<?php
declare(strict_types=1);
namespace App\Security\Voter;
use App\Entity\Activity;
use App\Entity\Campaign;
use App\Entity\Manager;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
class ManagerPermissionVoter extends Voter
{
public const CREATOR = 'creator';
public const LIMITED_CREATOR = 'limited_creator';
public const VIDEO = 'video';
public const ROSTER = 'roster';
public const SIMPLE_MANAGER = 'simple_manager';
private const LIST = [
self::CREATOR,
self::LIMITED_CREATOR,
self::VIDEO,
self::ROSTER,
self::SIMPLE_MANAGER,
];
protected function supports(string $attribute, $subject): bool
{
return in_array($attribute, self::LIST, true)
&& ($subject instanceof Manager || $subject instanceof Campaign || $subject instanceof Activity);
}
protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
{
$user = $token->getUser();
if (!$user instanceof Manager) {
return false;
}
$hasPermission = $user->hasPermission($attribute);
if (
$hasPermission
&& $attribute === self::LIMITED_CREATOR
&& ($subject instanceof Campaign || $subject instanceof Activity)
) {
return $user->hasCampaign($subject);
}
return $hasPermission;
}
}