src/EventSubscriber/ItemEditableEventSubscriber.php line 46
<?phpdeclare(strict_types=1);namespace App\EventSubscriber;use ApiPlatform\Core\EventListener\EventPriorities;use App\Entity\Item;use App\Entity\User;use App\Enum\RoleEnum;use App\Exception\ItemEditableException;use Symfony\Component\EventDispatcher\EventSubscriberInterface;use Symfony\Component\HttpFoundation\Request;use Symfony\Component\HttpKernel\Event\ViewEvent;use Symfony\Component\HttpKernel\KernelEvents;use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;final class ItemEditableEventSubscriber implements EventSubscriberInterface{private array $allowedEditableRoles = [RoleEnum::PROJECT_MANAGER,RoleEnum::PROJECT_EMPLOYEE,RoleEnum::EXTERNAL_PARTNER];private array $allowedEditableMethods = [Request::METHOD_POST,Request::METHOD_PUT,Request::METHOD_DELETE];public function __construct(private readonly TokenStorageInterface $tokenStorage){}public static function getSubscribedEvents(): array{return [KernelEvents::VIEW => ['isEditableDependOnRole', EventPriorities::PRE_WRITE]];}/*** @throws ItemEditableException*/public function isEditableDependOnRole(ViewEvent $event): void{$entity = $event->getControllerResult();if (!$entity instanceof Item||!in_array($event->getRequest()->getMethod(), $this->allowedEditableMethods)) {return;}/** @var User $user */$user = $this->tokenStorage->getToken()->getUser();if (!$user->getCurrentRole()) {throw ItemEditableException::forUserDoesNotHaveCurrentRole();}if (!in_array($user->getCurrentRole()->getKeyName(), $this->allowedEditableRoles)) {throw ItemEditableException::forUserDoesNotHavePermission();}}}