src/Security/TaskVoter.php line 12

Open in your IDE?
  1. <?php
  2. namespace App\Security;
  4. use App\Entity\Collaborator;
  6. use App\Entity\Project\Task;
  7. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  8. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  9. use Symfony\Component\Security\Core\Security;
  10. use Symfony\Contracts\Translation\TranslatorInterface;
  12. class TaskVoter extends Voter
  13. {
  14.     const VIEW          'view';
  15.     const NEW          = 'new';
  16.     const EDIT          'edit';
  18.     private $security;
  19.     private $translator;
  21.     public function __construct(Security $security,TranslatorInterface $translator)
  22.     {
  23.         $this->security $security;
  24.         $this->translator=$translator;
  25.     }
  27.     protected function supports(string $attribute$subject): bool
  28.     {
  30.         // if the attribute isn't one we support, return false
  31.         if (!in_array($attribute, [self::VIEWself::EDITself::NEW])) {
  32.             return false;
  33.         }
  35.         // only vote on `Task` objects
  36.         if (!$subject instanceof Task) {
  37.             return false;
  38.         }
  40.         return true;
  41.     }
  43.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  44.     {   
  45.         $collaborator $token->getUser()->getCollaborator();
  47.         if (!$collaborator instanceof Collaborator) {
  48.             return false;
  49.         }
  51.         // you know $subject is a Task object, thanks to `supports()`
  52.         /** @var Task $task */
  53.         $task $subject;
  55.         switch ($attribute) {
  56.             case self::VIEW:
  57.                 return $this->canView($task$collaborator);
  58.             case self::EDIT:
  59.                 return $this->canEdit($task$collaborator);
  60.             case self::NEW:
  61.                 return $this->canNew($task$collaborator);
  62.         }
  64.         throw new \LogicException('This code should not be reached!');
  65.     }
  67.     private function canView(Task $taskCollaborator $collaborator): bool
  68.     {
  70.         if($project=$task->getProject()){
  71.             if(
  72.                 !$this->isGranted('ROLE_ADMIN')
  73.                 and !in_array($collaborator,$project->getCollaborators()->toArray())
  74.                 and $task->getManager()!=$collaborator
  75.             ){
  76.                 return false;
  77.             }
  78.         }else{
  80.             if(
  81.                 !$this->isGranted('ROLE_ADMIN')
  82.                 and !in_array($collaborator,$task->getCollaborators()->toArray())
  83.                 and $task->getManager()!=$collaborator
  84.             ){
  85.                 return false;
  86.             }
  87.         }
  90.         return true;
  91.     }
  94.     private function canEdit(Task $taskCollaborator $collaborator): bool
  95.     {
  97.         if(
  98.             !$this->isGranted('ROLE_ADMIN')
  99.             and $task->getManager()!=$collaborator
  100.         ){
  101.             return false;
  102.         }
  103.         return true;
  104.     }
  106.     private function canNew(Task $taskCollaborator $collaborator): bool
  107.     {
  108.         if(
  109.             !$this->isGranted('ROLE_ADMIN')
  110.             and !$this->isGranted('ROLE_MANAGER_RH')
  111.         ){
  112.             return false;
  113.         }
  114.         return true;
  115.     }
  117.     private function isGranted($role)
  118.     {
  119.         return $this->security->isGranted($role);
  120.     }
  121. }