<?php
namespace App\Security;
use App\Entity\Board;
use App\Entity\User;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
class BoardVoter extends Voter {
// these strings are just invented: you can use anything
const VIEW = 'view';
const EDIT = 'edit';
protected function supports($attribute, $subject) {
// if the attribute isn't one we support, return false
if (!in_array($attribute, [self::VIEW, self::EDIT])) {
return false;
}
// only vote on `Board` objects
if (!$subject instanceof Board) {
return false;
}
return true;
}
protected function voteOnAttribute($attribute, $subject, TokenInterface $token) {
$user = $token->getUser();
if (!$user instanceof User) {
// the user must be logged in; if not, deny access
return false;
}
// you know $subject is a Board object, thanks to `supports()`
/** @var Board $board */
$board = $subject;
switch ($attribute) {
case self::VIEW:
return $this->canView($board, $user);
case self::EDIT:
return $this->canEdit($board, $user);
}
throw new \LogicException('This code should not be reached!');
}
private function canView(Board $board, User $user) {
$teams = $board->getTeams();
$can = false;
if ($board->getOwner()->getId() == $user->getId()) {
return true;
}
foreach ($teams as $key => $value) {
$users = $value->getUsers();
foreach ($users as $keyB => $valueB) {
if ($valueB->getId() == $user->getId()) {
$can = true;
}
}
}
return $can;
}
private function canEdit(Board $board, User $user) {
return $board->getOwner()->getId() == $user->getId();
}
}