<?php
namespace App\Security\Voter;
use App\Entity\Scan;
use App\Entity\User;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\Security;
/**
* Class ScanVoter
*/
class ScanVoter extends Voter
{
const VIEW = 'view';
const EDIT = 'edit';
/**
* @var Security
*/
private $security;
/**
* OfferVoter constructor.
* @param Security $security
*/
public function __construct(Security $security)
{
$this->security = $security;
}
/**
* @param string $attribute
* @param mixed $subject
* @return bool
*/
protected function supports($attribute, $subject): bool
{
// if the attribute isn't one we support, return false
if (!in_array($attribute, [self::VIEW, self::EDIT])) {
return false;
}
if (!$subject instanceof Scan) {
return false;
}
return true;
}
protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
{
$user = $token->getUser();
$granted = false;
if ($user instanceof User) {
/** @var Scan $order */
$scan = $subject;
switch ($attribute) {
case self::VIEW:
$granted = $this->canView($scan, $user);
break;
case self::EDIT:
$granted = $this->canEdit($scan, $user);
break;
}
}
return $granted;
}
private function canView(Scan $scan, $user): bool
{
if ($this->security->isGranted('ROLE_ADMIN')) {
return true;
}
if ($this->canEdit($scan, $user)) {
return true;
}
return false;
}
private function canEdit(Scan $scan, User $user): bool
{
$owners = $scan->getProject()->getOwners();
/** @var User $owner */
foreach ($owners as $owner) {
if ($user->getId() === $owner->getId()) {
return true;
}
}
$members = $scan->getProject()->getMembers();
/** @var User $member */
foreach ($members as $member) {
if ($user->getId() === $member->getId()) {
return true;
}
}
return false;
}
}