<?php
namespace App\Security\Voter;
use App\Entity\Message;
use App\Entity\User;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\Security;
class MessageVoter extends Voter
{
const VIEW = 'view';
const ANSWER = 'answer';
const DELETE = 'delete';
private $security;
public function __construct(Security $security)
{
$this->security = $security;
}
protected function supports($attribute, $subject)
{
if (!in_array($attribute, [self::VIEW, self::ANSWER, self::DELETE])) {
return false;
}
if (!$subject instanceof Message) {
return false;
}
return true;
}
protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
{
$user = $token->getUser();
if (!$user instanceof User) {
return false;
}
/** @var Message $message */
$message = $subject;
switch ($attribute) {
case self::VIEW:
return $this->canView($message, $user, $token);
case self::ANSWER:
return $this->canAnswer($message, $user, $token);
case self::DELETE:
return $this->canDelete($message, $user, $token);
}
throw new \LogicException('This code should not be reached!');
}
// [HP] @todo condition if message deleted ?
private function canView(Message $message, User $user, TokenInterface $token)
{
return $message->hasParticipant($user);
}
private function canAnswer(Message $message, User $user, TokenInterface $token)
{
return !$message->getSystem() && $message->hasParticipant($user);
}
private function canDelete(Message $message, User $user, TokenInterface $token)
{
return ($message->getSystem() && $message->hasParticipant($user)) ||
$this->security->isGranted(User::ROLE_SUPER_ADMIN);
}
}