src/Security/Voter/DemandFileVoter.php line 12

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter;
  5. use App\Entity\CompanyDemand;
  6. use App\Entity\Demand;
  7. use App\Entity\DemandFile;
  8. use App\Entity\User;
  9. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  10. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  12. class DemandFileVoter extends Voter
  13. {
  14.     protected function supports(string $attribute$subject): bool
  15.     {
  16.         // replace with your own logic
  17.         // https://symfony.com/doc/current/security/voters.html
  18.         return in_array($attribute, ['DEMAND_FILE_REMOVE'], true)
  19.             && $subject instanceof DemandFile;
  20.     }
  22.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  23.     {
  24.         $user $token->getUser();
  26.         // if the user is anonymous, do not grant access
  27.         if (!$user instanceof User) {
  28.             return false;
  29.         }
  31.         /** @var DemandFile $demandFile */
  32.         $demandFile $subject;
  33.         $demand $demandFile
  34.             ->getDemand()
  35.         ;
  37.         /** @var CompanyDemand|null
  38.          * $companyDemandSelected
  39.          */
  40.         $companyDemandSelected $demand->getCompanyDemands()->filter(function (CompanyDemand $companyDemand): bool {
  41.             return $companyDemand->getSelected() === true;
  42.         })->first();
  44.         /** @var CompanyDemand $companyAssigned */
  45.         $companyAssigned $demand->getCompanyDemands()->filter(function (CompanyDemand $companyDemand) use ($user): bool {
  46.             return $companyDemand->getCompany() === $user->getCompanies()->first();
  47.         })->first();
  49.         // ... (check conditions and return true to grant permission) ...
  50.         switch ($attribute) {
  51.             case 'DEMAND_FILE_REMOVE':
  52.                 // logic to determine if the user can VIEW
  53.                 // return true or false
  55.                 if ($demand->getUser() === $user) {
  56.                     if (
  57.                         $demand->getStatus() <= Demand::IN_PENDING_STATUS ||
  58.                         $demand->getStatus() === Demand::ON_GOING_STATUS ||
  59.                         $demand->getStatus() === Demand::COMPANY_POSTED_FEEDBACK_STATUS ||
  60.                         $demand->getStatus() === Demand::COMPLETE_STATUS
  61.                     ) {
  62.                         return true;
  63.                     }
  64.                 }
  66.                 if (in_array('ROLE_ADMIN'$user->getRoles(), true)) {
  67.                     return true;
  68.                 }
  70.                 if ($companyAssigned->getCompany()->getUser() === $user) {
  71.                     if (
  72.                         $demand->getStatus() === Demand::INTERVENTION_CONFIRMATION_STATUS ||
  73.                         $demand->getStatus() === Demand::SELECTED_COMPANY_STATUS
  74.                     ) {
  75.                         return true;
  76.                     }
  77.                 }
  79.                 if ($companyDemandSelected?->getCompany()?->getUser() === $user) {
  80.                     if (
  81.                         $demand->getStatus() === Demand::ON_GOING_STATUS ||
  82.                         $demand->getStatus() === Demand::INTERVENTION_CONFIRMATION_STATUS ||
  83.                         $demand->getStatus() === Demand::SELECTED_COMPANY_STATUS ||
  84.                         $demand->getStatus() === Demand::USER_POSTED_FEEDBACK_STATUS ||
  85.                         $demand->getStatus() === Demand::COMPLETE_STATUS
  86.                     ) {
  87.                         return true;
  88.                     }
  89.                 }
  91.                 return false;
  92.         }
  94.         return false;
  95.     }
  96. }