src/Security/ECommerce/InvoiceVoter.php line 16

Open in your IDE?
  1. <?php
  3. namespace App\Security\ECommerce;
  5. use App\Entity\ECommerce\Invoice;
  6. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  7. use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
  8. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  9. use Symfony\Component\Security\Core\User\UserInterface;
  11. /**
  12. * Class CartArchiveVoter
  13. *
  14. * @package MDL\ECommerceBundle\Security
  15. */
  16. class InvoiceVoter extends Voter
  17. {
  18. // these strings are just invented: you can use anything
  19. const VIEW = 'INVOICE_VIEW';
  20. const PRINT = 'INVOICE_PRINT';
  21. const EDIT = 'INVOICE_EDIT';
  22. const DELETE = 'INVOICE_DELETE';
  24. /**
  25. * @var AccessDecisionManagerInterface
  26. */
  27. private $decisionManager;
  29. /**
  30. * CartVoter constructor.
  31. *
  32. * @param AccessDecisionManagerInterface $decisionManager
  33. */
  34. public function __construct(AccessDecisionManagerInterface $decisionManager)
  35. {
  36. $this->decisionManager = $decisionManager;
  37. }
  40. /**
  41. * @param string $attribute
  42. * @param mixed $subject
  43. *
  44. * @return bool
  45. */
  46. protected function supports($attribute, $subject)
  47. {
  48. // if the attribute isn't one we support, return false
  49. if (!in_array($attribute, array(
  50. self::VIEW,
  51. self::PRINT,
  52. self::EDIT,
  53. self::DELETE,
  54. ))) {
  55. return false;
  56. }
  58. // only vote on Cart objects inside this voter
  59. if (!$subject instanceof Invoice) {
  60. return false;
  61. }
  63. return true;
  64. }
  66. /**
  67. * @param string $attribute
  68. * @param Invoice $invoice
  69. * @param TokenInterface $token
  70. *
  71. * @return bool
  72. */
  73. protected function voteOnAttribute($attribute, $invoice, TokenInterface $token)
  74. {
  75. if ($this->decisionManager->decide($token, array('ROLE_SUPER_ADMIN'))) {
  76. return true;
  77. }
  79. $user = $token->getUser();
  81. if (!$user instanceof UserInterface) {
  82. return false;
  83. }
  85. switch ($attribute) {
  86. case self::VIEW:
  87. return $this->canView($invoice, $user);
  88. case self::PRINT:
  89. return $this->canPrint($invoice, $user);
  90. case self::EDIT:
  91. return $this->canEdit($invoice, $user);
  92. case self::DELETE:
  93. return $this->canDelete($invoice, $user);
  94. }
  96. throw new \LogicException('This code should not be reached!');
  97. }
  99. /**
  100. * @param Invoice $invoice
  101. * @param UserInterface $user
  102. *
  103. * @return bool
  104. */
  105. private function canView(Invoice $invoice, UserInterface $user)
  106. {
  107. return $invoice->getCart()->getUser() === $user;
  108. }
  110. /**
  111. * @param Invoice $invoice
  112. * @param UserInterface $user
  113. *
  114. * @return bool
  115. */
  116. private function canPrint(Invoice $invoice, UserInterface $user)
  117. {
  118. return $invoice->getCart()->getUser() === $user;
  119. }
  121. /**
  122. * @param Invoice $invoice
  123. * @param UserInterface $user
  124. *
  125. * @return bool
  126. */
  127. private function canEdit(Invoice $invoice, UserInterface $user)
  128. {
  129. return false;
  130. }
  132. /**
  133. * @param Invoice $invoice
  134. * @param UserInterface $user
  135. *
  136. * @return bool
  137. */
  138. private function canDelete($invoice, $user)
  139. {
  140. return false;
  141. }
  142. }