Code Coverage |
||||||||||
Lines |
Functions and Methods |
Classes and Traits |
||||||||
| Total | |
100.00% |
9 / 9 |
|
100.00% |
2 / 2 |
CRAP | |
100.00% |
1 / 1 |
| UserAccessVoter | |
100.00% |
9 / 9 |
|
100.00% |
2 / 2 |
6 | |
100.00% |
1 / 1 |
| supports | |
100.00% |
2 / 2 |
|
100.00% |
1 / 1 |
2 | |||
| voteOnAttribute | |
100.00% |
7 / 7 |
|
100.00% |
1 / 1 |
4 | |||
| 1 | <?php |
| 2 | |
| 3 | namespace App\Security; |
| 4 | |
| 5 | use App\Entity\User; |
| 6 | use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; |
| 7 | use Symfony\Component\Security\Core\Authorization\Voter\Voter; |
| 8 | |
| 9 | class UserAccessVoter extends Voter |
| 10 | { |
| 11 | // We create a simple voter to check the user rights (['ROLE_USER'], ['ROLE_ADMIN']) |
| 12 | // We will use it in the controller to check if the user is allowed to edit or delete a task |
| 13 | |
| 14 | // We create a constant to use it in the controller |
| 15 | public const CONNECTED = 'connected'; |
| 16 | public const EDIT = 'edit'; |
| 17 | public const DELETE = 'delete'; |
| 18 | public const UNCONNECTED = 'unconnected'; |
| 19 | |
| 20 | /** |
| 21 | * Check if the voter supports the given attribute and subject. |
| 22 | * |
| 23 | * @param string $attribute The attribute to check. |
| 24 | * @param mixed $subject The subject to check. |
| 25 | * @return bool Returns true if the voter supports the attribute and subject, false otherwise. |
| 26 | */ |
| 27 | public function supports(string $attribute, $subject): bool |
| 28 | { |
| 29 | // We check if the attribute is supported |
| 30 | // We check if the subject is an instance of User |
| 31 | return in_array($attribute, [self::CONNECTED, self::EDIT, self::DELETE, self::UNCONNECTED]) |
| 32 | && $subject instanceof User; |
| 33 | } |
| 34 | |
| 35 | /** |
| 36 | * Votes on whether the authenticated user has access to a specific attribute. |
| 37 | * |
| 38 | * @param string $attribute The attribute to check access for. |
| 39 | * @param mixed $subject The subject to check access against. |
| 40 | * @param TokenInterface $token The token representing the authenticated user. |
| 41 | * @return bool True if the user has access, false otherwise. |
| 42 | */ |
| 43 | public function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool |
| 44 | { |
| 45 | // We get the user from the token |
| 46 | $user = $token->getUser(); |
| 47 | |
| 48 | // If the user is anonymous, we deny access |
| 49 | if (!$user instanceof User) { |
| 50 | return false; |
| 51 | } |
| 52 | |
| 53 | // We check if the user is the same as the subject |
| 54 | // If it is, we allow access |
| 55 | if ($user === $subject) { |
| 56 | return true; |
| 57 | } |
| 58 | |
| 59 | // If the user is an admin, we allow access |
| 60 | if (in_array('ROLE_ADMIN', $user->getRoles())) { |
| 61 | // @codeCoverageIgnoreStart |
| 62 | return true; |
| 63 | // @codeCoverageIgnoreEnd |
| 64 | } |
| 65 | |
| 66 | // If the user is not the same as the subject and is not an admin, we deny access |
| 67 | return false; |
| 68 | } |
| 69 | } |