src/Security/Voter/ProjectVoter.php line 14

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter;
  5. use App\Entity\Project;
  6. use App\Entity\ProjectPhase;
  7. use App\Entity\ProjectPhaseDocument;
  8. use App\Entity\ProjectStageDeploy;
  9. use App\Entity\User;
  10. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  11. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  12. use Symfony\Component\Security\Core\Security;
  14. class ProjectVoter extends Voter
  15. {
  16.     public const ACCESS_PROJECT 'ACCESS_PROJECT';
  18.     public const PROJECT_OWNER_OR_SUPERADMIN 'PROJECT_OWNER_OR_SUPERADMIN';
  20.     private Security $security;
  22.     public function __construct(Security $security)
  23.     {
  24.         $this->security $security;
  25.     }
  27.     protected function supports(string $attribute$subject): bool
  28.     {
  29.         return in_array($attribute, [self::ACCESS_PROJECTself::PROJECT_OWNER_OR_SUPERADMIN]) && ($subject instanceof Project || $subject instanceof ProjectStageDeploy || $subject === null);
  30.     }
  32.     /**
  33.      * @param Project $subject
  34.      */
  35.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  36.     {
  37.         /** @var User $user */
  38.         $user $token->getUser();
  39.         // if the user is anonymous, do not grant access
  40.         if (!$user instanceof User) {
  41.             return false;
  42.         }
  44.         $project null;
  45.         if ($subject instanceof Project) {
  46.             $project $subject;
  47.         }
  49.         if ($subject instanceof ProjectStageDeploy) {
  50.             $project $subject->getProjectStage()->getProject();
  51.         }
  53.         switch ($attribute) {
  54.             case self::ACCESS_PROJECT:
  55.                 if ($this->security->isGranted(User::ROLE_SUPER_ADMIN)) {
  56.                     return true;
  57.                 }
  58.                 if ($project) {
  59.                     if ($this->isOwner($user$project)) {
  60.                         return true;
  61.                     }
  62.                     if ($user->getProjects()->contains($project)) {
  63.                         return true;
  64.                     }
  65.                 }
  66.                 break;
  67.             case self::PROJECT_OWNER_OR_SUPERADMIN:
  68.                 if ($this->security->isGranted(User::ROLE_SUPER_ADMIN)) {
  69.                     return true;
  70.                 }
  71.                 if ($project) {
  72.                     if ($this->isOwner($user$project)) {
  73.                         return true;
  74.                     }
  75.                 }
  76.                 break;
  77.         }
  79.         return false;
  80.     }
  82.     private function isOwner(User $user, ?Project $project): bool
  83.     {
  84.         if ($project && (int) $project->getCreatedBy()->getId() === $user->getId()) {
  85.             return true;
  86.         }
  88.         return false;
  89.     }
  90. }