<?php
namespace App\Security\Voter;
use App\Roles;
use App\Entity\User;
use App\Entity\Dossier;
use App\Entity\StatutDossier;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\Security;
use Symfony\Component\Security\Core\User\UserInterface;
class AllowNotifyGestionVoter extends Voter
{
/** @var Security */
protected $security;
public function __construct(Security $security)
{
$this->security = $security;
}
protected function supports($attribute, $subject): bool
{
// replace with your own logic
// https://symfony.com/doc/current/security/voters.html
return in_array($attribute, ['CAN_NOTIFY_GESTION'])
&& $subject instanceof Dossier;
}
protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
{
// On vérifie que l'utilisateur est un des nôtres
$user = $token->getUser();
if (!$user instanceof User) {
return false;
}
// On vérifie qu'il a les droits
if (!($this->security->isGranted(Roles::ROLE_USER) || $this->security->isGranted(Roles::ROLE_OPERATOR)) ) {
return false;
}
// On revérifie que l'on a bien affaire à un dossier
if (!($subject instanceof Dossier)) {
return false;
}
$workflow = StatutDossier::STATUTS_WORKFLOW;
$statutActuel = $subject->getStatut();
if (!in_array(StatutDossier::STATUT_GESTION, $workflow[$statutActuel])) {
return false;
}
return true;
}
}