43 lines
1.3 KiB
PHP
43 lines
1.3 KiB
PHP
<?php
|
|
|
|
namespace App\Security\Voter;
|
|
|
|
use App\Dto\Output\OrganizationalUnitOutput;
|
|
use App\Entity\OrganizationalUnit;
|
|
use App\Entity\User;
|
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
|
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
|
|
use Symfony\Component\Security\Core\User\UserInterface;
|
|
|
|
class OrganizationalUnitVoter extends Voter
|
|
{
|
|
public const string VIEW = 'ORGANIZATIONAL_UNIT_VIEW';
|
|
|
|
protected function supports(string $attribute, mixed $subject): bool
|
|
{
|
|
return $attribute === self::VIEW
|
|
&& $subject instanceof OrganizationalUnitOutput;
|
|
}
|
|
|
|
protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool
|
|
{
|
|
/** @var User $user */
|
|
$user = $token->getUser();
|
|
|
|
// if the user is anonymous, do not grant access
|
|
if (!$user instanceof UserInterface) {
|
|
return false;
|
|
}
|
|
|
|
if ($attribute === 'ORGANIZATIONAL_UNIT_VIEW' ) {
|
|
foreach ($user->getAllowedOrganizationalUnits() as $allowedOrganizationalUnit) {
|
|
if ($allowedOrganizationalUnit->getId() === $subject->getEntity()->getId()) {
|
|
return true;
|
|
}
|
|
}
|
|
}
|
|
|
|
return false;
|
|
}
|
|
}
|