collaborator $collaborator_connected)
  94.     {
  96.         return $this->isGranted('ROLE_ASSISTANT_RH') or in_array($collaborator,$collaborator_connected->getAllListNMoins()->toArray());
  97.     }
  100.     private function isGranted($role)
  101.     {
  102.         return $this->security->isGranted($role);
  103.     }
  104. }