src/Security/Voter/UserRoleVoter.php line 13

  1. <?php
  3. declare(strict_types=1);
  5. namespace App\Security\Voter;
  7. use App\Entity\User;
  8. use App\Enum\BaseRoleEnum;
  9. use App\Enum\RoleEnum;
  10. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  11. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  13. final class UserRoleVoter extends Voter
  14. {
  15.     private const ROLE_ADMIN BaseRoleEnum::ROLE_ADMIN;
  17.     private const EXTERNAL_PARTNER RoleEnum::EXTERNAL_PARTNER;
  18.     private const EXTERNAL_STAKEHOLDER RoleEnum::EXTERNAL_STAKEHOLDER;
  19.     private const GENERAL_MANAGER RoleEnum::GENERAL_MANAGER;
  20.     private const PROJECT_EMPLOYEE RoleEnum::PROJECT_EMPLOYEE;
  21.     private const PROJECT_MANAGER RoleEnum::PROJECT_MANAGER;
  23.     protected function supports(string $attribute$subject): bool
  24.     {
  25.         return in_array($attribute,
  26.             [
  27.                 self::EXTERNAL_PARTNER,
  28.                 self::EXTERNAL_STAKEHOLDER,
  29.                 self::GENERAL_MANAGER,
  30.                 self::PROJECT_EMPLOYEE,
  31.                 self::PROJECT_MANAGER
  32.             ]
  33.         );
  34.     }
  36.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  37.     {
  38.         /** @var ?User $loggedUser */
  39.         $loggedUser $token->getUser();
  41.         if (!$loggedUser) {
  42.             return false;
  43.         }
  45.         if (in_array(self::ROLE_ADMIN$loggedUser->getRoles())) {
  46.             return false;
  47.         }
  49.         $currentRole $loggedUser
  50.             ->getCurrentRoleInstitution()
  51.             ->getRole()
  52.             ->getKeyName();
  54.         return $attribute === $currentRole;
  55.     }
  56. }