src/Security/VehicleVoter.php line 11

Open in your IDE?
  1. <?php
  2. namespace App\Security;
  4. use App\Entity\Vehicles;
  5. use App\Entity\Users;
  6. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  7. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  8. use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
  9. use Doctrine\ORM\EntityManagerInterface;
  11. class VehicleVoter extends Voter
  12. {
  13.     const ACCESS= [ 
  14.         'vehicle_view_exit_permission'     => 'vehicle_view_exit_permission',
  15.         'vehicle_edit_tech_info'           => 'vehicle_edit_tech_info',
  16.         'other_missing_parts'              => 'other_missing_parts',
  17.         'vehicle_sale_tax_fields'          => 'vehicle_sale_tax_fields'
  18.         ];
  20.     /**
  21.      * @var AccessDecisionManager|null
  22.      */
  23.     protected $decisionManager;
  25.     /**
  26.      * @var EntityManager|null
  27.      */
  28.     protected $entityManager;
  32.     /**
  33.      * DelegateVoter constructor.
  34.      * @param AccessDecisionManager|null $decisionManager
  35.      * @param EntityManager|null $entityManager
  36.      */
  37.     public function __construct(AccessDecisionManagerInterface $decisionManagerEntityManagerInterface $entityManager)
  38.     {
  39.         $this->decisionManager $decisionManager;
  40.         $this->entityManager $entityManager;
  41.     }
  43.     /**
  44.      * determines if your voter should vote on the attribute/subject combination. If you return true, 
  45.      * voteOnAttribute() will be called. Otherwise, your voter is done: some other voter should process this
  46.      */
  47.     protected function supports($attribute$subject)
  48.     {
  49.         // if the attribute isn't one we support, return false
  50.         if (!in_array($attributeself::ACCESS)) {
  51.             return false;
  52.         }
  54.         // only vote on Vehicles objects inside this voter
  55.         if ($subject && !$subject instanceof Vehicles) {
  56.             return false;
  57.         }
  58.         return true;
  59.     }
  61.     /**
  62.      * If you return true from supports(), then this method is called. Your job is simple: return true to allow access 
  63.      * and false to deny access
  64.      */
  65.     protected function voteOnAttribute($attribute$vehicleTokenInterface $token)
  66.     {
  67.         $loggedinUser $token->getUser();
  68.         $em $this->entityManager;
  69.         $vehiclesRepo $em->getRepository(Vehicles::class);
  71.         if (!$loggedinUser instanceof Users) {
  72.             return false// the user must be logged in; if not, deny access
  73.         }
  75.         // ROLE_SUPER_ADMIN can do anything! The power! Calling decide() on the AccessDecisionManager is essentially the same
  76.         // as calling isGranted() from a controller or other places (it's just a little lower-level, which is necessary for a voter).
  77.         if ($this->decisionManager->decide($token, ['ROLE_SUPER_ADMIN'])) {
  78.             return true;
  79.         }
  81.         switch ($attribute) {
  82.             case self::ACCESS['vehicle_view_exit_permission']:
  83.                 return $this->decisionManager->decide($token, ['ROLE_ADMIN']) && $vehiclesRepo->isVehicleAllowedForDelivering($vehicle);
  84.             case self::ACCESS['vehicle_edit_tech_info']:
  85.                 return $this->decisionManager->decide($token, ['ROLE_VEHICLES_TECHNICIAN']); //only vehicles' technician can edit
  86.             case self::ACCESS['other_missing_parts']:
  87.                 return $this->decisionManager->decide($token, ['ROLE_VEHICLES_TECHNICIAN']); //only vehicles' technician can edit
  88.             case self::ACCESS['vehicle_sale_tax_fields']:
  89.                 return $this->decisionManager->decide($token, ['ROLE_ACCOUNT_MANAGER']);
  90.         }
  92.         throw new \LogicException('This code should not be reached!');
  93.     }
  95. }