src/Security/ContactVoter.php line 10

Open in your IDE?
  1. <?php
  2. // src/Security/PostVoter.php
  3. namespace App\Security;
  5. use App\Entity\Contact;
  6. use App\Entity\User;
  7. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  8. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  10. class ContactVoter extends Voter
  11. {
  12. // these strings are just invented: you can use anything
  13. const VIEW = 'view';
  14. const EDIT = 'edit';
  16. protected function supports(string $attribute, $subject): bool
  17. {
  18. // if the attribute isn't one we support, return false
  19. if (!in_array($attribute, [self::VIEW, self::EDIT])) {
  20. return false;
  21. }
  23. // only vote on `Post` objects
  24. if (!$subject instanceof Contact) {
  25. return false;
  26. }
  28. return true;
  29. }
  31. protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
  32. {
  33. $user = $token->getUser();
  35. if (!$user instanceof User) {
  36. // the user must be logged in; if not, deny access
  37. return false;
  38. }
  40. // you know $subject is a Post object, thanks to `supports()`
  41. /** @var Post $post */
  42. $contact = $subject;
  44. switch ($attribute) {
  45. case self::VIEW:
  46. return $this->canView($contact, $user);
  47. case self::EDIT:
  48. return $this->canEdit($contact, $user);
  49. }
  51. throw new \LogicException('This code should not be reached!');
  52. }
  54. private function canView(Contact $contact, User $user): bool
  55. {
  56. // if they can edit, they can view
  57. if ($this->canEdit($contact, $user)) {
  58. return true;
  59. }
  61. return ($contact == $user->getContact() || $contact->getParent() == $user->getContact());
  62. }
  64. private function canEdit(Contact $contact, User $user): bool
  65. {
  66. // this assumes that the Post object has a `getOwner()` method
  67. return ($contact == $user->getContact() || $contact->getParent() == $user->getContact());
  68. }
  69. }