<?php
namespace App\Security\Voters;
use App\Entity\Ticket;
use App\Entity\User;
use App\Entity\Manufacturer;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\Security;
class TicketVoter extends Voter
{
private Security $security;
public const CAN_ADD_UPLOAD = 'ticket.can.add.upload';
public const CAN_EDIT = 'ticket.can.be.edited';
public const CAN_RESOLVE = 'ticket.can_resolve';
private const ATTRIBUTES = [
self::CAN_ADD_UPLOAD,
self::CAN_EDIT,
self::CAN_RESOLVE,
];
public function __construct(Security $security)
{
$this->security = $security;
}
protected function supports($attribute, $subject): bool
{
return in_array($attribute, self::ATTRIBUTES);
}
protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
{
$user = $token->getUser();
switch ($attribute) {
case self::CAN_ADD_UPLOAD:
return $this->canAddUpload($subject);
case self::CAN_EDIT:
return $this->canEdit($subject);
case self::CAN_RESOLVE:
return $this->canResolve($subject);
}
throw new \LogicException('Invalid attribute: ' . $attribute);
}
private function canEdit(Ticket $ticket): bool
{
if ($this->security->isGranted('ROLE_IT_SUPPORT')) {
return true;
}
if ( in_array($ticket->getStatus(), [Ticket::STATUS_NEW]) && $ticket->getCreatedBy() === $this->security->getUser()) {
return true;
}
return false;
}
private function canAddUpload(Ticket $ticket): bool
{
if ($this->security->isGranted('ROLE_IT_SUPPORT')) {
return true;
}
if ( in_array($ticket->getStatus(), [Ticket::STATUS_NEW]) && $ticket->getCreatedBy() === $this->security->getUser()) {
return true;
}
return false;
}
private function canResolve($subject) : bool
{
if ( $this->security->isGranted('ROLE_IT_SUPPORT') ) {
return true;
}
return false;
}
}