<?php
namespace App\Security;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\HttpFoundation\Request;
use App\Entity\User;
class UserAnnotationVoter extends Voter
{
const EDIT = 'edit';
const CONFIGURATION = 'configuration';
/**
* @var AccessDecisionManagerInterface
*/
private $decisionManager;
public function __construct(AccessDecisionManagerInterface $decisionManager)
{
$this->decisionManager = $decisionManager;
}
protected function supports($attribute, $subject): bool
{
if (!in_array($attribute, array(self::EDIT, self::CONFIGURATION))) {
return false;
}
if (!$subject[0] instanceof User) {
return false;
}
if (!$subject[1] instanceof Request) {
return false;
}
return true;
}
protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
{
$user = $token->getUser();
$actualUser = $subject[0];
$actualAgencyId = $subject[1]->getSession()->get('agencyId');
if(!$user instanceof UserInterface){
return false;
}
switch($attribute){
case self::EDIT:
if($actualUser->canEditAgency($actualAgencyId))
return true;
break;
case self::CONFIGURATION:
if($actualUser->canConfigureAgency($actualAgencyId))
return true;
break;
}
return false;
}
}