Symfony Profiler

<?php
/**
* This file is part of the educat package.
*
* (c) Solvee
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
declare(strict_types=1);
namespace App\Core\Application\Security;
use App\Common\Model\Core\ModuleConfigInterface;
use App\Common\Model\Core\UserInterface;
use LogicException;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\Security;
/**
* Class ModuleConfigVoter
*
* @author Michał Rybnik <michal.rybnik@solvee.pl>
*/
class ModuleConfigVoter extends Voter
{
public const LIST_MODULE_CONFIG = 'list_module_config';
public const VIEW_MODULE_CONFIG = 'view_module_config';
public const UPDATE_MODULE_CONFIG = 'update_module_config';
public const DELETE_MODULE_CONFIG = 'delete_module_config';
/** @var Security */
private Security $security;
/**
* ModuleConfigVoter constructor.
*
* @param Security $security
*/
public function __construct(Security $security)
{
$this->security = $security;
}
/**
* @param string $attribute
* @param mixed $subject
*
* @return bool
*/
protected function supports($attribute, $subject)
{
if (self::LIST_MODULE_CONFIG === $attribute) {
return true;
}
if (!in_array(
$attribute,
[
self::VIEW_MODULE_CONFIG,
self::UPDATE_MODULE_CONFIG,
self::DELETE_MODULE_CONFIG,
]
)) {
return false;
}
return $attribute && $subject instanceof ModuleConfigInterface;
}
/**
* @inheritDoc
*/
protected function voteOnAttribute(mixed $attribute, mixed $subject, TokenInterface $token)
{
$user = $token->getUser();
if (!$user instanceof UserInterface) {
return false;
}
switch ($attribute) {
case self::VIEW_MODULE_CONFIG:
return $this->canViewModuleConfig($subject, $user);
case self::LIST_MODULE_CONFIG:
return $this->canListModuleConfig($user);
case self::UPDATE_MODULE_CONFIG:
return $this->canUpdateModuleConfig($subject, $user);
case self::DELETE_MODULE_CONFIG:
return $this->canDeleteModuleConfig($subject, $user);
default:
throw new LogicException();
}
}
/**
* @param ModuleConfigInterface $moduleConfig
* @param UserInterface $user
*
* @return bool
*/
private function canViewModuleConfig(ModuleConfigInterface $moduleConfig, UserInterface $user): bool
{
return true; // todo better module config rules
}
/**
* @param ModuleConfigInterface $moduleConfig
* @param UserInterface $user
*
* @return bool
*/
private function canDeleteModuleConfig(ModuleConfigInterface $moduleConfig, UserInterface $user): bool
{
return $this->security->isGranted('ROLE_ADMIN');
}
/**
* @param UserInterface $user
*
* @return bool
*/
private function canListModuleConfig(UserInterface $user): bool
{
return $this->security->isGranted('ROLE_ADMIN');
}
/**
* @param ModuleConfigInterface $moduleConfig
* @param UserInterface $user
*
* @return bool
*/
private function canUpdateModuleConfig(ModuleConfigInterface $moduleConfig, UserInterface $user): bool
{
if ($this->security->isGranted('ROLE_ADMIN')) {
return true;
}
$account = $moduleConfig->getAccount();
return $account->getUser() === $user;
}
}

src/Core/Application/Security/ModuleConfigVoter.php line 27