add voter for calendar

2025-09-04 22:04:59 +00:00 · 2022-05-09 18:00:54 +02:00
parent d150a8251b
commit 0ec0708807
2 changed files with 86 additions and 10 deletions
--- a/src/Bundle/ChillCalendarBundle/Security/Voter/CalendarVoter.php
+++ b/src/Bundle/ChillCalendarBundle/Security/Voter/CalendarVoter.php
@@ -0,0 +1,79 @@
+<?php
+
+namespace Chill\CalendarBundle\Security\Voter;
+
+use Chill\MainBundle\Security\Authorization\AbstractChillVoter;
+use Chill\MainBundle\Security\Authorization\VoterHelperFactoryInterface;
+use Chill\MainBundle\Security\Authorization\VoterHelperInterface;
+use Chill\MainBundle\Security\ProvideRoleHierarchyInterface;
+use Chill\PersonBundle\Entity\AccompanyingPeriod;
+use Chill\PersonBundle\Entity\Person;
+use Chill\PersonBundle\Security\Authorization\AccompanyingPeriodVoter;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Security;
+
+class CalendarVoter extends AbstractChillVoter implements ProvideRoleHierarchyInterface
+{
+    public const SEE = 'CHILL_CALENDAR_CALENDAR_SEE';
+
+
+    private Security $security;
+
+    private VoterHelperInterface $voterHelper;
+
+
+    public function __construct(
+        Security $security,
+        VoterHelperFactoryInterface $voterHelperFactory
+    ) {
+        $this->security = $security;
+        $this->voterHelper = $voterHelperFactory
+            ->generate(self::class)
+            ->addCheckFor(AccompanyingPeriod::class, [self::SEE])
+            ->build();
+    }
+
+    public function getRolesWithHierarchy(): array
+    {
+        return ['Calendar' => $this->getRoles()];
+    }
+
+    public function getRoles(): array
+    {
+        return [
+            self::SEE,
+        ];
+    }
+
+    public function getRolesWithoutScope(): array
+    {
+        return [];
+    }
+
+    protected function supports($attribute, $subject): bool
+    {
+        return $this->voterHelper->supports($attribute, $subject);
+    }
+
+    protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
+    {
+        if ($subject instanceof AccompanyingPeriod) {
+            switch ($attribute) {
+                case self::SEE:
+
+                    if ($subject->getStep() === AccompanyingPeriod::STEP_DRAFT) {
+                        return false;
+                    }
+
+                    // we first check here that the user has read access to the period
+                    return $this->security->isGranted(AccompanyingPeriodVoter::SEE, $subject);
+                default:
+                    throw new \LogicException('subject not implemented');
+            }
+        }
+
+        throw new \LogicException('attribute not implemented');
+    }
+
+
+}