src/Security/Authorization/Voter/EmployeeVoter.php line 8

Open in your IDE?
  1. <?php
  3. namespace App\Security\Authorization\Voter;
  5. use App\Entity\UserGroupModule;
  6. use Doctrine\ORM\EntityManagerInterface;
  8. class EmployeeVoter implements \Symfony\Component\Security\Core\Authorization\Voter\VoterInterface
  9. {
  10.     /**
  11.      *
  12.      * @var \Doctrine\ORM\EntityManager
  13.      */
  14.     protected $em;
  16.     const EDIT 'edit';
  18.     public function __construct(EntityManagerInterface $em)
  19.     {
  20.         $this->em $em;
  21.     }
  23.     public function supportsAttribute($attribute)
  24.     {
  25.         return in_array($attribute, array(
  26.             self::EDIT,
  27.         ));
  28.     }
  30.     public function supportsClass($class)
  31.     {
  32.         $supportedClass 'FOS\UserBundle\Model\User';
  34.         return is_object($class) && ($supportedClass === get_class($class) || is_subclass_of($class$supportedClass));
  35.     }
  37.     public function vote(\Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token$userToEdit, array $attributes)
  38.     {
  39.         // check if class of this object is supported by this voter
  40.         if (!$this->supportsClass($userToEdit))
  41.         {
  42.             return \Symfony\Component\Security\Core\Authorization\Voter\VoterInterface::ACCESS_ABSTAIN;
  43.         }
  45.         // check if the voter is used correct, only allow one attribute
  46.         // this isn't a requirement, it's just one easy way for you to
  47.         // design your voter
  48.         if (!== count($attributes))
  49.         {
  50.             throw new \InvalidArgumentException('Only one attribute is allowed for EDIT');
  51.         }
  53.         // set the attribute to check against
  54.         $attribute $attributes[0];
  56.         // check if the given attribute is covered by this voter
  57.         if (!$this->supportsAttribute($attribute))
  58.         {
  59.             return \Symfony\Component\Security\Core\Authorization\Voter\VoterInterface::ACCESS_ABSTAIN;
  60.         }
  62.         // get current logged in user
  63.         $user $token->getUser();
  65.         // make sure there is a user object (i.e. that the user is logged in)
  66.         if (!$user instanceof \Symfony\Component\Security\Core\User\UserInterface)
  67.         {
  68.             return \Symfony\Component\Security\Core\Authorization\Voter\VoterInterface::ACCESS_DENIED;
  69.         }
  71.         /** @var $groupModule UserGroupModule */
  72.         $groupModule $user->getUserGroup() ? $user->getUserGroup()->getGroupModuleByName('employees') : null;
  74.         if (!$groupModule)
  75.         {
  76.             return \Symfony\Component\Security\Core\Authorization\Voter\VoterInterface::ACCESS_ABSTAIN;
  77.         }
  79.         switch ($attribute)
  80.         {
  81.             case self::EDIT:
  82.                 // the data object could have for example a method isPrivate()
  83.                 // which checks the Boolean attribute $private
  84.                 if ($groupModule->getEditm() === 0)
  85.                 {
  86.                     return \Symfony\Component\Security\Core\Authorization\Voter\VoterInterface::ACCESS_DENIED;
  87.                 }
  88.                 elseif ($groupModule->getEditm() === && ($user->getId() === $userToEdit->getId() || ($userToEdit->getCreatedBy() && $user->getId() == $userToEdit->getCreatedBy()->getId())))
  89.                 {
  90.                     return \Symfony\Component\Security\Core\Authorization\Voter\VoterInterface::ACCESS_GRANTED;
  91.                 }
  92.                 elseif ($groupModule->getEditm() === 2)
  93.                 {
  94.                     return \Symfony\Component\Security\Core\Authorization\Voter\VoterInterface::ACCESS_GRANTED;
  95.                 }
  97.                 break;
  98.         }
  100.         return \Symfony\Component\Security\Core\Authorization\Voter\VoterInterface::ACCESS_DENIED;
  101.     }
  103. }