src/Task/Application/Security/TaskVoter.php line 34

Open in your IDE?
  1. <?php
  2. /**
  3.  * This file is part of the educat package.
  4.  *
  5.  * (c) Solvee
  6.  *
  7.  * For the full copyright and license information, please view the LICENSE
  8.  * file that was distributed with this source code.
  9.  */
  11. declare(strict_types=1);
  13. namespace App\Task\Application\Security;
  15. use App\Common\MentorApplicants\MentorApplicantsProviderInterface;
  16. use App\Common\Model\Core\AccountInterface;
  17. use App\Common\Model\Core\UserInterface;
  18. use App\Common\Model\Task\TaskInterface;
  19. use App\Common\Security\ObjectOwnerVoterInterface;
  20. use App\Common\Security\ObjectOwnerVoterTrait;
  21. use App\Common\Security\VoterTrait;
  22. use App\ContentFile\Application\Security\ContentFileVoter;
  23. use LogicException;
  24. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  25. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  26. use Symfony\Component\Security\Core\Security;
  27. use function in_array;
  29. /**
  30.  * Class TaskVoter
  31.  *
  32.  * @author Kamil KozaczyƄski <kozaczynski.kamil@gmail.com>
  33.  */
  34. class TaskVoter extends Voter implements ObjectOwnerVoterInterface
  35. {
  36.     public const CREATE_TASK 'create_task';
  38.     use VoterTraitObjectOwnerVoterTrait;
  40.     /** @var MentorApplicantsProviderInterface */
  41.     private MentorApplicantsProviderInterface $mentorApplicantsProvider;
  43.     /**
  44.      * @param Security                          $security
  45.      * @param MentorApplicantsProviderInterface $mentorApplicantsProvider
  46.      */
  47.     public function __construct(
  48.         Security                          $security,
  49.         MentorApplicantsProviderInterface $mentorApplicantsProvider
  50.     ) {
  51.         $this->security                 $security;
  52.         $this->mentorApplicantsProvider $mentorApplicantsProvider;
  53.     }
  55.     /**
  56.      * @inheritDoc
  57.      */
  58.     protected function supports(string $attribute$subject): bool
  59.     {
  60.         if (!in_array(
  61.             $attribute,
  62.             [
  63.                 self::OBJECT_OWNER,
  64.                 self::CREATE_TASK,
  65.             ],
  66.             true
  67.         )) {
  68.             return false;
  69.         }
  71.         return $subject instanceof TaskInterface;
  72.     }
  74.     /**
  75.      * @param string         $attribute
  76.      * @param TaskInterface  $subject
  77.      * @param TokenInterface $token
  78.      *
  79.      * @return bool
  80.      */
  81.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  82.     {
  83.         $user $token->getUser();
  85.         if (!$user instanceof UserInterface) {
  86.             return false;
  87.         }
  89.         return match ($attribute) {
  90.             self::OBJECT_OWNER => $this->isObjectOwner($subject$user->getAccount()),
  91.             self::CREATE_TASK => $this->canCreateTask($subject$user->getAccount()),
  92.             default => throw new LogicException('This code should not be reached.')
  93.         };
  94.     }
  96.     /**
  97.      * @param TaskInterface    $task
  98.      * @param AccountInterface $account
  99.      *
  100.      * @return bool
  101.      */
  102.     private function canCreateTask(TaskInterface $taskAccountInterface $account): bool
  103.     {
  104.         if ($this->isAdmin()) {
  105.             return true;
  106.         }
  107.         if ($task->getMentor() &&
  108.             !$this->mentorApplicantsProvider->doesApplicantBelongToMentor($task->getApplicant(), $task->getMentor())) {
  109.             return false;
  110.         }
  111.         if (!$this->isObjectOwner($task$account)) {
  112.             return false;
  113.         }
  115.         foreach ($task->getContentFiles() as $contentFile) {
  116.             if (!$this->security->isGranted(ContentFileVoter::CAN_ACCESS$contentFile)) {
  117.                 return false;
  118.             }
  119.         }
  121.         return true;
  122.     }
  123. }