<?php/* * Author: Dominik Piekarski <code@dompie.de> * Created at: 2021/08/11 14:49 */declare(strict_types=1);namespace App\Security\Voter\Media;use App\Entity\Member;use App\Entity\MemberMedia;use App\Security\ApiUser;use App\Service\Content\MemberContentService;use App\Service\Media\MemberMediaService;use App\Service\User\MemberOperatorService;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;class MemberMediaVoter extends Voter{ public const PERMISSION_DELETE = 'delete'; public const PERMISSION_CREATE = 'create'; protected MemberContentService $memberContentService; public function __construct(MemberMediaService $service) { $this->memberMediaService = $service; } protected function supports(string $attribute, $subject): bool { if (!$subject instanceof MemberMedia) { return false; } return in_array($attribute, [ self::PERMISSION_DELETE, self::PERMISSION_CREATE, ], true); } protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool { /** * @var $user ApiUser * @var $subject MemberMedia */ $user = $token->getUser(); if (!$user instanceof ApiUser) { return false; } if ($user->getIsAdmin()) { return true; } switch ($attribute) { case self::PERMISSION_DELETE: return $subject->getMember()->getId() === $user->getMember()->getId(); case self::PERMISSION_CREATE: return $this->isSameOrOperatedBy($subject->getMember(), $user); default: return false; } } protected function isSameOrOperatedBy(Member $amateur, ApiUser $user): bool { if ($user->getMember()->getId() === $amateur->getId()) { return true; } if ($user->getIsOperator()) { return MemberOperatorService::isMemberOperatedByUser($amateur, $user); } return false; }}