<?php
namespace App\Security\Voter;
use App\Entity\Part;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\User\UserInterface;
use App\Entity\User;
use Symfony\Component\Security\Core\Security;
class PartVoter extends Voter
{
const VIEW ="ver";
const CREATE ="crear";
const EDIT ="editar";
const DELETE = "eliminar";
const IMPORT = "importar";
private $security;
public function __construct(Security $security)
{
$this->security = $security;
}
protected function supports($attribute, $subject)
{
// if the attribute isn't one we support, return false
if (!in_array($attribute, [self::VIEW, self::CREATE, self::EDIT, self::DELETE, self::IMPORT])) {
return false;
}
// only vote on `Part` objects
if (!$subject instanceof Part) {
return false;
}
return true;
}
protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
{
$admin = $token->getUser();
// if the user is anonymous, do not grant access
if (!$admin instanceof UserInterface) {
return false;
}
// ROLE_ADMIN can do anything! The power!
if ($this->security->isGranted('ROLE_ADMIN')) {
return true;
}
// ... (check conditions and return true to grant permission) ...
switch ($attribute) {
case self::VIEW:
return $this->canView($subject, $admin);
case self::CREATE:
return $this->canCreate($admin);
case self::EDIT:
return $this->canEdit($subject, $admin);
case self::DELETE:
return $this->canDelete($subject, $admin);
case self::IMPORT:
return $this->canImport($subject, $admin);
}
return false;
}
private function canCreate(User $admin)
{
if ( $admin->getRole() == 'ROLE_CHIEF' || $admin->getRole() == 'ROLE_USER' ) {
return true;
}
return false;
}
private function canView(Part $part, User $admin)
{
if ( in_array($admin->getRole(),['ROLE_CHIEF','ROLE_USER','ROLE_CLIENT']) ) {
return $admin->getCompany() === $part->getCompany() ;
}else if ($admin->getRole() == 'ROLE_SUPPLIER_CHIEF' || $admin->getRole() == 'ROLE_SUPPLIER'){
return $admin->getId() === $part->getSupplier()->getUser()->getId();
}
return false;
}
private function canEdit(Part $part, User $admin)
{
if ( $admin->getRole() == 'ROLE_CHIEF' || $admin->getRole() == 'ROLE_USER' ) {
return $admin->getCompany() === $part->getCompany() ;
}
return false;
}
private function canDelete(Part $part, User $admin)
{
if ( $admin->getRole() == 'ROLE_CHIEF') {
return $admin->getCompany() === $part->getCompany();
}
return false;
}
private function canImport(Part $part, User $admin)
{
$cs = $admin->getCompany()->getLicenseCompany();
if($cs){
if($cs->getLicense()->getMassiveUpload()){
return true;
}
}
return false;
}
}