src/Security/Voter/CompanyVoter.php line 12

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter;
  5. use App\Entity\Company;
  6. use App\Entity\User;
  7. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  8. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  9. use Symfony\Component\Security\Core\Security;
  10. use Symfony\Component\Security\Core\User\UserInterface;
  12. class CompanyVoter extends Voter
  13. {
  14.     public const USER_EDIT 'USER_EDIT';
  15.     public const USER_DELETE 'USER_DELETE';
  16.     public const COMPANY_SHOW 'COMPANY_SHOW';
  20.     private $security;
  22.     public function __construct(Security $security)
  23.     {
  24.         $this->security $security;
  25.     }
  27.     protected function supports(string $attribute$subject): bool
  28.     {
  29.         return in_array($attribute, [self::USER_DELETEself::USER_EDIT,self::COMPANY_SHOW])
  30.             && ( $subject instanceof User || $subject instanceof Company);
  31.     }
  33.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  34.     {
  35.         //utilisateur connecté
  36.         $user $token->getUser();
  37.         // if the user is anonymous, do not grant access
  38.         if (!$user instanceof UserInterface) {
  39.             return false;
  40.         }
  43.         switch ($attribute) {
  44.             case self::USER_EDIT:
  45.                 return $this->canUserEdit($subject$user);
  46.             case self::USER_DELETE:
  47.                 return $this->canUserDelete($subject$user);
  48.             case self::COMPANY_SHOW:
  49.                 return $this->canCompanyShow$subject$user);
  50.         }
  52.         return false;
  53.     }
  55.     private function canUserEdit(User $userTargetUserInterface $user): bool
  56.     {
  58.         if($this->security->isGranted('ROLE_ADMIN')){
  59.             return true;
  60.         }
  62.         if($this->security->isGranted('ROLE_RH')){
  64.             if($userTarget->getCompany() === $user->getCompany()){
  65.                 return true;
  66.             }
  68.         }
  70.         return false;
  72.     }
  74.     private function canUserDelete(User $userTargetUserInterface $user): bool
  75.     {
  77.         if($this->security->isGranted('ROLE_ADMIN')){
  78.             return true;
  79.         }
  81.         if($this->security->isGranted('ROLE_RH')){
  83.             if($userTarget->getCompany() === $user->getCompany()){
  84.                 return true;
  85.             }
  87.         }
  89.         return false;
  90.     }
  92.     private function canCompanyShow(Company $companyUserInterface $user): bool
  93.     {
  95.         if($this->security->isGranted('ROLE_ADMIN')){
  96.             return true;
  97.         }
  99.         if($this->security->isGranted('ROLE_RH')){
  101.             if($company === $user->getCompany()){
  102.                 return true;
  103.             }
  105.         }
  107.         return false;
  108.     }
  109. }