<?php
namespace App\Security\Voter;
use App\Entity\Subject;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\User\UserInterface;
class SubjectVoter extends Voter
{
protected function supports($attribute, $targetEntity)
{
return in_array($attribute, ['USER_CAN_EDIT_SUBJECT', 'ALT_MANAGER_CAN_SEE_SUBJECT'])
&& $targetEntity instanceof \App\Entity\Subject;
}
protected function voteOnAttribute($attribute, $targetEntity, TokenInterface $token)
{
$user = $token->getUser();
if (!$user instanceof UserInterface) {
return false;
}
if(in_array('ROLE_ADMIN', $user->getRoles())) {
return true;
}
if(in_array('ROLE_SUPER_ADMIN', $user->getRoles())) {
return true;
}
switch ($attribute) {
case 'USER_CAN_EDIT_SUBJECT':
if ($targetEntity->getAuthor()->getId() == $user->getId()) {
return true;
}
break;
case 'ALT_MANAGER_CAN_SEE_SUBJECT':
if(!in_array('ROLE_ALTERNATIVE_MANAGER', $user->getRoles())) {
return false;
}
if ($targetEntity->getIsViewableForAlternativeManager() == 1 ) {
return true;
}
break;
}
return false;
}
}