Add TrackEAttemptQualify voter

2 months ago · 26e375f460
parent 4a79e1debb
commit 26e375f460
1 changed files with 75 additions and 0 deletions
--- a/src/CoreBundle/Security/Authorization/Voter/TrackEAttemptQualifyVoter.php
+++ b/src/CoreBundle/Security/Authorization/Voter/TrackEAttemptQualifyVoter.php
@ -0,0 +1,75 @@
+<?php
+
+/* For licensing terms, see /license.txt */
+
+declare(strict_types=1);
+
+namespace Chamilo\CoreBundle\Security\Authorization\Voter;
+
+use Chamilo\CoreBundle\Entity\TrackEAttemptQualify;
+use Chamilo\CoreBundle\Entity\User;
+use Chamilo\CoreBundle\ServiceHelper\IsAllowedToEditHelper;
+use Symfony\Bundle\SecurityBundle\Security;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\Voter;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+/**
+ * @extends Voter<'VIEW', TrackEAttemptQualify>
+ */
+class TrackEAttemptQualifyVoter extends Voter
+{
+    public const VIEW = 'VIEW';
+
+    public function __construct(
+        private readonly Security $security,
+        private readonly IsAllowedToEditHelper $isAllowedToEditHelper,
+    ) {}
+
+    /**
+     * @inheritDoc
+     */
+    protected function supports(string $attribute, mixed $subject): bool
+    {
+        $allowed = [
+            self::VIEW,
+        ];
+
+        return $subject instanceof TrackEAttemptQualify && \in_array($attribute, $allowed);
+    }
+
+    /**
+     * @inheritDoc
+     */
+    protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool
+    {
+        $user = $token->getUser();
+
+        if (!$user instanceof UserInterface) {
+            return false;
+        }
+
+        if ($this->security->isGranted('ROLE_ADMIN')) {
+            return true;
+        }
+
+        assert($user instanceof User);
+        assert($subject instanceof TrackEAttemptQualify);
+
+        $trackExercise = $subject->getTrackExercise();
+        $session = $trackExercise->getSession();
+        $course = $trackExercise->getCourse();
+
+        $isAllowedToEdit = $this->isAllowedToEditHelper->check(false, true, false, true, $course, $session) || $user->isCourseTutor();
+
+        if ($isAllowedToEdit) {
+            return true;
+        }
+
+        if ($trackExercise->getUser()->getId() === $user->getId()) {
+            return true;
+        }
+
+        return false;
+    }
+}