<?php declare(strict_types=1);
namespace App\Security\Voter;
use App\Entity\Contractor;
use App\Entity\User;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
class ContractorVoter extends Voter
{
public const VIEW = 'view';
public const EDIT = 'edit';
public const ARCHIVE = 'archive';
public const DELETE = 'delete';
/**
* @param string $attribute
* @param mixed $subject
*
* @return bool
*/
protected function supports($attribute, $subject): bool
{
if (!in_array($attribute, [self::VIEW, self::EDIT, self::ARCHIVE, self::DELETE], true)) {
return false;
}
if (!$subject instanceof Contractor) {
return false;
}
return true;
}
/**
* @param string $attribute
* @param mixed $subject
* @param TokenInterface $token
*
* @return bool
*/
protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
{
$user = $token->getUser();
if (!$user instanceof User) {
return false;
}
/** @var Contractor $contractor */
$contractor = $subject;
$hasPrivilege = false;
switch ($attribute) {
case self::VIEW:
$hasPrivilege = $this->canView($contractor, $user);
break;
case self::EDIT:
$hasPrivilege = $this->canEdit($contractor, $user);
break;
case self::ARCHIVE:
$hasPrivilege = $this->canArchive($contractor, $user);
break;
case self::DELETE:
$hasPrivilege = $this->canDelete($contractor, $user);
break;
}
return $hasPrivilege;
}
/**
* @param Contractor $contractor
* @param User $user
*
* @return bool
*/
private function canView(Contractor $contractor, User $user): bool
{
return (!$user->isSystemUser()) && $user->getOrganization() && $contractor->isInUserOrganization($user);
}
/**
* @param Contractor $contractor
* @param User $user
*
* @return bool
*/
private function canEdit(Contractor $contractor, User $user): bool
{
return (!$user->isSystemUser()) && $user->getOrganization() && $contractor->isInUserOrganization($user);
}
/**
* @param Contractor $contractor
* @param User $user
*
* @return bool
*/
private function canArchive(Contractor $contractor, User $user): bool
{
return (!$user->isSystemUser()) && $user->getOrganization() && $contractor->isInUserOrganization($user);
}
/**
* @param Contractor $contractor
* @param User $user
*
* @return bool
*/
private function canDelete(Contractor $contractor, User $user): bool
{
return (!$user->isSystemUser()) && $user->getOrganization() && $contractor->isInUserOrganization($user);
}
}