<?php
namespace LiteDesk\FinanceBundle\Security\Authorization;
use LiteDesk\UserBundle\Entity\User;
use LiteDesk\FinanceBundle\Entity\DutyTravelOrder;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\AbstractVoter;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\User\AdvancedUserInterface;
use JMS\DiExtraBundle\Annotation\Service;
use JMS\DiExtraBundle\Annotation\Tag;
/**
* @Service("security.access.duty_travel_voter", public=false)
* @Tag("security.voter")
*/
class DutyTravelVoter extends Voter
{
const VIEW = 'VIEW';
const EDIT = 'EDIT';
const PROMOTE = 'PROMOTE';
const DEMOTE = 'DEMOTE';
const DELETE = 'DELETE';
const TEMPLATE = 'TEMPLATE';
protected function supports($attribute, $subject)
{
if(!in_array($attribute, $this->getSupportedAttributes()))
{
return false;
}
if(!($subject instanceof DutyTravelOrder))
{
return false;
}
return true;
}
protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
{
$user = $token->getUser();
/* @var $dutyTravelOrder DutyTravelOrder */
// make sure there is a user object (i.e. that the user is logged in)
if (!$user instanceof AdvancedUserInterface) {
return false;
}
// double-check that the User object is the expected entity (this
// only happens when you did not configure the security system properly)
if (!$user instanceof User) {
throw new \LogicException('The user is somehow not our User class!');
}
switch($attribute) {
case self::VIEW:
return $subject->getAuthor()->getId() == $user->getId();
break;
case self::EDIT:
return $subject->getAuthor()->getId() == $user->getId();
break;
case self::DELETE:
return $subject->getAuthor()->getId() == $user->getId();
break;
case self::TEMPLATE:
return $subject->getAuthor()->getId() == $user->getId();
break;
}
return false;
}
protected function getSupportedAttributes()
{
return array(self::VIEW, self::EDIT, self::PROMOTE, self::DELETE, self::DEMOTE, self::TEMPLATE);
}
}