src/Security/ECommerce/CartVoter.php line 17

Open in your IDE?
  1. <?php
  3. namespace App\Security\ECommerce;
  5. use App\Entity\ECommerce\Cart;
  6. use App\Entity\App\User;
  7. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  8. use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
  9. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  10. use Symfony\Component\Security\Core\User\UserInterface;
  12. /**
  13. * Class CartVoter
  14. *
  15. * @package MDL\ECommerceBundle\Security
  16. */
  17. class CartVoter extends Voter
  18. {
  19. // these strings are just invented: you can use anything
  20. const CREATE = 'CART_CREATE';
  21. const VIEW = 'CART_VIEW';
  22. const EDIT = 'CART_EDIT';
  23. const DELETE = 'CART_DELETE';
  25. /**
  26. * @var AccessDecisionManagerInterface
  27. */
  28. private $decisionManager;
  30. /**
  31. * CartVoter constructor.
  32. *
  33. * @param AccessDecisionManagerInterface $decisionManager
  34. */
  35. public function __construct(AccessDecisionManagerInterface $decisionManager)
  36. {
  37. $this->decisionManager = $decisionManager;
  38. }
  41. /**
  42. * @param string $attribute
  43. * @param mixed $subject
  44. *
  45. * @return bool
  46. */
  47. protected function supports($attribute, $subject)
  48. {
  49. // if the attribute isn't one we support, return false
  50. if (!in_array($attribute, array(
  51. self::CREATE,
  52. self::VIEW,
  53. self::EDIT,
  54. self::DELETE,
  55. ))) {
  56. return false;
  57. }
  59. // only vote on Cart objects inside this voter
  60. if (!$subject instanceof Cart && $attribute !== self::CREATE) {
  61. return false;
  62. }
  64. return true;
  65. }
  67. /**
  68. * @param string $attribute
  69. * @param Cart $individualOrder
  70. * @param TokenInterface $token
  71. *
  72. * @return bool
  73. */
  74. protected function voteOnAttribute($attribute, $individualOrder, TokenInterface $token)
  75. {
  76. if ($this->decisionManager->decide($token, array('ROLE_SUPER_ADMIN'))) {
  77. return true;
  78. }
  80. $user = $token->getUser();
  82. if (!$user instanceof UserInterface) {
  83. return false;
  84. }
  86. switch ($attribute) {
  87. case self::CREATE:
  88. return $this->canCreate($user);
  89. case self::VIEW:
  90. return $this->canView($individualOrder, $user);
  91. case self::EDIT:
  92. return $this->canEdit($individualOrder, $user);
  93. case self::DELETE:
  94. return $this->canDelete($individualOrder, $user);
  95. }
  97. throw new \LogicException('This code should not be reached!');
  98. }
  100. /**
  101. * @param User $user
  102. *
  103. * @return bool
  104. */
  105. private function canCreate(User $user)
  106. {
  107. if ($user->hasRole('ROLE_GUEST')) {
  108. return false;
  109. }
  111. return true;
  112. }
  114. /**
  115. * @param Cart $cart
  116. * @param User $user
  117. *
  118. * @return bool
  119. */
  120. private function canView(Cart $cart, User $user)
  121. {
  122. if ($this->canEdit($cart, $user)) {
  123. return true;
  124. }
  126. return false;
  127. }
  129. /**
  130. * @param Cart $cart
  131. * @param UserInterface $user
  132. *
  133. * @return bool
  134. */
  135. private function canEdit(Cart $cart, UserInterface $user)
  136. {
  137. if (!$cart->isCheckedOut()) {
  138. return $user === $cart->getUser();
  139. }
  141. return false;
  142. }
  144. /**
  145. * @param Cart $cart
  146. * @param UserInterface $user
  147. *
  148. * @return bool
  149. */
  150. private function canDelete($cart, $user)
  151. {
  152. return false;
  153. }
  154. }