<?php
namespace App\Core\Security\Voter;
use App\Core\DTO\Permission\UserGroupPairDTO;
use App\Core\Entity\User;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
final class UserGroupPairVoter extends Voter
{
const PAIR_ACCESS = 'user_group_pair_access';
/**
* {@inheritdoc}
*/
public function supports(string $attribute, $subject): bool
{
return $subject instanceof UserGroupPairDTO && in_array($attribute, [
self::PAIR_ACCESS,
]);
}
/**
* {@inheritdoc}
*
* @param UserGroupPairDTO $subject
*/
protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
{
$user = $token->getUser();
if (!$user instanceof User) {
return false;
}
if ($attribute === self::PAIR_ACCESS) {
if ($user->isSuperAdmin()) {
return true;
}
$groupPartnerId = $subject->getGroup()->getPartner()
? $subject->getGroup()->getPartner()->getId()
: null
;
$userPartnerId = $subject->getUser()->getPartner()
? $subject->getUser()->getPartner()->getId()
: null
;
return !is_null($groupPartnerId) && !is_null($userPartnerId) && $groupPartnerId === $userPartnerId;
}
return false;
}
}