<?php
declare(strict_types=1);
namespace App\Security\Voter;
use App\Entity\Manager;
use App\Entity\Roster;
use App\Entity\Sponsor;
use RuntimeException;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
class RosterVoter extends Voter
{
/** @var string */
public const READ = 'READ';
/** @var string */
public const EDIT = 'EDIT';
/** @var string */
public const ADD = 'ADD';
/** @var string[] */
private const LIST = [
self::READ,
self::EDIT,
self::ADD,
];
protected function supports(string $attribute, $subject): bool
{
/** @var Roster|object|null $subject */
return $subject instanceof Roster && in_array($attribute, self::LIST, true);
}
protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
{
$user = $token->getUser();
if ($user === null) {
return false;
}
if ($user instanceof Manager) {
$user = $user->getSponsor();
}
/** @var Roster|object $subject */
return match ($attribute) {
self::READ => $subject->isSystem() || $subject->getSponsor() === $user,
self::EDIT => !$subject->isSystem() && $subject->getSponsor() === $user,
self::ADD => $subject instanceof Roster && $user instanceof Sponsor,
default => throw new RuntimeException('Invalid action'),
};
}
}