<?php
namespace Harmonizely\Service\SuperAdmin\Panel\AccessVoters;
use Harmonizely\Model\UserInterface;
use Harmonizely\Types\SuperAdmin\UserRole;
use Harmonizely\Entity\SuperAdmin\UserEntity;
class CustomerVoter extends AbstractVoter
{
/**
* Resource name
*/
const RESOURCE_NAME = 'customer';
/**
* View customers
*/
const VIEW = 'customer_view';
/**
* Enable user
*/
const ENABLE = 'customer_enable';
/**
* Disabled user
*/
const DISABLE = 'customer_disable';
/**
* Delete user
*/
const DELETE = 'customer_delete';
/**
* Delete 2 fa
*/
const DELETE_2FA = 'customer_delete_2fa';
/**
* Login as customer
*/
const LOGIN = 'customer_login';
/**
* Return resource name
*
* @return string
*/
function getResourceName(): string
{
return self::RESOURCE_NAME;
}
/**
* Return allowed attributes for current user
*
* @return array|string[]
*/
function getResourceAttributes(): array
{
return [
self::VIEW,
self::ENABLE,
self::DISABLE,
self::DELETE,
self::DELETE_2FA,
self::LOGIN,
];
}
/**
* Return allowed attributes for current user
*
* @param UserEntity $user
* @return array|string[]
*/
function getAllowedAttributes(UserEntity $user): array
{
switch ($user->getRole()) {
case UserRole::ROLE_ADMIN:
case UserRole::ROLE_SYSTEM_USER:
return $this->getResourceAttributes();
case UserRole::ROLE_SUPPORT:
return [self::VIEW, self::ENABLE, self::DISABLE, self::LOGIN];
default:
return [self::VIEW];
}
}
/**
* Determines if the attribute and subject are supported by this voter.
*
* @param string $attribute An attribute
* @param mixed $subject The subject to secure, e.g. an object the user wants to access or any other PHP type
*
* @return bool True if the attribute and subject are supported, false otherwise
*/
protected function supports($attribute, $subject): bool
{
if ($subject !== null && !($subject instanceof UserInterface)) {
return false;
}
if (!in_array($attribute, $this->getResourceAttributes())) {
return false;
}
if (!in_array($attribute, [self::VIEW]) && $subject === null) {
return false;
}
return true;
}
}