Created
September 17, 2017 15:39
-
-
Save MaximStrutinskiy/54075575ca32cbdd4871231f19655022 to your computer and use it in GitHub Desktop.
Example usage voters in symfony.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| $this->denyAccessUnlessGranted('edit_comment', $comment); |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| namespace MainBundle\Security; | |
| use MainBundle\Entity\Comment; | |
| use MainBundle\Entity\User; | |
| use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; | |
| use Symfony\Component\Security\Core\Authorization\Voter\Voter; | |
| /** | |
| * Class CommentVoter | |
| * | |
| * @package MainBundle\Security | |
| */ | |
| class CommentVoter extends Voter | |
| { | |
| const VIEW = 'view_comment'; | |
| const EDIT = 'edit_comment'; | |
| const DELETE = 'delete_comment'; | |
| protected function supports($attribute, $subject) | |
| { | |
| if (!in_array($attribute, array(self::VIEW, self::EDIT, self::DELETE))) { | |
| return false; | |
| } | |
| if (!$subject instanceof Comment) { | |
| return false; | |
| } | |
| return true; | |
| } | |
| protected function voteOnAttribute($attribute, $subject, TokenInterface $token) | |
| { | |
| $user = $token->getUser(); | |
| if (!$user instanceof User) { | |
| return false; | |
| } | |
| /** @var Comment $comment */ | |
| $comment = $subject; | |
| switch ($attribute) { | |
| case self::VIEW: | |
| return $this->canView($comment, $user); | |
| case self::EDIT: | |
| return $this->canEdit($comment, $user); | |
| case self::DELETE: | |
| return $this->canDelete($comment, $user); | |
| } | |
| throw new \LogicException('This code should not be reached!'); | |
| } | |
| private function canView(Comment $comment, User $user) | |
| { | |
| return $this->currentUserRights($comment, $user); | |
| } | |
| private function canEdit(Comment $comment, User $user) | |
| { | |
| return $this->currentUserRights($comment, $user); | |
| } | |
| private function canDelete(Comment $comment, User $user) | |
| { | |
| return $this->currentUserRights($comment, $user); | |
| } | |
| private function currentUserRights(Comment $comment, User $user) | |
| { | |
| foreach ($user->getRoles() as $role) { | |
| if ('ROLE_SUPER_ADMIN' === $role || 'ROLE_MODERATOR' === $role) { | |
| return true; | |
| } | |
| } | |
| $getCommentUser = $comment->getUser()->getId(); | |
| $getLoginUser = $user->getId(); | |
| if ($getCommentUser === $getLoginUser) { | |
| return true; | |
| } | |
| return false; | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment