chill-bundles/src/Bundle/ChillMainBundle/Security/Authorization/EntityWorkflowStepSignatureVoter.php
Julien Fastré 9f1afb8423
Add access controls and permissions for signature steps
Implemented a Voter to enforce permissions on signature steps, ensuring only authorized users can sign steps. Updated relevant controllers and templates to reflect these permissions, and added corresponding tests to validate the changes.
2024-09-13 17:04:57 +02:00

42 lines
1.1 KiB
PHP

<?php
declare(strict_types=1);
/*
* Chill is a software for social workers
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace Chill\MainBundle\Security\Authorization;
use Chill\MainBundle\Entity\Workflow\EntityWorkflowStepSignature;
use Chill\PersonBundle\Entity\Person;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
final class EntityWorkflowStepSignatureVoter extends Voter
{
public const SIGN = 'CHILL_MAIN_ENTITY_WORKFLOW_SIGNATURE_SIGN';
protected function supports(string $attribute, $subject)
{
return $subject instanceof EntityWorkflowStepSignature && self::SIGN === $attribute;
}
protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token)
{
/** @var EntityWorkflowStepSignature $subject */
if ($subject->getSigner() instanceof Person) {
return true;
}
if ($subject->getSigner() === $token->getUser()) {
return true;
}
return false;
}
}