src/Security/Voter/PaymentVoter.php line 15

  1. <?php
  3. namespace App\Security\Voter;
  5. use App\Entity\Authorization;
  6. use App\Entity\Document;
  7. use App\Entity\PaymentRecord;
  8. use App\Enum\RoleType;
  9. use Faker\Provider\Payment;
  10. use Symfony\Bundle\SecurityBundle\Security;
  11. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  12. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  13. use Symfony\Component\Security\Core\User\UserInterface;
  15. use function PHPUnit\Framework\isInstanceOf;
  17. /**
  18. * @extends Voter<string, Payment>
  19. */
  20. class PaymentVoter extends Voter
  21. {
  22. public const SHOW = 'PAYMENT_SHOW';
  23. public const EDIT = 'PAYMENT_EDIT';
  24. public const CHECKOUT = 'PAYMENT_CHECKOUT';
  26. public function __construct(private readonly Security $security)
  27. {
  28. }
  30. protected function supports(string $attribute, mixed $subject): bool
  31. {
  33. return in_array($attribute, [self::SHOW, self::EDIT, self::CHECKOUT]);
  34. }
  36. protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool
  37. {
  38. $user = $token->getUser();
  39. // if the user is anonymous, do not grant access
  40. if (!$user instanceof UserInterface) {
  41. return false;
  42. }
  44. return match ($attribute) {
  45. 'PAYMENT_SHOW' =>
  46. // @phpstan-ignore-next-line
  47. $subject->getEnrollment()->getGuardian()->getUser() === $user
  48. ||
  49. $this->security->isGranted(RoleType::ROLE_EMPLOYEE) ||
  50. $this->security->isGranted(RoleType::ROLE_FINANCIAL_DIRECTOR),
  51. 'PAYMENT_EDIT' =>
  52. $this->security->isGranted(RoleType::ROLE_ADMIN) ||
  53. $this->security->isGranted(RoleType::ROLE_FINANCIAL_DIRECTOR),
  54. 'PAYMENT_CHECKOUT' =>
  55. // @phpstan-ignore-next-line
  56. $subject->getEnrollment()->getGuardian()->getUser() === $user
  57. ||
  58. $this->security->isGranted(RoleType::ROLE_ADMIN),
  59. default => false
  60. };
  61. }
  62. }