Symfony Profiler

<?php
namespace App\Security\Content;
use App\Entity\Content\Blog;
use \Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
class BlogVoter extends Voter
{
const VIEW = 'BLOG_VIEW';
const VIEW_ANY = 'BLOG_VIEW_ANY';
const CREATE = 'BLOG_CREATE';
const EDIT = 'BLOG_EDIT';
const EDIT_ANY = 'BLOG_EDIT_ANY';
const PRINT = 'BLOG_PRINT';
const DELETE = 'BLOG_DELETE';
/**
* @var AccessDecisionManagerInterface
*/
private $decisionManager;
/**
* UserVoter constructor.
*
* @param AccessDecisionManagerInterface $decisionManager
*/
public function __construct(AccessDecisionManagerInterface $decisionManager)
{
$this->decisionManager = $decisionManager;
}
/**
* @param string $attribute
* @param mixed $subject
*
* @return bool
*/
protected function supports($attribute, $subject): bool
{
// if the attribute isn't one we support, return false
if (!in_array($attribute, array(
self::VIEW,
self::VIEW_ANY,
self::CREATE,
self::EDIT,
self::EDIT_ANY,
self::PRINT,
self::DELETE,
), true)) {
return false;
}
// only vote on Property objects inside this voter
if ($subject && !$subject instanceof Blog) {
return false;
}
return true;
}
/**
* @param string $attribute
* @param mixed $subject
* @param TokenInterface $token
*
* @return bool
*/
protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
{
if ($this->decisionManager->decide($token, array('ROLE_SUPER_ADMIN'))) {
return true;
}
$user = $token->getUser();
if (!$user instanceof UserInterface) {
// the user must be logged in; if not, deny access
return false;
}
switch ($attribute) {
case self::VIEW_ANY:
return $this->canViewAny($user);
case self::VIEW:
return $this->canView($subject, $user);
case self::CREATE:
return $this->canCreate($user);
case self::EDIT:
return $this->canEdit($subject, $user);
case self::EDIT_ANY:
return $this->canEditAny($subject, $user);
case self::DELETE:
return $this->canDelete($subject, $user);
}
throw new \LogicException('This code should not be reached!');
}
/**
* Check if logged in User can view Property
*
* @param UserInterface $subject
* @param UserInterface $user
*
* @return bool
*/
private function canView(UserInterface $subject, UserInterface $user): bool
{
if ($this->canEdit($subject, $user)) {
return true;
}
if ($this->isOwner($subject, $user)) {
return true;
}
return false;
}
/**
* Check if logged in User can view Property
*
* @param UserInterface $user
*
* @return bool
*/
private function canViewAny(UserInterface $user): bool
{
if ($user->hasRight(self::VIEW_ANY)) {
return true;
}
return false;
}
/**
* Check if logged in User can create Property
*
* @param UserInterface $user
*
* @return bool
*/
private function canCreate(UserInterface $user): bool
{
if ($user->hasRight(self::CREATE)) {
return true;
}
return $user->hasRole('ROLE_ADMIN');
}
/**
* Check if logged in User can edit Property
*
* @param UserInterface $subject
* @param UserInterface $user
*
* @return bool
*/
private function canEdit(UserInterface $subject, UserInterface $user): bool
{
if ($user->hasRight(self::EDIT)) {
return true;
}
return false;
}
/**
* Check if logged in User can print Property
*
* @param UserInterface $subject
* @param UserInterface $user
*
* @return bool
*/
private function canEditAny(UserInterface $subject, UserInterface $user): bool
{
if ($user->hasRight(self::EDIT_ANY)) {
return true;
}
if ($this->isOwner($subject, $user)) {
return true;
}
return false;
}
/**
* Check if logged in User can delete Property
*
* @param UserInterface $subject
* @param UserInterface $user
*
* @return bool
*/
private function canDelete(UserInterface $subject, UserInterface $user): bool
{
if ($user->hasRight(self::DELETE)) {
return true;
}
if ($this->isOwner($subject, $user)) {
return true;
}
return false;
}
/**
* Check if User if Owner of Subject/Property
* @param UserInterface $subject
* @param UserInterface $user
*
* @return bool
*/
private function isOwner(UserInterface $subject, UserInterface $user): bool
{
return $user->getId() === $subject->getId();
}
}

src/Security/Content/BlogVoter.php line 11