<?php
namespace Harmonizely\Core\Security\Voter;
use Harmonizely\Core\Security\Contract\ISuperAdminSecurityHelper;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
class SuperAdminSecondAuthenticationVoter implements VoterInterface
{
/**
* @var ISuperAdminSecurityHelper
*/
private ISuperAdminSecurityHelper $security;
/**
* SecondAuthenticationVoter constructor.
* @param ISuperAdminSecurityHelper $security
*/
public function __construct(ISuperAdminSecurityHelper $security)
{
$this->security = $security;
}
/**
* Returns the vote for the given parameters.
*
* This method must return one of the following constants:
* ACCESS_GRANTED, ACCESS_DENIED, or ACCESS_ABSTAIN.
*
* @param TokenInterface $token
* @param mixed $subject The subject to secure
* @param array $attributes An array of attributes associated with the method being invoked
*
* @return int either ACCESS_GRANTED, ACCESS_ABSTAIN, or ACCESS_DENIED
*/
public function vote(TokenInterface $token, $subject, array $attributes): int
{
if ($subject instanceof Request) {
if (in_array(ISuperAdminSecurityHelper::IS_SUPER_ADMIN_2FA_REQUIRED, $attributes) && !$this->security->isSecondFactorPassed()) {
return self::ACCESS_DENIED;
}
}
return self::ACCESS_ABSTAIN;
}
}