src/Security/Voter/OwnerVoter.php line 21

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter;
  5. use App\Entity\Episode;
  6. use App\Entity\Program;
  7. use App\Entity\Radio;
  8. use App\Entity\User;
  9. use EasyCorp\Bundle\EasyAdminBundle\Dto\ActionDto;
  10. use EasyCorp\Bundle\EasyAdminBundle\Provider\AdminContextProvider;
  11. use EasyCorp\Bundle\EasyAdminBundle\Security\Permission;
  12. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  13. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  14. use Symfony\Component\Security\Core\Security;
  15. use Symfony\Component\Security\Core\User\UserInterface;
  17. /**
  18.  * This class vote on applications entities that may be owned by current user.
  19.  * Basically allows to view anything but edit only owned entities.
  20.  */
  21. class OwnerVoter extends Voter
  22. {
  23.     private $security;
  24.     private $adminContextProvider;
  26.     public function __construct(Security $securityAdminContextProvider $adminContextProvider)
  27.     {
  28.         $this->security $security;
  29.         $this->adminContextProvider $adminContextProvider;
  30.     }
  32.     protected function supports($attribute$subject)
  33.     {
  35.         // Currently disabled. Easyer to maintain with displayIf() in controllers.
  36.         // May need to come back to voter to enforce permission.
  37.         return false;
  41.         
  42.         // $crud = $this->adminContextProvider->getContext()?->getCrud();
  43.         $context $this->adminContextProvider->getContext();
  44.         $crud $context $context->getCrud() : null;
  46.         // dump([
  47.         //     "supports" => $attribute,
  48.         //     'subject' => $subject,
  49.         //     'crud' => $crud,
  50.         // ]);
  52.         // replace with your own logic
  53.         // https://symfony.com/doc/current/security/voters.html
  54.         $supports $attribute == Permission::EA_EXECUTE_ACTION &&
  55.             // in_array($subject?->getName(), ['new', 'edit', 'delete']) &&
  56.             $crud && in_array($crud->getEntityFqcn(), [
  57.                 Radio::class,
  58.                 Program::class,
  59.                 Episode::class,
  60.             ]);
  61.         // dump('supports: ' . ($supports ? 'true' : 'false'));
  62.         return $supports;
  63.     }
  65.     protected function voteOnAttribute($attribute$subjectTokenInterface $token)
  66.     {
  67.         $user $token->getUser();
  68.         // if the user is anonymous, do not grant access
  69.         if (!$user instanceof UserInterface) {
  70.             return false;
  71.         }
  73.         // ... (check conditions and return true to grant permission) ...
  74.         switch ($attribute) {
  76.             case Permission::EA_EXECUTE_ACTION:
  78.                 // dump([
  79.                 //     "voteOnAttribute" => $attribute,
  80.                 //     'subject' => $subject,
  81.                 //     'token' => $token,
  82.                 //     // 'crud' => $crud,
  83.                 // ]);
  85.                 if ($this->security->isGranted(User::ROLE_MANAGER)) {
  86.                     // dump("voted true for user with ROLE_MANAGER");
  87.                     // Managers and above
  88.                     return true;
  89.                 } else {
  90.                     if ($subject instanceof ActionDto) {
  92.                         $action $subject->getName();
  94.                         if ($subject->isGlobalAction()) {
  95.                             $context $this->adminContextProvider->getContext();
  96.                             $crud $context $context->getCrud() : null;
  97.                             $class $crud->getEntityFqcn();
  99.                             switch ($action) {
  100.                                 case 'new':
  101.                                     $vote in_array($class, [Program::class, Episode::class]);
  102.                                     break;
  103.                                 default:
  104.                                     $vote true;
  105.                             }
  106.                             // dump("shouldBeDisplayedFor voted " . ($vote ? "true" : 'false') . " for $action");
  107.                             return $vote;
  108.                         } elseif ($subject->isEntityAction()) {
  110.                             // Need to decide for each entity
  111.                             // Note: this only removes the action links, but does not prevent to access the page
  112.                             // if the user has a way to forge the url.
  113.                             // Find a way to enforce the permission on the (not displayed) url
  114.                             $subject->setDisplayCallable(
  115.                                 function ($entity) use ($user$action): bool {
  116.                                     // dump([
  117.                                     //     "shouldBeDisplayedFor" => $entity?->getName(),
  118.                                     //     'entity' => $entity,
  119.                                     //     'action name' => $action,
  120.                                     // ]);
  122.                                     $owner null;
  123.                                     if ($entity instanceof Radio) {
  124.                                         $owner $entity->getOwner();
  125.                                     } elseif ($entity instanceof Program) {
  126.                                         $owner $entity->getRadio()?->getOwner();
  127.                                     } elseif ($entity instanceof Episode) {
  128.                                         $owner $entity->getProgram()?->getRadio()->getOwner();
  129.                                     }
  131.                                     switch ($action) {
  132.                                         case 'edit':
  133.                                         case 'delete':
  134.                                             $vote $owner == $user;
  135.                                             break;
  136.                                         default:
  137.                                             $vote true;
  138.                                     }
  139.                                     // dump("shouldBeDisplayedFor voted " . ($vote ? "true" : 'false') . " for $action on " . $entity);
  140.                                     return $vote;
  142.                                     // throw new \LogicException('This code should not be reached!');
  143.                                 }
  144.                             );
  145.                             // dump("voted true for $attribute $action with displayCallable");
  146.                             return true;
  147.                         }
  149.                         // dump("voted true for $attribute $action with displayCallable");
  150.                         //dump("shouldBeDisplayedFor voted " . ($vote ? "true" : 'false') . " for $action");
  151.                         return false;
  152.                     }
  153.                 }
  154.         }
  156.         return false;
  157.     }
  158. }