src/Security/Voter/UserGroup/UserGroupVoter.php line 12

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter\UserGroup;
  5. use App\Dictionary\UserGroupJoinMode;
  6. use App\Entity\UserGroup;
  7. use App\Security\ApiUser;
  8. use App\Service\UserGroups\GroupMemberService;
  9. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  10. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  12. class UserGroupVoter extends Voter
  13. {
  14.     public const PERMISSION_THREAD_LIST 'thread_list';
  15.     public const PERMISSION_THREAD_CREATE 'thread_create';
  16.     public const PERMISSION_THREAD_READ 'thread_read';
  17.     public const PERMISSION_POST_CREATE 'post_create';
  18.     public const PERMISSION_POST_DELETE 'post_delete';
  19.     public const PERMISSION_MODERATOR 'moderator';
  21.     protected GroupMemberService $groupMemberService;
  23.     /**
  24.      * GroupVoter constructor.
  25.      */
  26.     public function __construct(GroupMemberService $groupMemberService)
  27.     {
  28.         $this->groupMemberService $groupMemberService;
  29.     }
  31.     protected function supports(string $attribute$subject): bool
  32.     {
  33.         if (!$subject instanceof UserGroup) {
  34.             return false;
  35.         }
  37.         return in_array($attribute, [
  38.             self::PERMISSION_THREAD_CREATE,
  39.             self::PERMISSION_THREAD_READ,
  40.             self::PERMISSION_THREAD_LIST,
  41.             self::PERMISSION_MODERATOR,
  42.             self::PERMISSION_POST_CREATE,
  43.         ], true);
  44.     }
  46.     /**
  47.      * @param UserGroup $subject
  48.      */
  49.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  50.     {
  51.         $user $token->getUser();
  53.         // admin should be able to do anything
  54.         if ($user instanceof ApiUser && $user->getIsAdmin()) {
  55.             return true;
  56.         }
  58.         switch ($attribute) {
  59.             case self::PERMISSION_THREAD_LIST:
  60.             case self::PERMISSION_THREAD_READ:
  61.                 if (UserGroupJoinMode::PUBLIC === $subject->getJoinMode()) {
  62.                     return true;
  63.                 }
  64.                 if (!$user instanceof ApiUser) {
  65.                     return false;
  66.                 }
  68.                 return null !== $this->groupMemberService->getGroupMember($subject$user->getMember());
  69.             case self::PERMISSION_POST_CREATE:
  70.             case self::PERMISSION_THREAD_CREATE:
  71.                 if (!$user instanceof ApiUser) {
  72.                     return false;
  73.                 }
  75.                 return null !== $this->groupMemberService->getGroupMember($subject$user->getMember());
  76.             case self::PERMISSION_MODERATOR:
  77.             case self::PERMISSION_POST_DELETE:
  78.                 if (!$user instanceof ApiUser) {
  79.                     return false;
  80.                 }
  82.                 return $this->groupMemberService->isModeratorForUserGroup($user->getMember(), $subject);
  83.         }
  85.         return false;
  86.     }
  87. }