<?php
namespace App\Daikin\FrontendBundle\Security;
use App\Daikin\BaseBundle\Entity\EmergencyStock\Order;
use App\Daikin\BaseBundle\Entity\User;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
/**
* Class OrderVoter
* @package App\Daikin\FrontendBundle\Security
*/
class OrderVoter extends Voter
{
const VIEW = 'view';
const REMOVE = 'remove';
/**
* @var AccessDecisionManagerInterface
*/
private $decisionManager;
/**
* OrderVoter constructor.
* @param AccessDecisionManagerInterface $decisionManager
*/
public function __construct(AccessDecisionManagerInterface $decisionManager)
{
$this->decisionManager = $decisionManager;
}
protected function supports($attribute, $subject): bool
{
if ($attribute != self::VIEW && $attribute != self::REMOVE) {
return false;
}
if (!$subject instanceof Order) {
return false;
}
return true;
}
protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
{
if ($this->decisionManager->decide($token, ['ROLE_SPARE_PARTS_FULLADMIN'])) {
return true;
}
//admin can do anything
if ($attribute == self::VIEW && $this->decisionManager->decide($token, ['ROLE_SPARE_PARTS_PARTS_ADMIN'])) {
return true;
}
$user = $token->getUser();
if (!$user instanceof User) {
return false;
}
/** @var Order $order */
$order = $subject;
if ($order->getCustomer()->getCompany() != $user->getCompany()) {
return false;
}
return true;
}
}