src/Security/Voter/RequestBaseVoter.php line 15

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter;
  5. use App\Entity\RequestBase;
  6. use App\Entity\RequestBaseProposals;
  7. use App\Entity\User;
  8. use App\Enum\RequestsNotificationsEnum;
  9. use App\Enum\UserEnum;
  10. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  11. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  12. use Symfony\Component\Security\Core\Security;
  13. use Symfony\Component\Security\Core\User\UserInterface;
  15. class RequestBaseVoter extends Voter
  16. {
  17.     public const READ "READ";
  18.     public const DELETE "DELETE";
  20.     /**
  21.      * @var Security
  22.      */
  23.     private $security;
  26.     public function __construct(Security $security)
  27.     {
  28.         $this->security $security;
  29.     }
  31.     protected function supports($attribute$subject)
  32.     {
  33.         $attributesSupported = [
  34.             self::READ,
  35.             self::DELETE
  36.         ];
  38.         if (!in_array($attribute$attributesSupported)) {
  39.             return false;
  40.         }
  42.         if (!$subject instanceof RequestBase) {
  43.             return false;
  44.         }
  46.         return true;
  47.     }
  49.     protected function voteOnAttribute($attribute$subjectTokenInterface $token)
  50.     {
  51.         /** @var User $user */
  52.         $user $token->getUser();
  55.         if (!$user instanceof UserInterface) {
  56.             return false;
  57.         }
  59.         if ($this->security->isGranted(UserEnum::SUPER_ADMIN)) {
  60.             return true;
  61.         }
  63.         switch ($attribute) {
  64.             case self::READ:
  65.                 return $this->canRead($user$subject);
  66.                 break;
  67.             case self::DELETE:
  68.                 return $this->canDelete($user$subject);
  69.                 break;
  70.         }
  72.         return false;
  73.     }
  76.     private function canRead(User $currentUserRequestBase $subject): bool
  77.     {
  78.         
  79.         $requestIsWaitProposal $subject->getStatus() === RequestsNotificationsEnum::REQUEST_WAITING_PROPOSAL;
  80.         $requestIsInProgress $subject->getStatus() === RequestsNotificationsEnum::REQUEST_IN_PROGRESS;
  81.         $requestIsClosed $subject->getStatus() === RequestsNotificationsEnum::REQUEST_CLOSED;
  82.         $requestIsRefused $subject->getStatus() === RequestsNotificationsEnum::REQUEST_REFUSED;
  84.         if ($currentUser->isTeacher()) {
  86.             if ($requestIsWaitProposal) {
  87.                 /** @var RequestBaseProposals[] $teacherProposalEntity */
  88.                 $teacherProposalEntities $subject->getRequestBaseProposals()->filter(function (RequestBaseProposals $requestProposal) use ($currentUser) {
  89.                     return $requestProposal->getCorrector()->getId() === $currentUser->getId();
  90.                 });
  91.                 $teacherProposalEntity $teacherProposalEntities->isEmpty() ? null $teacherProposalEntities->first();
  93.                 if ($teacherProposalEntity && $teacherProposalEntity->getStatus() !== RequestBaseProposals::STATUS_REFUSE) {
  94.                    return true;
  95.                 }
  97.                 return false;
  98.             }
  100.             if(!$subject->getTeacher()) {
  101.                 return false;
  102.             }
  103.             else {
  104.                 return ($requestIsInProgress || $requestIsClosed || $requestIsRefused) && $currentUser->getId() === $subject->getTeacher()->getId();
  105.             }
  106.         }
  108.         if ($currentUser->isStudent()) {
  109.             return $currentUser->getId() === $subject->getStudent()->getId();
  110.         }
  112.         return false;
  113.     }
  115.     private function canDelete(User $currentUserRequestBase $subject): bool
  116.     {
  117.         return $currentUser->getId() === $subject->getStudent()->getId();
  118.     }
  121. }