src/Security/Voter/BookingVoter.php line 14

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter;
  5. use App\Entity\Booking;
  6. use App\Entity\Solicitation;
  7. use App\Entity\User;
  8. use App\Service\BookingService;
  9. use LogicException;
  10. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  11. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  12. use Symfony\Component\Security\Core\Security;
  14. class BookingVoter extends Voter
  15. {
  16.     public const CREATE 'create_booking';
  17.     public const EDIT 'edit_booking';
  18.     public const SHOW 'show_booking';
  20.     /** @var Security $security */
  21.     private $security;
  22.     /** @var BookingService $bookingService */
  23.     private $bookingService;
  25.     /**
  26.      * BookingVoter constructor.
  27.      * @param Security $security
  28.      * @param BookingService $bookingService
  29.      */
  30.     public function __construct(Security $securityBookingService $bookingService)
  31.     {
  32.         $this->security $security;
  33.         $this->bookingService $bookingService;
  34.     }
  36.     /**
  37.      * @inheritDoc
  38.      */
  39.     protected function supports($attribute$subject): bool
  40.     {
  41.         // if the attribute isn't one we support, return false
  42.         if (!in_array($attribute, [self::CREATEself::EDITself::SHOW])) {
  43.             return false;
  44.         }
  46.         // only vote on Booking objects inside this voter
  47.         if (!$subject instanceof Booking && !$subject instanceof Solicitation) {
  48.             return false;
  49.         }
  51.         return true;
  52.     }
  54.     /**
  55.      * @inheritDoc
  56.      */
  57.     protected function voteOnAttribute($attribute$subjectTokenInterface $token): bool
  58.     {
  59.         $user $token->getUser();
  61.         if (!$user instanceof User) {
  62.             // the user must be logged in; if not, deny access
  63.             return false;
  64.         }
  66.         switch ($attribute) {
  67.             case self::CREATE:
  68.                 return $this->canCreate($subject);
  69.             case self::EDIT:
  70.                 return $this->canEdit($subject);
  71.             case self::SHOW:
  72.                 return $this->canShow();
  73.         }
  75.         throw new LogicException('This code should not be reached!');
  76.     }
  78.     /**
  79.      * @param Solicitation $solicitation
  80.      * @return bool
  81.      */
  82.     private function canCreate(Solicitation $solicitation): bool
  83.     {
  84.         $beneficiary $solicitation->getBeneficiary();
  85.         $collectiveLine $solicitation->getContractLine();
  87.         // Quantity 0 is unlimited, so we can create another solicitation
  88.         $availableQuantities $this->bookingService->getAvailableQuantity($collectiveLine$beneficiarynull);
  89.         return (
  90.             $collectiveLine->getEnabledRelevantPeriod() &&
  91.             $this->security->isGranted('ROLE_ATCLIENTE') &&
  92.             $availableQuantities
  93.         );
  94.     }
  96.     /**
  97.      * @param Booking $booking
  98.      * @return bool
  99.      */
  100.     private function canEdit(Booking $booking): bool
  101.     {
  102.         $serviceBag $booking->getSolicitation()->getContractLine();
  103.         // Quantity 0 is unlimited, so we can create another solicitation
  104.         return ($serviceBag->getEnabledRelevantPeriod() && $this->security->isGranted('ROLE_ATCLIENTE'));
  105.     }
  107.     /**
  108.      * @return bool
  109.      */
  110.     private function canShow(): bool
  111.     {
  112.         return $this->security->isGranted('ROLE_ATCLIENTE');
  113.     }
  114. }