<?php
namespace App\Security\EntityVoters;
use ApiPlatform\Core\Validator\ValidatorInterface;
use App\Entity\User;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\Security;
class DefaultVoter extends Voter
{
const ENTITY_PATH = '\\App\\Entity\\';
protected string $entityClassName;
protected Security $security;
protected ValidatorInterface $validator;
protected ?User $user;
public function __construct(
Security $security,
ValidatorInterface $validator
)
{
$this->security = $security;
$this->validator = $validator;
$this->user = $this->security->getUser();
}
protected function supports($attribute, $subject): bool
{
return in_array($attribute, [
'DEFAULT_GET',
'DEFAULT_PATCH',
'DEFAULT_PUT',
'DEFAULT_GET_COLLECTION',
'DEFAULT_POST',
'DEFAULT_POST_DENORMALIZE',
'DEFAULT_DELETE'
]);
}
protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
{
$user = $this->security->getUser();
if ($user && $user->getRole()->getName() === 'ROLE_SUPER_ADMIN')
return true;
switch ($attribute)
{
case 'DEFAULT_GET_COLLECTION':
return true;
case 'DEFAULT_GET':
if (!$user)
return true;
return $this->checkUserPermissions($user, $subject);
case 'DEFAULT_PUT':
if (!$user)
return false;
return $this->checkUserPermissions($user, $subject);
case 'DEFAULT_PATCH':
if (!$user)
return false;
return $this->checkUserPermissions($user, $subject);
case 'DEFAULT_DELETE':
if (!$user)
return false;
return $this->checkUserPermissionsForDelete($user, $subject);
case 'DEFAULT_POST':
if ($user)
return true;
}
return false;
}
private function checkUserPermissions(User $user, $subject): bool {
if (method_exists($subject, 'getUsers')) {
foreach ($subject->getUsers() as $subjectUser)
if ($subjectUser->getId() === $user->getId())
return true;
return false;
} else if (method_exists($subject, 'getComplex')) {
$complex = $subject->getComplex();
foreach ($complex->getUsers() as $subjectUser)
if ($subjectUser->getId() === $user->getId())
return true;
return false;
} else {
return true;
}
}
private function checkUserPermissionsForDelete(User $user, $subject): bool {
if (method_exists($subject, 'getUsers')) {
foreach ($subject->getUsers() as $subjectUser)
if ($subjectUser->getId() === $user->getId())
return true;
return false;
} else if (method_exists($subject, 'getComplex')) {
$complex = $subject->getComplex();
foreach ($complex->getUsers() as $subjectUser)
if ($subjectUser->getId() === $user->getId())
return true;
return false;
} else {
return false;
}
}
}