src/Security/ImpersonateUserVoter.php line 14

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace App\Security;
  7. use App\Entity\System\Customer;
  8. use App\Entity\System\Employee;
  9. use App\Service\SecurityService;
  10. use Symfony\Component\DependencyInjection\ParameterBag\ParameterBagInterface;
  11. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  12. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  14. class ImpersonateUserVoter extends Voter
  15. {
  16.     private ParameterBagInterface $parameterBag;
  17.     private SecurityService $securityService;
  19.     public function __construct(
  20.         ParameterBagInterface $parameterBag,
  21.         SecurityService $securityService
  22.     ) {
  23.         $this->parameterBag $parameterBag;
  24.         $this->securityService $securityService;
  25.     }
  27.     public const CAN_SWITCH_USER 'CAN_SWITCH_USER';
  29.     protected function supports($attribute$subject): bool
  30.     {
  31.         return $attribute === self::CAN_SWITCH_USER && $subject instanceof Customer;
  32.     }
  34.     protected function voteOnAttribute($attribute$subjectTokenInterface $token): bool
  35.     {
  36.         $user $token->getUser();
  38.         if (!$user instanceof Employee || !$subject instanceof Customer) {
  39.             return false;
  40.         }
  42.         if ($this->requestedUserIsEmployee($subject->getEmail())) {
  43.             return $user->getEmail() === $subject->getEmail();
  44.         }
  46.         return $this->securityService->isGranted(AdminAclVoter::ALLOW_ADMIN_ACCESS'customer_admin_impersonate');
  47.     }
  49.     protected function requestedUserIsEmployee(string $email): bool
  50.     {
  51.         return str_contains($email$this->parameterBag->get('microsoft_tenant_email_postfix'));
  52.     }
  53. }