/**
* Returns the vote for the given parameters.
*
* This method must return one of the following constants:
* ACCESS_GRANTED, ACCESS_DENIED, or ACCESS_ABSTAIN.
*
* @param TokenInterface $token A TokenInterface instance
* @param object|null $object The object to secure
* @param array $attributes An array of attributes associated with the method being invoked
*
* @return int either ACCESS_GRANTED, ACCESS_ABSTAIN, or ACCESS_DENIED
*/
public function vote(TokenInterface $token, $object, array $attributes)
{
if ($token->getUser() instanceof UserInterface === false) {
return self::ACCESS_ABSTAIN;
}
if (!$object || !$this->supportsClass(get_class($object))) {
return self::ACCESS_ABSTAIN;
}
// abstain vote by default in case none of the attributes are supported
$vote = self::ACCESS_ABSTAIN;
foreach ($attributes as $attribute) {
if (!$this->supportsAttribute($attribute)) {
continue;
}
// as soon as at least one attribute is supported, default is to deny access
// $vote = self::ACCESS_DENIED;
/** @var UserInterface $user */
$currentSite = $this->siteManager->getCurrentSite();
// $roles = $this->roleHierarchy->getReachableRoles($token->getRoles());
//
// if (in_array(new OrganizerRole($currentSite), $roles)) {
// return self::ACCESS_GRANTED;
// }
$organizerRole = new OrganizerRole($currentSite);
if ($token->getUser()->hasRole($organizerRole->getRole())) {
return self::ACCESS_GRANTED;
}
}
return $vote;
}
public function getRoles()
{
$roles = ['ROLE_USER'];
if ($this->getAdminConventions()) {
$roles[] = 'ROLE_ORGANIZER';
foreach ($this->getAdminConventions() as $convention) {
$role = new OrganizerRole($convention);
$roles[] = $role->getRole();
}
}
return parent::getRoles() + $roles;
}
