src/Security/Voter/User/FriendshipVoter.php line 11

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter\User;
  5. use App\Entity\Friendship;
  6. use App\Security\ApiUser;
  7. use App\Service\User\MemberOperatorService;
  8. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  9. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  11. class FriendshipVoter extends Voter
  12. {
  13.     public const ACCEPT 'friendship_accept';
  14.     public const REQUEST 'friendship_request';
  15.     public const DECLINE 'friendship_decline';
  16.     public const DELETE 'friendship_delete';
  18.     protected function supports(string $attribute$subject): bool
  19.     {
  20.         if (!$subject instanceof Friendship) {
  21.             return false;
  22.         }
  24.         return in_array($attribute, [
  25.             self::ACCEPT,
  26.             self::REQUEST,
  27.             self::DECLINE,
  28.             self::DELETE,
  29.         ], true);
  30.     }
  32.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  33.     {
  34.         /**
  35.          * @var $user ApiUser
  36.          * @var $subject Friendship
  37.          */
  38.         $user $token->getUser();
  39.         $owner $subject->getOwnerMember();
  40.         $target $subject->getTargetMember();
  42.         if (self::REQUEST === $attribute) {
  43.             return $owner->getId() === $user->getMember()->getId();
  44.         }
  46.         if ($user->getIsOperator()) {
  47.             if ($owner->getId() === $user->getMember()->getId()) {
  48.                 return true;
  49.             }
  51.             return MemberOperatorService::isMemberOperatedByUser($owner$user);
  52.         }
  54.         // better than nothing
  55.         return in_array($user->getMember()->getId(), [
  56.             $owner->getId(),
  57.             $target->getId(),
  58.         ]);
  59.     }
  60. }