src/Magazzino/Security/MagazzinoVoter.php line 23

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace App\Magazzino\Security;
  7. use App\Magazzino\Service\ModuloConfigService;
  8. use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
  9. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  10. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  12. /**
  13. * Voter granulare per il modulo magazzino.
  14. *
  15. * Attributi supportati:
  16. * - magazzino.section.<key> es. magazzino.section.articoli
  17. * - magazzino.entity.<name>.view|edit|delete|create
  18. *
  19. * Combina due controlli:
  20. * 1) ModuloConfigService dice se la sezione รจ abilitata in config
  21. * 2) Symfony role hierarchy controlla che l'utente abbia il ruolo richiesto
  22. */
  23. class MagazzinoVoter extends Voter
  24. {
  25. public const SECTION_PREFIX = 'magazzino.section.';
  26. public const ENTITY_PREFIX = 'magazzino.entity.';
  28. public function __construct(
  29. private readonly ModuloConfigService $config,
  30. private readonly AuthorizationCheckerInterface $authChecker,
  31. ) {
  32. }
  34. protected function supports($attribute, $subject)
  35. {
  36. return is_string($attribute) && (
  37. str_starts_with($attribute, self::SECTION_PREFIX)
  38. || str_starts_with($attribute, self::ENTITY_PREFIX)
  39. );
  40. }
  42. protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
  43. {
  44. if (!$token->getUser()) {
  45. return false;
  46. }
  48. if (str_starts_with($attribute, self::SECTION_PREFIX)) {
  49. $key = substr($attribute, strlen(self::SECTION_PREFIX));
  50. $section = $this->config->getSection($key);
  51. if ($section === null || empty($section['enabled'])) {
  52. return false;
  53. }
  54. $role = $section['role'] ?? 'ROLE_MAGAZZINO_OPERATOR';
  56. return $this->authChecker->isGranted($role);
  57. }
  59. if (str_starts_with($attribute, self::ENTITY_PREFIX)) {
  60. $tail = substr($attribute, strlen(self::ENTITY_PREFIX));
  61. [$entity, $op] = array_pad(explode('.', $tail, 2), 2, 'view');
  62. $needed = match ($op) {
  63. 'view' => 'ROLE_MAGAZZINO_OPERATOR',
  64. 'create' => 'ROLE_MAGAZZINO_OPERATOR',
  65. 'edit' => 'ROLE_MAGAZZINO_OPERATOR',
  66. 'delete' => 'ROLE_MAGAZZINO_MANAGER',
  67. default => 'ROLE_MAGAZZINO_MANAGER',
  68. };
  70. return $this->authChecker->isGranted($needed);
  71. }
  73. return false;
  74. }
  75. }