Implement StoredObject permissions in AsyncUploadVoter.php

src/Bundle/ChillDocStoreBundle/Security/Authorization/AsyncUploadVoter.php

@@ -12,6 +12,8 @@ declare(strict_types=1);
 namespace Chill\DocStoreBundle\Security\Authorization;
 
 use Chill\DocStoreBundle\AsyncUpload\SignedUrl;
+use Chill\DocStoreBundle\Entity\StoredObject;
+use Chill\DocStoreBundle\Repository\StoredObjectRepository;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authorization\Voter\Voter;
 use Symfony\Component\Security\Core\Security;
@@ -22,6 +24,7 @@ final class AsyncUploadVoter extends Voter
 
     public function __construct(
         private readonly Security $security,
+        private readonly StoredObjectRepository $storedObjectRepository
     ) {}
 
     protected function supports($attribute, $subject): bool
@@ -36,13 +39,12 @@ final class AsyncUploadVoter extends Voter
             return false;
         }
 
-        //TODO get the StoredObject from the SignedUrl
-/*        match($subject->method) {
-            'GET' => $this->security->isGranted('SEE', $storedObject),
-            'PUT' => $this->security->isGranted('EDIT', $storedObject),
-            'POST' => $this->security->isGranted('ROLE_USER') || $this->security->isGranted('ROLE_ADMIN')
-        };*/
+        $storedObject = $this->storedObjectRepository->findOneBy(['filename' => $subject->object_name]);
 
-        return $this->security->isGranted('ROLE_USER') || $this->security->isGranted('ROLE_ADMIN');
+        return match($subject->method) {
+            'GET' => $this->security->isGranted(StoredObjectRoleEnum::SEE->value, $storedObject),
+            'PUT' => $this->security->isGranted(StoredObjectRoleEnum::EDIT->value, $storedObject),
+            default => $this->security->isGranted('ROLE_USER') || $this->security->isGranted('ROLE_ADMIN')
+        };
     }
 }