src/Security/Voter/LearningAgreementVoter.php line 13

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter;
  5. use App\Entity\LearningAgreement;
  6. use App\Entity\User;
  7. use App\HeiAdministration\StaffDirectory;
  8. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  9. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  10. use Symfony\Component\Security\Core\Security;
  11. use Symfony\Component\Security\Core\User\UserInterface;
  13. class LearningAgreementVoter extends Voter
  14. {
  15.     public const VIEW 'LA_VIEW';
  16.     public const ADMIN 'LA_ADMIN';
  17.     public const SENDING_ACCEPT 'LA_SENDING_ACCEPT';
  18.     public const SENDING_REJECT 'LA_SENDING_REJECT';
  19.     public const RECEIVING_ACCEPT 'LA_RECEIVING_ACCEPT';
  20.     public const RECEIVING_REJECT 'LA_RECEIVING_REJECT';
  21.     public const STUDENT_SUBMIT 'LA_STUDENT_SUBMIT';
  23.     private Security $security;
  24.     private StaffDirectory $staffDirectory;
  26.     public function __construct(
  27.         Security $security,
  28.         StaffDirectory $staffDirectory,
  29.     ) {
  30.         $this->security $security;
  31.         $this->staffDirectory $staffDirectory;
  32.     }
  34.     protected function supports(string $attributemixed $subject): bool
  35.     {
  36.         return in_array($attribute, [
  37.                 self::VIEW,
  38.                 self::ADMIN,
  39.                 self::SENDING_ACCEPT,
  40.                 self::SENDING_REJECT,
  41.                 self::RECEIVING_ACCEPT,
  42.                 self::RECEIVING_REJECT,
  43.                 self::STUDENT_SUBMIT,
  44.             ])
  45.             && $subject instanceof LearningAgreement
  46.         ;
  47.     }
  49.     protected function voteOnAttribute(string $attributemixed $subjectTokenInterface $token): bool
  50.     {
  51.         /**
  52.          * @var User $user
  53.          */
  54.         $user $token->getUser();
  55.         // if the user is anonymous, do not grant access
  56.         if (!$user instanceof UserInterface) {
  57.             return false;
  58.         }
  60.         if ($this->security->isGranted('ROLE_SUPER_ADMIN')) {
  61.             return true;
  62.         }
  64.         $student $user->getStudent();
  66.         $isCorrectStudent null !== $student && $subject->getStudent() === $student;
  68.         switch ($attribute) {
  69.             case self::VIEW:
  70.                 return
  71.                     $this->staffDirectory->isStaffAtSendingHei($user$subject)
  72.                     || $this->staffDirectory->isStaffAtReceivingHei($user$subject)
  73.                     || (
  74.                         $isCorrectStudent
  75.                     );
  76.             case self::ADMIN:
  77.             case self::STUDENT_SUBMIT:
  78.                 return $isCorrectStudent;
  79.             case self::SENDING_ACCEPT:
  80.             case self::SENDING_REJECT:
  81.                 return $this->staffDirectory->isStaffAtSendingHei($user$subject);
  82.             case self::RECEIVING_ACCEPT:
  83.             case self::RECEIVING_REJECT:
  84.                 return $this->staffDirectory->isStaffAtReceivingHei($user$subject);
  85.         }
  87.         return false;
  88.     }
  89. }