create voter which blocks deletion if a workflow exists

2025-08-21 15:13:50 +00:00 · 2022-03-07 00:14:22 +01:00
parent f0849eeef5
commit b2a61071bf
11 changed files with 227 additions and 6 deletions
--- a/src/Bundle/ChillMainBundle/Security/Authorization/WorkflowEntityDeletionVoter.php
+++ b/src/Bundle/ChillMainBundle/Security/Authorization/WorkflowEntityDeletionVoter.php
@@ -0,0 +1,65 @@
+<?php
+
+/**
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+declare(strict_types=1);
+
+namespace Chill\MainBundle\Security\Authorization;
+
+use Chill\MainBundle\Repository\Workflow\EntityWorkflowRepository;
+use Chill\MainBundle\Workflow\EntityWorkflowHandlerInterface;
+use RuntimeException;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\Voter;
+use function in_array;
+use function is_object;
+
+class WorkflowEntityDeletionVoter extends Voter
+{
+    private EntityWorkflowRepository $entityWorkflowRepository;
+
+    /**
+     * @var iterable|EntityWorkflowHandlerInterface[]
+     */
+    private iterable $handlers;
+
+    public function __construct($handlers, EntityWorkflowRepository $entityWorkflowRepository)
+    {
+        $this->handlers = $handlers;
+        $this->entityWorkflowRepository = $entityWorkflowRepository;
+    }
+
+    protected function supports($attribute, $subject)
+    {
+        if (!is_object($subject)) {
+            return false;
+        }
+
+        foreach ($this->handlers as $handler) {
+            if ($handler->isObjectSupported($subject)
+                && in_array($attribute, $handler->getDeletionRoles($subject), true)) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
+    {
+        foreach ($this->handlers as $handler) {
+            if ($handler->isObjectSupported($subject)) {
+                return 0 === $this->entityWorkflowRepository->countRelatedWorkflows(
+                    $handler->getRelatedObjects($subject)
+                );
+            }
+        }
+
+        throw new RuntimeException('no handlers found');
+    }
+}