<?php
namespace DW\GingerBundle\Security;
use DW\GingerBundle\Entity\AttributeInterface;
use DW\GingerBundle\Entity\User;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
class AttributeVoter extends Voter
{
const VIEW = 'view';
const EDIT = 'edit';
const CREATE = 'create';
const DELETE = 'delete';
private $decisionManager;
public function __construct(AccessDecisionManagerInterface $decisionManager)
{
$this->decisionManager = $decisionManager;
}
protected function supports($attribute, $subject): bool
{
// if the attribute isn't one we support, return false
if (!in_array($attribute, array(self::VIEW, self::EDIT, self::CREATE, self::DELETE))) {
return false;
}
// only vote on attribute objects inside this voter
if (!$subject instanceof AttributeInterface) {
return false;
}
return true;
}
protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
{
$user = $token->getUser();
if (!$user instanceof User) {
// the user must be logged in; if not, deny access
return false;
}
switch ($attribute) {
case self::VIEW:
return $this->canView($subject, $token);
case self::EDIT:
return $this->canEdit($subject, $token);
case self::CREATE:
return $this->canCreate($subject, $token);
case self::DELETE:
return $this->canDelete($subject, $token);
}
throw new \LogicException('This code should not be reached!');
}
private function canCreate(AttributeInterface $attribute, TokenInterface $token): bool
{
if ($this->decisionManager->decide($token, ['ROLE_GINGER_ATTRIBUTE_CREATE'])) {
return true;
}
return false;
}
private function canView(AttributeInterface $attribute, TokenInterface $token): bool
{
if ($this->decisionManager->decide($token, ['ROLE_GINGER_ATTRIBUTE_LIST'])) {
return true;
}
return false;
}
private function canEdit(AttributeInterface $attribute, TokenInterface $token): bool
{
if ($this->decisionManager->decide($token, ['ROLE_GINGER_ATTRIBUTE_EDIT'])) {
return true;
}
return false;
}
private function canDelete(AttributeInterface $attribute, TokenInterface $token): bool
{
if ($this->decisionManager->decide($token, ['ROLE_GINGER_ATTRIBUTE_DELETE'])) {
return true;
}
return false;
}
}