src/Security/SimpleVoter.php line 12

Open in your IDE?
  1. <?php
  2. //----------------------------------------------------------------------
  3. // src/Security/SimpleVoter.php
  4. //----------------------------------------------------------------------
  6. namespace App\Security;
  8. use App\Entity\Access;
  9. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  10. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  12. class SimpleVoter extends Voter
  13. {
  14.     //--------------------------------------------------------------------------------
  15.     const OPEN_SESAME "open_sesame";
  16.     //--------------------------------------------------------------------------------
  17.     const ACCESS_READING "access_reading";
  18.     const ACCESS_TRACKING "access_tracking";
  19.     const ACCESS_VEHICLE "access_vehicle";
  20.     //--------------------------------------------------------------------------------
  21.     const ACCESS_GLOBALS = array(
  22.         self::OPEN_SESAME,
  24.         self::ACCESS_READING,
  25.         self::ACCESS_TRACKING,
  26.         self::ACCESS_VEHICLE,
  27.     );
  28.     //--------------------------------------------------------------------------------
  30.     protected function supports(string $attribute$subject): bool
  31.     {
  32.         // if the attribute isn't one we support, return false
  33.         if (!in_array($attributeself::ACCESS_GLOBALS))
  34.         {
  35.             return false;
  36.         }
  38.         // only vote on Post objects
  39.         // if (!$subject instanceof Post)
  40.         // {
  41.         //     return false;
  42.         // }
  44.         return true;
  45.     }
  47.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  48.     {
  49.         $user $token->getUser();
  51.         if (!$user instanceof Access)
  52.         {
  53.             // the user must be logged in; if not, deny access
  54.             return false;
  55.         }
  57.         // The user must be the owner of the object
  58.         if ($subject !== null)
  59.         {
  60.             $owner $subject->getOwner();
  61.             if ($owner === null)
  62.                 return false;
  63.             if (!$owner->equals($user))
  64.                 return false;
  65.         }
  67.         switch ($attribute)
  68.         {
  69.             case self::OPEN_SESAME:
  70.                 return $this->canOpenSesame($user);
  71.             case self::ACCESS_READING:
  72.                 return $this->canAccessReading($user$subject);
  73.             case self::ACCESS_TRACKING:
  74.                 return $this->canAccessTracking($user$subject);
  75.             case self::ACCESS_VEHICLE:
  76.                 return $this->canAccessVehicle($user$subject);
  77.         }
  79.         throw new \LogicException('This code should not be reached!');
  80.     }
  82.     private function canOpenSesame(Access $user): bool
  83.     {
  84.         if ($user->getId() === 2)
  85.         {
  86.             return true;
  87.         }
  88.         return false;
  89.     }
  91.     private function canAccessReading(Access $user$subject): bool
  92.     {
  93.         return true;
  94.     }
  96.     private function canAccessTracking(Access $user$subject): bool
  97.     {
  98.         return true;
  99.     }
  101.     private function canAccessVehicle(Access $user$subject): bool
  102.     {
  103.         return true;
  104.     }
  105. }