<?php

namespace Catalyst\AuthBundle\Access;

use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter as BaseVoter;

class Voter extends BaseVoter
{
    protected $acl_gen;

    public function __construct(Generator $acl_gen)
    {
        $this->acl_gen = $acl_gen;
    }

    protected function supports($attribute, $subject)
    {
        $acl_data = $this->acl_gen->getACL();

        // check if the attribute is in our acl key index
        if (isset($acl_data['index'][$attribute]))
            return true;

        return false;
    }

    protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
    {
        $user = $token->getUser();

        // check if any of the user's roles have access
        $roles = $user->getRoleObjects();

        foreach ($roles as $role)
        {
            // NOTE: ideally, we separate acl from the role object, but this will do for now
            if ($role->hasACLAccess($attribute))
                return true;
        }

        return false;
    }
}