<?phpnamespace App\Security;use App\Entity\Structure;use App\Entity\User;use App\Entity\Chat;use App\Entity\HousingUnit;use App\Entity\Attachment;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter as BaseVoter;use Symfony\Component\Security\Core\Security;class Voter extends BaseVoter{ // attributes for administrators const VIEW = 'view'; const EDIT = 'edit'; const ATTACHMENT = 'attachment'; private $security; public function __construct(Security $security) { $this->security = $security; } protected function supports(string $attribute, $subject): bool { // if the attribute isn't one we support, return false if ($attribute === self::ATTACHMENT && $subject instanceof Attachment) return true; if (!in_array($attribute, [self::VIEW, self::EDIT])) { return false; } if ($subject instanceof Structure) {return true;} if ($subject instanceof Chat) {return true;} if ($subject instanceof HousingUnit) {return true;} if ($subject instanceof Attachment) {return true;} return false; } protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool { $user = $token->getUser(); if (!$user instanceof User) { // the user must be logged in; if not, deny access return false; } if ($this->security->isGranted('ROLE_SUPER_ADMIN')) { return true; } if ($subject instanceof Structure) {return $this->voteOnStructure($attribute, $subject, $user);} if ($subject instanceof Chat) {return $this->voteOnChat($attribute, $subject, $user);} if ($subject instanceof HousingUnit) {return $this->voteOnHousingUnit($attribute, $subject, $user);} if ($subject instanceof Attachment) {return $this->voteOnAttachment($attribute, $subject, $user);} } private function voteOnStructure($attribute, Structure $structure, User $user) : bool { switch ($attribute) { case self::VIEW: return $this->canViewStructure($structure, $user); case self::EDIT: return $this->canEditStructure($structure, $user); } throw new \LogicException('This code should not be reached!'); } private function canViewStructure(Structure $structure, User $user): bool { // if they can edit, they can view if ($this->canEditStructure($structure, $user)) { return true; } // the object could have, for example, a method `isPrivate()` //return !$post->isPrivate(); return false; } private function canEditStructure(Structure $structure, User $user): bool { $userFirm = $user->getFirm(); $structureFirm = $structure->getFirm(); return $userFirm === $structureFirm; } private function voteOnChat($attribute, Chat $chat, User $user) : bool { $userFirm = $user->getFirm(); $chatFirm = $chat->getHousingUnit()->getStructure()->getFirm(); return $userFirm === $chatFirm; } private function voteOnHousingUnit($attribute, HousingUnit $hu, User $user) : bool { $userFirm = $user->getFirm(); $huFirm = $hu->getStructure()->getFirm(); return $userFirm === $huFirm; } private function voteOnAttachment($attribute, Attachment $attach, User $user) : bool { if ($attach->getBoardMessage() !== null) return $this->canViewStructure($attach->getBoardMessage()->getBoard()->getStructure(), $user); if ($attach->getChatMessage() !== null) return $this->voteOnChat($attribute, $attach->getChatMessage()->getChat(), $user); return false; } }