<?php
namespace App\Security\Voter;
use App\Entity\User;
use App\Enum\UserEnum;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\Security;
use Symfony\Component\Security\Core\User\UserInterface;
class UserVoter extends Voter
{
public const READ = "READ";
public const EDIT = "EDIT";
public const DELETE = "DELETE";
/**
* @var Security
*/
private $security;
public function __construct(Security $security)
{
$this->security = $security;
}
protected function supports($attribute, $subject)
{
if (!in_array($attribute, [self::READ, self::EDIT, self::DELETE])) {
return false;
}
if (!$subject instanceof User) {
return false;
}
return true;
}
protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
{
/** @var User $user */
$user = $token->getUser();
if (!$user instanceof UserInterface) {
return false;
}
if ($this->security->isGranted(UserEnum::SUPER_ADMIN)) {
return true;
}
switch ($attribute) {
case self::READ:
return $this->canRead($user, $subject);
break;
case self::EDIT:
return $this->canEdit($user, $subject);
break;
case self::DELETE:
return $this->canDelete($user, $subject);
break;
}
return false;
}
private function canRead(User $currentUser, User $subject): bool
{
return $this->isOwnerSubject($currentUser, $subject);
}
private function canDelete(User $currentUser, User $subject): bool
{
return false;
}
private function canEdit(User $currentUser, User $subject): bool
{
return $this->isOwnerSubject($currentUser, $subject);
}
private function isOwnerSubject(User $currentUser, User $subject): bool
{
return $currentUser === $subject;
}
}