<?php
/*
* This file has been created by developers from BitBag.
* Feel free to contact us once you face any issues or want to start
* You can find more information about us on https://bitbag.io and write us
* an email on hello@bitbag.io.
*/
declare(strict_types=1);
namespace BitBag\OpenMarketplace\Security\Voter;
use BitBag\OpenMarketplace\Entity\ShopUserInterface;
use BitBag\OpenMarketplace\Entity\VendorProfileUpdateInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
final class TokenOwningVoter extends Voter
{
public const UPDATE = 'UPDATE';
protected function supports($attribute, $subject)
{
if (!in_array($attribute, [self::UPDATE])) {
return false;
}
return true;
}
/*
* This method call is ignored because phpstan force us to type hint arguments but this method in symfony 4.4
* is declared without so type hinted arguments cause trouble
*/
/** @phpstan-ignore-next-line */
protected function voteOnAttribute(
$attribute,
$subject,
TokenInterface $token
) {
$user = $token->getUser();
if (!$user instanceof ShopUserInterface || null == $subject) {
return false;
}
/** @var VendorProfileUpdateInterface $vendorUpdateData */
$vendorUpdateData = $subject;
switch ($attribute) {
case self::UPDATE:
return $this->doesUserOwnTheData($vendorUpdateData, $user);
default:
return false;
}
}
private function doesUserOwnTheData(VendorProfileUpdateInterface $profileUpdate, ShopUserInterface $user): bool
{
$loggedInVendor = $user->getVendor();
$vendorData = $profileUpdate->getVendor();
if ($loggedInVendor === $vendorData) {
return true;
}
return false;
}
}