<?php
namespace LiteDesk\CoreBundle\Security\Authorization;
use LiteDesk\OfficeBundle\Entity\Team;
use LiteDesk\UserBundle\Entity\User;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\AbstractVoter;
use JMS\DiExtraBundle\Annotation\Service;
use JMS\DiExtraBundle\Annotation\Tag;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
/**
* @Service
* @Tag("security.voter")
*/
class GlobalSystemAdminVoter extends Voter
{
protected function supports($attribute, $subject)
{
return true;
}
protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
{
foreach($token->getRoles() as $role)
{
if($role->getRole() == $attribute || ($role->getRole() == 'GLOBAL_SYSTEM_ADMINISTRATION' && $attribute != 'ROLE_PREVIOUS_ADMIN'))
{
return true;
}
}
return false;
}
public function vote(TokenInterface $token, $subject, array $attributes)
{
// abstain vote by default in case none of the attributes are supported
$vote = self::ACCESS_ABSTAIN;
if(!$attributes)
{
return $this->voteOnAttribute(array(), $subject, $token);
}
foreach ($attributes as $attribute) {
if (!$this->supports($attribute, $subject)) {
continue;
}
// as soon as at least one attribute is supported, default is to deny access
$vote = self::ACCESS_DENIED;
if ($this->voteOnAttribute($attribute, $subject, $token)) {
// grant access as soon as at least one attribute returns a positive response
return self::ACCESS_GRANTED;
}
}
return $vote;
}
}