<?php
namespace Platform\SecurityBundle\Security\Voter;
use Platform\SecurityBundle\Entity\Identity\Account;
use Platform\SecurityBundle\Model\PlatformSubject;
use Platform\SecurityBundle\Security\PlatformVoter;
use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
final class SuperUserVoter extends PlatformVoter
{
/**
* {@inheritDoc}
*/
protected function supports(
Account $account,
string $attribute,
?PlatformSubject $subject = null
): bool
{
// skip checking internal stuff
if ($this->sentry->isInternalPermission($attribute)) {
return false;
}
// no reason to run this voter if the account is not a superuser...
return $account->getSpecialPermissions()->isSuperUser();
}
/**
* {@inheritdoc}
*/
protected function poll(
Account $account,
string $permission,
?PlatformSubject $subject = null
): int
{
return $account->getSpecialPermissions()->isSuperUser()
? VoterInterface::ACCESS_GRANTED
: VoterInterface::ACCESS_ABSTAIN;
}
/**
* {@inheritdoc}
*/
protected function try(
Account $account,
string $permission
): int
{
return $this->poll($account, $permission);
}
}