<?php
declare(strict_types=1);
namespace App\Security\Voter;
use App\Entity\Machine;
use App\Entity\User;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
class MachineVoter extends Voter
{
public const VIEW = 'view';
public const EDIT = 'edit';
public const DELETE = 'delete';
public const ACTIVATE = 'activate';
public const INDIVIDUAL_PARAMETERS = 'individual-parameters';
public const UPLOAD_FILES = 'upload-files';
public const SHOW_FILES = 'show-files';
/**
* @param string $attribute
* @param mixed $subject
*
* @return bool
*/
protected function supports($attribute, $subject): bool
{
$supports = true;
if (!\in_array($attribute, [
self::VIEW,
self::EDIT,
self::DELETE,
self::ACTIVATE,
self::INDIVIDUAL_PARAMETERS,
self::UPLOAD_FILES,
self::SHOW_FILES
], true)) {
$supports = false;
}
if (!$subject instanceof Machine) {
$supports = false;
}
return $supports;
}
/**
* @param string $attribute
* @param mixed $subject
* @param TokenInterface $token
*
* @return bool
*/
protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
{
$user = $token->getUser();
$hasVotePassed = false;
if (!$user instanceof User) {
return $hasVotePassed;
}
/** @var Machine $machine */
$machine = $subject;
switch ($attribute) {
case self::VIEW:
$hasVotePassed = true;
break;
case self::EDIT:
$hasVotePassed = $this->canEdit($machine, $user);
break;
case self::DELETE:
$hasVotePassed = $this->canDelete($machine, $user);
break;
case self::ACTIVATE:
$hasVotePassed = $this->canActivate($machine, $user);
break;
case self::INDIVIDUAL_PARAMETERS:
$hasVotePassed = $this->canIndividualParameters($machine, $user);
break;
case self::UPLOAD_FILES:
$hasVotePassed = $this->canUploadFiles($machine, $user);
break;
case self::SHOW_FILES:
$hasVotePassed = $this->canShowFiles($machine, $user);
break;
}
return $hasVotePassed;
}
/**
* @param Machine $machine
* @param User $user
*
* @return bool
*/
private function canEdit(Machine $machine, User $user): bool
{
return $machine->isInUserOrganization($user);
}
/**
* @param Machine $machine
* @param User $user
*
* @return bool
*/
private function canDelete(Machine $machine, User $user): bool
{
return $machine->isInUserOrganization($user) && $machine->isDeletable();
}
/**
* @param Machine $machine
* @param User $user
*
* @return bool
*/
private function canActivate(Machine $machine, User $user): bool
{
return $machine->isInUserOrganization($user) && $machine->isActivable();
}
/**
* @param Machine $machine
* @param User $user
*
* @return bool
*/
private function canIndividualParameters(Machine $machine, User $user): bool
{
return $machine->isInUserOrganization($user) && $user->isRegularUser();
}
/**
* @param Machine $machine
* @param User $user
*
* @return bool
*/
private function canUploadFiles(Machine $machine, User $user): bool
{
return ($machine->isInUserOrganization($user) || $machine->isSystemMachine()) && $machine->isActive();
}
/**
* @param Machine $machine
* @param User $user
*
* @return bool
*/
private function canShowFiles(Machine $machine, User $user): bool
{
return $machine->isInUserOrganization($user) || $machine->isSystemMachine();
}
}