src/Security/ImpersonateUserVoter.php line 14

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace App\Security;
  7. use App\Entity\System\Customer;
  8. use App\Entity\System\Employee;
  9. use App\Service\SecurityService;
  10. use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
  11. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  12. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  14. class ImpersonateUserVoter extends Voter
  15. {
  16. private ParameterBagInterface $parameterBag;
  17. private SecurityService $securityService;
  19. public function __construct(
  20. ParameterBagInterface $parameterBag,
  21. SecurityService $securityService
  22. ) {
  23. $this->parameterBag = $parameterBag;
  24. $this->securityService = $securityService;
  25. }
  27. public const CAN_SWITCH_USER = 'CAN_SWITCH_USER';
  29. protected function supports($attribute, $subject): bool
  30. {
  31. return $attribute === self::CAN_SWITCH_USER && $subject instanceof Customer;
  32. }
  34. protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
  35. {
  36. $user = $token->getUser();
  38. if (!$user instanceof Employee || !$subject instanceof Customer) {
  39. return false;
  40. }
  42. if ($this->requestedUserIsEmployee($subject->getEmail())) {
  43. return $user->getEmail() === $subject->getEmail();
  44. }
  46. return $this->securityService->isGranted(AdminAclVoter::ALLOW_ADMIN_ACCESS, 'customer_admin_impersonate');
  47. }
  49. protected function requestedUserIsEmployee(string $email): bool
  50. {
  51. return str_contains($email, $this->parameterBag->get('microsoft_tenant_email_postfix'));
  52. }
  53. }