Part-DB.Part-DB-server/src/Security/Voter/PartVoter.php

56 lines
1.6 KiB
PHP
Raw Normal View History

<?php
namespace App\Security\Voter;
use App\Entity\Part;
use App\Entity\User;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
/**
* A Voter that votes on Part entities.
*
* See parts permissions for valid operations.
*/
class PartVoter extends ExtendedVoter
{
const READ = 'read';
protected function supports($attribute, $subject)
{
// replace with your own logic
// https://symfony.com/doc/current/security/voters.html
//return ($subject instanceof Part || in_array($subject, ['PERM_parts', 'PERM_parts_name']));
if ($subject instanceof Part) {
2019-03-19 19:00:39 +01:00
//Check if a sub permission should be checked -> $attribute has format name.edit
if (false !== strpos($attribute, '.')) {
2019-03-19 19:00:39 +01:00
[$perm, $op] = explode('.', $attribute);
2019-03-19 19:00:39 +01:00
return in_array($op, $this->resolver->listOperationsForPermission('parts_'.$perm), false);
}
return in_array($attribute, $this->resolver->listOperationsForPermission('parts'), false);
}
return false;
}
protected function voteOnUser($attribute, $subject, User $user): bool
{
if ($subject instanceof Part) {
2019-03-19 19:00:39 +01:00
//Check for sub permissions
if (false !== strpos($attribute, '.')) {
2019-03-19 19:00:39 +01:00
[$perm, $op] = explode('.', $attribute);
return $this->resolver->inherit($user, 'parts_'.$perm, $op) ?? false;
2019-03-19 19:00:39 +01:00
}
//Null concealing operator means, that no
return $this->resolver->inherit($user, 'parts', $attribute) ?? false;
}
//Deny access by default.
return false;
}
}