<?php
namespace App\Security\EntityVoters;
use ApiPlatform\Core\Api\IriConverterInterface;
use App\Entity\PlacementPageSetup;
use Exception;
use Symfony\Component\HttpFoundation\RequestStack;
use Symfony\Component\Routing\RouterInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\Security;
use ApiPlatform\Core\Bridge\Doctrine\Orm\Paginator;
class PlacementPageSetupVoter extends EntityVoter
{
protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
{
$user = $token->getUser();
if ($user && $user->getRole()->getName() === 'ROLE_SUPER_ADMIN')
return true;
switch ($attribute)
{
case 'GET_COLLECTION':
return true;
case 'GET':
if (!$user)
return true;
return $this->checkUserPermissions($user, $subject);
case 'PATCH':
case 'DELETE':
case 'PUT':
return $this->checkUserPermissions($user, $subject);
case 'POST':
if (!$user)
return false;
return true;
case 'POST_DENORMALIZE':
return $this->isAllowedPost($user, $subject);
}
return false;
}
private function checkUserPermissions($user, PlacementPageSetup $subject): bool {
if (!$user)
return false;
if ($subject->getIsDefault())
return false;
if ($subject->isUserHasAccess($user))
return true;
return false;
}
private function isAllowedPost($user, PlacementPageSetup $subject): bool {
if (!$user)
return false;
if ($subject->getPlacementType()->isUserHasAccess($user))
return true;
return false;
}
protected function getVoteEntityClass(): string
{
return PlacementPageSetup::class;
}
}