Code Coverage for /home/runner/work/maxfielder/maxfielder/src/Security/MaxfieldVoter.php

1	<?php
2
3	declare(strict_types=1);
4
5	namespace App\Security;
6
7	use App\Entity\Maxfield;
8	use App\Entity\User;
9	use App\Enum\UserRole;
10	use LogicException;
11	use Symfony\Bundle\SecurityBundle\Security;
12	use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
13	use Symfony\Component\Security\Core\Authorization\Voter\Vote;
14	use Symfony\Component\Security\Core\Authorization\Voter\Voter;
15
16	/** @extends Voter<string, mixed> */
17	class MaxfieldVoter extends Voter
18	{
19	final public const string MODIFY = 'modify';
20
21	public function __construct(private readonly Security $security) {}
22
23	protected function supports(string $attribute, mixed $subject): bool
24	{
25	if ($attribute !== self::MODIFY) {
26	return false;
27	}
28
29	return $subject instanceof Maxfield;
30	}
31
32	protected function voteOnAttribute(
33	string $attribute,
34	mixed $subject,
35	TokenInterface $token,
36	?Vote $vote = null
37	): bool
38	{
39	$user = $token->getUser();
40
41	if (!$user instanceof User) {
42	// the user must be logged in; if not, deny access
43	return false;
44	}
45
46	if ($this->security->isGranted(UserRole::ADMIN)) {
47	return true;
48	}
49
50	/** @var Maxfield $maxfield */
51	$maxfield = $subject;
52
53	return match ($attribute) {
54	self::MODIFY => $this->canModify($maxfield, $user),
55	default => throw new LogicException(
56	'This code should not be reached!'
57	)
58	};
59	}
60
61	private function canModify(Maxfield $maxfield, User $user): bool
62	{
63	return $user === $maxfield->getOwner();
64	}
65	}