. */ declare(strict_types=1); namespace App\Entity\UserSystem; enum ApiTokenLevel: int { private const ROLE_READ_ONLY = 'ROLE_API_READ_ONLY'; private const ROLE_EDIT = 'ROLE_API_EDIT'; private const ROLE_FULL = 'ROLE_API_FULL'; /** * The token can only read (non-sensitive) data. */ case READ_ONLY = 1; /** * The token can read and edit (non-sensitive) data. */ case EDIT = 2; /** * The token can do some administrative tasks (like viewing all log entries), but can not change passwords and create new tokens. */ case ADMIN = 3; /** * The token can do everything the user can do. */ case FULL = 4; /** * Returns the additional roles that the authenticated user should have when using this token. * @return string[] */ public function getAdditionalRoles(): array { //The higher roles should always include the lower ones return match ($this) { self::READ_ONLY => [self::ROLE_READ_ONLY], self::EDIT => [self::ROLE_READ_ONLY, self::ROLE_EDIT], self::FULL => [self::ROLE_READ_ONLY, self::ROLE_EDIT, self::ROLE_FULL], }; } /** * Returns the translation key for the name of this token level. * @return string */ public function getTranslationKey(): string { return 'api_token.level.' . strtolower($this->name); } }