<?php
namespace Evo\Application\Security\Voter;
use Evo\Application\Security\Permissions;
use Evo\Infrastructure\MappingORM\User;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\Security;
class UserVoter extends Voter
{
private const SUPPORTED_ATTRIBUTES = [
Permissions::USER_DETAILS,
Permissions::USER_EDIT,
];
private Security $security;
public function __construct(Security $security)
{
$this->security = $security;
}
protected function supports(string $attribute, $subject): bool
{
return $subject instanceof User && \in_array($attribute, self::SUPPORTED_ATTRIBUTES, true);
}
/**
* @param User $subject
*/
protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
{
$loggedUser = $token->getUser();
if (false === $loggedUser instanceof User) {
return false;
}
return $subject->getId() === $loggedUser->getId() || $this->security->isGranted('ROLE_ADMIN', $loggedUser);
}
}