Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-06-18 08:14:24 +00:00
Code Issues Actions Projects Releases Wiki Activity
chill-bundles/src/Bundle/ChillCalendarBundle/Security/Voter/CalendarDocVoter.php
Julien Fastré b2eb2b0968
Update calendar authorization checks 
The CalendarDocVoter now also supports Calendar instances, not only CalendarDoc instances. This allows refining permissions checks based on the actual instance type. In addition, the ChillCalendarBundle's view has been updated to correctly use permissions when displaying action buttons. Obsolete TODO comments are also removed.
2024-04-10 21:15:49 +02:00

58 lines
2.0 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
/*
* Chill is a software for social workers
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace Chill\CalendarBundle\Security\Voter;
use Chill\CalendarBundle\Entity\Calendar;
use Chill\CalendarBundle\Entity\CalendarDoc;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\Exception\LogicException;
use Symfony\Component\Security\Core\Security;
class CalendarDocVoter extends Voter
{
final public const EDIT = 'CHILL_CALENDAR_DOC_EDIT';
final public const SEE = 'CHILL_CALENDAR_DOC_SEE';
private const ALL = [
'CHILL_CALENDAR_DOC_EDIT',
'CHILL_CALENDAR_DOC_SEE',
];
public function __construct(private readonly Security $security) {}
protected function supports($attribute, $subject): bool
{
return \in_array($attribute, self::ALL, true) && ($subject instanceof CalendarDoc || $subject instanceof Calendar);
}
protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
{
if ($subject instanceof Calendar) {
return match ($attribute) {
self::EDIT => $this->security->isGranted(CalendarVoter::EDIT, $subject),
self::SEE => $this->security->isGranted(CalendarVoter::SEE, $subject),
default => throw new LogicException('attribute not supported for this Voter'),
};
} elseif ($subject instanceof CalendarDoc) {
return match ($attribute) {
self::EDIT => $this->security->isGranted(CalendarVoter::EDIT, $subject->getCalendar()),
self::SEE => $this->security->isGranted(CalendarVoter::SEE, $subject->getCalendar()),
default => throw new \UnexpectedValueException('Attribute not supported: '.$attribute),
};
}
throw new LogicException('Subject not supported for this Voter');
}
}
Reference in New Issue View Git Blame Copy Permalink