src/Security/ModuleVoter.php line 14

Open in your IDE?
  1. <?php
  2. /**
  3. * User: bruno.ziegler
  4. * Date: 26.08.16 09:30.
  5. */
  7. namespace App\Security;
  9. use App\Entity\Sysuser\Sysuser;
  10. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  11. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  12. use Symfony\Component\Security\Core\User\UserInterface;
  14. class ModuleVoter extends Voter
  15. {
  16. private string $prefix = 'MODULE_';
  18. /**
  19. * Determines if the attribute and subject are supported by this voter.
  20. *
  21. * @param string $attribute An attribute
  22. * @param mixed $subject The subject to secure, e.g. an object the user wants to access or any other PHP type
  23. *
  24. * @return bool True if the attribute and subject are supported, false otherwise
  25. */
  26. #[\Override]
  27. protected function supports(string $attribute, $subject): bool
  28. {
  29. return str_starts_with($attribute, $this->prefix);
  30. }
  32. /**
  33. * Perform a single access check operation on a given attribute, subject and token.
  34. */
  35. #[\Override]
  36. protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool
  37. {
  38. /**
  39. * @var Sysuser $user;
  40. */
  41. $user = $token->getUser();
  43. // Check, ob gültiges User Objekt (kein Anonymous oder so)
  44. if (!$user instanceof UserInterface) {
  45. return false;
  46. }
  48. // Admin Zugriff auf alle MODULE erlauben
  49. if (in_array($user->getRole(), ['ROLE_ADMIN', 'ROLE_SYSADMIN'])) {
  50. return true;
  51. }
  53. // Ende
  54. // Modulberechtigungen checken (die MODULE_xyz sind ebenfalls in den ::getRoles() enthalten)
  55. // Ende
  56. return in_array($attribute, $user->getRoles());
  57. }
  58. }