src/Security/Voter/PartnerApi/ScholarVoter.php line 14

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter\PartnerApi;
  5. use App\Entity\Channel\Channel;
  6. use App\Entity\Exercise\Exercise;
  7. use App\Entity\PartnerApi\PartnerApiUser;
  8. use App\Entity\Scholar\Chapter\Chapter;
  9. use App\Entity\Scholar\PracticalCase\PracticalCase;
  10. use App\Entity\Scholar\ScholarInterface;
  11. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  12. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  14. class ScholarVoter extends Voter
  15. {
  16.     public const LIST = 'SCHOLAR_LIST';
  17.     public const CREATE 'SCHOLAR_CREATE';
  18.     public const EDIT 'SCHOLAR_EDIT';
  19.     public const VIEW 'SCHOLAR_VIEW';
  21.     protected function supports(string $attribute$subject): bool
  22.     {
  23.         return match ($attribute) {
  24.             self::LIST, self::CREATE => $subject instanceof Channel,
  25.             self::EDITself::VIEW =>
  26.                 $subject instanceof ScholarInterface
  27.                 || $subject instanceof Chapter
  28.                 || $subject instanceof PracticalCase
  29.                 || $subject instanceof Exercise,
  30.             default => false,
  31.         };
  32.     }
  34.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  35.     {
  36.         $user $token->getUser();
  37.         // if the user is anonymous, do not grant access
  38.         if (!$user instanceof PartnerApiUser) {
  39.             return false;
  40.         }
  42.         // ... (check conditions and return true to grant permission) ...
  43.         return match ($attribute) {
  44.             self::LIST => $this->canList($user$subject),
  45.             self::CREATE => $this->canCreate($user$subject),
  46.             self::EDIT => $this->canEdit($user$subject),
  47.             self::VIEW => $this->canView($user$subject),
  48.             default => false,
  49.         };
  51.     }
  53.     private function canList(PartnerApiUser $userChannel $channel): bool
  54.     {
  55.         return $user->getChannels()->contains($channel);
  56.     }
  58.     private function canCreate(PartnerApiUser $userChannel $channel): bool
  59.     {
  60.         return $this->canList($user$channel);
  61.     }
  63.     private function canEdit(PartnerApiUser $userScholarInterface|Chapter|PracticalCase|Exercise $scholarObject): bool
  64.     {
  65.         $createdBy null;
  66.         if (method_exists($scholarObject'getCreatedBy')) {
  67.             $createdBy $scholarObject->getCreatedBy();
  68.         } elseif (method_exists($scholarObject'getLesson')) {
  69.             $createdBy $scholarObject->getLesson()->getCreatedBy();
  70.         }
  72.         return $this->canView($user$scholarObject)
  73.             && $createdBy === $user->getUser();
  74.     }
  76.     private function canView(PartnerApiUser $userScholarInterface|Chapter|PracticalCase|Exercise $scholarObject): bool
  77.     {
  78.         $channel null;
  79.         if (method_exists($scholarObject'getOwnerChannel')) {
  80.             $channel $scholarObject->getOwnerChannel();
  81.         } elseif (method_exists($scholarObject'getLesson')) {
  82.             $channel $scholarObject->getLesson()->getOwnerChannel();
  83.         }
  85.         return $this->canList($user$channel);
  86.     }
  87. }