<?php
/**
* Created by PhpStorm.
* User: albert
* Date: 1/12/17
* Time: 17:52
*/
namespace AWCmsBundle\Voter;
use AWEcommerceBundle\Entity\Order;
use AWCmsBundle\Entity\User;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
class UserVoter extends Voter
{
const EDIT = 'edit';
/**
* @var AccessDecisionManagerInterface
*/
protected $decisionManager;
/**
* AlbumVoter constructor.
* @param AccessDecisionManagerInterface $decisionManager
*/
public function __construct(AccessDecisionManagerInterface $decisionManager)
{
$this->decisionManager = $decisionManager;
}
/**
* Determines if the attribute and subject are supported by this voter.
*
* @param string $attribute An attribute
* @param mixed $subject The subject to secure, e.g. an object the user wants to access or any other PHP type
*
* @return bool True if the attribute and subject are supported, false otherwise
*/
protected function supports($attribute, $subject)
{
if (!$subject instanceof User or !in_array($attribute, array(self::EDIT))) {
return false;
}
return true;
}
/**
* Perform a single access check operation on a given attribute, subject and token.
* It is safe to assume that $attribute and $subject already passed the "supports()" method check.
*
* @param string $attribute
* @param User $userSubject
* @param TokenInterface $token
*
* @return bool
*/
protected function voteOnAttribute($attribute, $userSubject, TokenInterface $token)
{
// Current User is super admin, can do every thing
if ($this->decisionManager->decide($token, [User::ROLE_SUPER_ADMIN])) {
return true;
}
// Only super admin can edit super admin
if ($userSubject->isSuperAdmin()) {
return false;
}
// Admin can edit other users
if ($this->decisionManager->decide($token, [User::ROLE_ADMIN])) {
return true;
}
return false;
}
}