src/Security/Voter/PageVoter.php line 12
<?phpnamespace App\Security\Voter;use App\Entity\Cms\Page;use App\Entity\Cms\User;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;use Symfony\Component\Security\Core\User\UserInterface;class PageVoter extends Voter{public const EDIT = 'EDIT-PAGE';public const VIEW = 'VIEW-PAGE';public const ADD = 'ADD-PAGE';public const DELETE = 'DELETE-PAGE';private AccessDecisionManagerInterface $decisionManager;public function __construct(AccessDecisionManagerInterface $decisionManager){$this->decisionManager = $decisionManager;}protected function supports(string $attribute, mixed $subject): bool{return in_array($attribute, [self::EDIT, self::VIEW, self::ADD, self::DELETE])&& $subject instanceof Page;}protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool{$user = $token->getUser();// if the user is anonymous, do not grant accessif (!$user instanceof UserInterface or !$user instanceof User) {return false;}if ($this->decisionManager->decide($token, array('ROLE_SUPER_ADMIN'))) {return true;}$userSites = $user->getSites();if ($userSites != NULL) {$pageSiteId = $subject->getSite()->getId();if (!in_array($pageSiteId, $userSites)) {// L'utilisateur n'a pas les droits sur ce sitereturn false;}}if ($attribute == 'ADD') {return $this->checkAuthorization($subject, $user, 'ADD');} else {// On verifie si la page est autorisé pour les groupes de l'utilisateur$pageGroups = $subject->getGroups();if (!$pageGroups->isEmpty()) {$validGroup = false;$userGroups = $user->getGroups();foreach ($pageGroups as $pageGroup) {foreach ($userGroups as $userGroup) {if ($pageGroup->getId() == $userGroup->getId()) {$validGroup = true;break 2;}}}if (!$validGroup) {// L'utilisateur n'a pas de groupe autorisé pour cette pagereturn false;}}// ... (check conditions and return true to grant permission) ...switch ($attribute) {case self::VIEW:return $this->checkAuthorization($subject, $user, 'VIEW');case self::EDIT:return $this->checkAuthorization($subject, $user, 'EDIT');case self::DELETE:return $this->checkAuthorization($subject, $user, 'DELETE');}}throw new \LogicException('Vous n\'avez pas les droits pour être ici !');}private function checkAuthorization(Page $page, User $user, $code){// On verifie les droits du groupe$userGroups = $user->getGroups();if (!$userGroups->isEmpty()) {$validAuthorization = false;foreach($userGroups as $userGroup) {if ($userGroup->hasAuthorization('Page', $code)) {$validAuthorization = true;break;}}if (!$validAuthorization) {// L'utilisateur n'a pas l'autorisation demandéreturn false;}} else {// L'utilisateur n'a aucun groupe, il n'a rien à faire làreturn false;}return true;}}