Symfony Profiler

<?php
//------------------------------------------------------------------------------
// src/Security/ApplicationVoter.php
//------------------------------------------------------------------------------
namespace App\Security;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Doctrine\Persistence\ManagerRegistry;
use App\Entity\Access;
use App\Entity\Config\Config;
use App\Entity\Config\Module;
use App\Entity\HR\AccessFunction;
use App\Entity\HR\Application\Application;
use App\Entity\HR\Note;
use App\Entity\Security\Acl;
use App\Entity\Security\AclPermission;
use App\Services\Config\ModuleTools;
class ApplicationVoter extends Voter
{
//--------------------------------------------------------------------------------
// is_granted constants
const IS_ACTIVE = "application_is_active";
// JCAF refalted
const ACCEPT = "accept_application";
const REFUSE = "reject_application";
// Normal ones
const ADD = "add_application";
const LISTING = "list_applications";
const LISTING_SOCIETY = "list_applications_society";
const LISTING_ANY = "list_applications_any";
const VIEW = "view_application";
const EDIT = "edit_application";
const DELETE = "delete_application";
const CONVERT = "convert_application";
const ADD_NOTE = "add_application_note";
const EDIT_NOTE = "edit_application_note";
const DELETE_NOTE = "delete_application_note";
const IS_GRANTED_CONSTANTS = array(
self::IS_ACTIVE,
self::ACCEPT,
self::REFUSE,
self::ADD,
self::LISTING,
self::LISTING_SOCIETY,
self::LISTING_ANY,
self::VIEW,
self::EDIT,
self::DELETE,
self::CONVERT,
self::ADD_NOTE,
self::EDIT_NOTE,
self::DELETE_NOTE,
);
//--------------------------------------------------------------------------------
// acl constants
const ACL_PERM_ADD = "application_add";
const ACL_PERM_LISTING = "application_list";
const ACL_PERM_LISTING_SOCIETY = "application_list_society";
const ACL_PERM_VIEW = "application_view";
const ACL_PERM_VIEW_SOCIETY = "application_view_society";
const ACL_PERM_EDIT = "application_edit";
const ACL_PERM_EDIT_SOCIETY = "application_edit_society";
const ACL_PERM_DELETE = "application_delete";
const ACL_PERM_DELETE_SOCIETY = "application_delete_society";
const ACL_PERM_CONVERT = "application_convert";
const ACL_PERM_ADD_NOTE = "application_add_note";
const ACL_PERM_ADD_NOTE_SOCIETY = "application_add_note_society";
const ACL_PERM_EDIT_NOTE = "application_edit_note";
const ACL_PERM_EDIT_NOTE_SOCIETY = "application_edit_note_society";
const ACL_PERM_DELETE_NOTE = "application_delete_note";
const ACL_PERM_DELETE_NOTE_SOCIETY = "application_delete_note_society";
//--------------------------------------------------------------------------------
public function __construct(ManagerRegistry $doctrine, ModuleTools $moduleTools)
{
$this->em = $doctrine->getManager();
$this->moduleTools = $moduleTools;
$this->aclRepository = $this->em->getRepository(Acl::class);
$this->aclPermissionRepository = $this->em->getRepository(AclPermission::class);
}
// Plan.io Task #4453 [See AccessVoter for details]
public function supportsAttribute(string $attribute): bool
{
return in_array($attribute, self::IS_GRANTED_CONSTANTS, true);
}
protected function supports(string $attribute, $subject): bool
{
// if the attribute isn't one we support, return false
if (!in_array($attribute, self::IS_GRANTED_CONSTANTS))
{
return false;
}
// only vote on Application objects inside this voter
if ($subject !== null && !$subject instanceof Application && !$subject instanceof Note)
{
return false;
}
return true;
}
protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
{
$user = $token->getUser();
if (!$user instanceof Access)
{
// the user must be logged in; if not, deny access
return false;
}
// The user must have a function; if not deny access
$function = $user->getFunction();
if ($function === null) return false;
// Plan.io Task #3710 : Get current group
$currentGroup = $user->getSocietyGroup();
if ($currentGroup === null)
return false;
$this->currentGroup = $currentGroup;
// Module activated ?
if ($this->moduleTools->isInactiveByCode($currentGroup, Module::MODULE_APPLICATION))
{
return false;
}
// Check current group affectation
if ($subject !== null)
{
$subjectSociety = $subject->getSociety();
if ($subjectSociety === null)
return false;
$subjectGroup = $subjectSociety->getGroup();
if ($subjectGroup === null)
return false;
if (!$currentGroup->equals($subjectGroup))
return false;
}
$note = null;
$application = null;
if ($subject instanceof Application)
{
$application = $subject;
}
else
{
if ($subject instanceof Note)
{
$note = $subject;
}
}
switch ($attribute)
{
case self::IS_ACTIVE:
return true;
case self::ADD:
return $this->canAdd($user, $function);
case self::LISTING:
return $this->canList($user, $function);
case self::LISTING_SOCIETY:
return $this->canListSociety($user, $function);
case self::LISTING_ANY:
return $this->canListAny($user, $function);
case self::VIEW:
return $this->canView($application, $user, $function);
case self::EDIT:
return $this->canEdit($application, $user, $function);
case self::DELETE:
return $this->canDelete($application, $user, $function);
case self::CONVERT:
return $this->canConvert($user, $function);
case self::ACCEPT:
return $this->canAccept($application);
case self::REFUSE:
return $this->canReject($application);
case self::ADD_NOTE:
return $this->canAddNote($application, $user, $function);
case self::EDIT_NOTE:
return $this->canEditNote($note, $user, $function);
case self::DELETE_NOTE:
return $this->canDeleteNote($note, $user, $function);
}
throw new \LogicException('This code should not be reached!');
}
// $access is the user trying to load the resource
// $application is the resource being loaded
// Check if the Society of the resource
// belongs to the societies of the $access
private function checkSociety($object, Access $access)
{
// Get all the societies of the access
$societies = $access->getSocieties();
// Get the Society of the Application
$applicationSociety = $object->getSociety();
if ($applicationSociety === null)
return false;
$found = false;
foreach ($societies as $society)
{
if ($society->getId() == $applicationSociety->getId())
{
$found = true;
break;
}
}
return $found;
}
private function canAdd(Access $user, AccessFunction $function)
{
// Not allowed for JCAF group
if ($this->currentGroup->isJcaf())
{
return false;
}
// Get Acl_Permission
$aclPerm = $this->aclPermissionRepository->findOneByName(self::ACL_PERM_ADD);
if ($aclPerm === null) return false;
// Get Acl
$acl = $this->aclRepository->findOneBy(array(
'function' => $function,
'permission' => $aclPerm
));
if ($acl === null) return false;
// Since only one acl type can exist
// we can return the result of the acl_permission
return $acl->getValue();
}
private function canList(Access $user, AccessFunction $function)
{
// Get Acl_Permission
$aclPerm = $this->aclPermissionRepository->findOneByName(self::ACL_PERM_LISTING);
if ($aclPerm === null) return false;
// Get Acl
$acl = $this->aclRepository->findOneBy(array(
'function' => $function,
'permission' => $aclPerm
));
if ($acl === null) return false;
// Since only one acl type can exist
// we can return the result of the acl_permission
return $acl->getValue();
}
private function canListSociety(Access $user, AccessFunction $function)
{
// Get Acl_Permission
$aclPerm = $this->aclPermissionRepository->findOneByName(self::ACL_PERM_LISTING_SOCIETY);
if ($aclPerm === null) return false;
// Get Acl
$acl = $this->aclRepository->findOneBy(array(
'function' => $function,
'permission' => $aclPerm
));
if ($acl === null) return false;
// Since only one acl type can exist
// we can return the result of the acl_permission
// Further filtering is done in the Controller
return $acl->getValue();
}
private function canListAny(Access $user, AccessFunction $function)
{
// Two Acl_Permission may exist
$aclPerm = $this->aclPermissionRepository->findOneByName(self::ACL_PERM_LISTING);
$aclPermSociety = $this->aclPermissionRepository->findOneByName(self::ACL_PERM_LISTING_SOCIETY);
// If all are null, exit
if ($aclPerm === null && $aclPermSociety === null)
return false;
// Get First one
if ($aclPerm !== null)
{
$acl = $this->aclRepository->findOneBy(array(
'function' => $function,
'permission' => $aclPerm
));
if ($acl !== null)
{
if ($acl->getValue())
{
// A single positive answer is enough
return true;
}
}
}
// If we are here it means that nothing good has been found
// Load second permission
if ($aclPermSociety !== null)
{
$acl = $this->aclRepository->findOneBy(array(
'function' => $function,
'permission' => $aclPermSociety
));
if ($acl !== null)
{
if ($acl->getValue())
{
// A single positive answer is enough
return true;
}
}
}
// If we are here, all hope is lost
return false;
}
private function canView(Application $application, Access $user, AccessFunction $function)
{
// Get Acl_Permissions
$aclPerm = $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW);
$aclPermSociety = $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW_SOCIETY);
// If all are null, exit
if ($aclPerm === null && $aclPermSociety === null)
return false;
// Get First one
if ($aclPerm !== null)
{
$acl = $this->aclRepository->findOneBy(array(
'function' => $function,
'permission' => $aclPerm
));
if ($acl !== null)
{
if ($acl->getValue())
{
// A single positive answer is enough
return true;
}
}
}
// If we are here it means that nothing good has been found
// Load second permission
if ($aclPermSociety !== null)
{
$acl = $this->aclRepository->findOneBy(array(
'function' => $function,
'permission' => $aclPermSociety
));
if ($acl !== null)
{
if ($acl->getValue())
{
// A single positive answer is enough
// In this case the good answer will be provided by the checkSociety
return $this->checkSociety($application, $user);
}
}
}
// If we are here, all hope is lost
return false;
}
private function canEdit(Application $application, Access $user, AccessFunction $function)
{
// No editing of applications that have been accepted or refused
if ($application->isAcceptedOrRejected())
{
return false;
}
// Three Acl_Permission may exist
$aclPerm = $this->aclPermissionRepository->findOneByName(self::ACL_PERM_EDIT);
$aclPermSociety = $this->aclPermissionRepository->findOneByName(self::ACL_PERM_EDIT_SOCIETY);
// If all are null, exit
if ($aclPerm === null && $aclPermSociety === null)
return false;
// Get First one
if ($aclPerm !== null)
{
$acl = $this->aclRepository->findOneBy(array(
'function' => $function,
'permission' => $aclPerm
));
if ($acl !== null)
{
if ($acl->getValue())
{
// A single positive answer is enough
return true;
}
}
}
// If we are here it means that nothing good has been found
// Load second permission
if ($aclPermSociety !== null)
{
$acl = $this->aclRepository->findOneBy(array(
'function' => $function,
'permission' => $aclPermSociety
));
if ($acl !== null)
{
if ($acl->getValue())
{
// A single positive answer is enough
// In this case the good answer will be provided by the checkSociety
return $this->checkSociety($application, $user);
}
}
}
// If we are here, all hope is lost
return false;
}
private function canDelete(Application $application, Access $user, AccessFunction $function)
{
// Not allowed for JCAF group
if ($this->currentGroup->isJcaf())
{
return false;
}
// Three Acl_Permission may exist
$aclPerm = $this->aclPermissionRepository->findOneByName(self::ACL_PERM_DELETE);
$aclPermSociety = $this->aclPermissionRepository->findOneByName(self::ACL_PERM_DELETE_SOCIETY);
// If all are null, exit
if ($aclPerm === null && $aclPermSociety === null)
return false;
// Get First one
if ($aclPerm !== null)
{
$acl = $this->aclRepository->findOneBy(array(
'function' => $function,
'permission' => $aclPerm
));
if ($acl !== null)
{
if ($acl->getValue())
{
// A single positive answer is enough
return true;
}
}
}
// If we are here it means that nothing good has been found
// Load second permission
if ($aclPermSociety !== null)
{
$acl = $this->aclRepository->findOneBy(array(
'function' => $function,
'permission' => $aclPermSociety
));
if ($acl !== null)
{
if ($acl->getValue())
{
// A single positive answer is enough
// In this case the good answer will be provided by the checkSociety
return $this->checkSociety($application, $user);
}
}
}
// If we are here, all hope is lost
return false;
}
private function canConvert(Access $user, AccessFunction $function)
{
// Not allowed for JCAF group
if ($this->currentGroup->isJcaf())
{
return false;
}
// We can only convert an application if the human resource module is activated
// HumanResource Module activated ?
if ($this->moduleTools->isInactiveByCode($this->currentGroup, Module::MODULE_HUMAN_RESOURCE))
{
return false;
}
// Get Acl_Permission
$aclPerm = $this->aclPermissionRepository->findOneByName(self::ACL_PERM_CONVERT);
if ($aclPerm === null) return false;
// Get Acl
$acl = $this->aclRepository->findOneBy(array(
'function' => $function,
'permission' => $aclPerm
));
if ($acl === null) return false;
// Since only one acl type can exist
// we can return the result of the acl_permission
return $acl->getValue();
}
private function canAddNote(Application $application, Access $user, AccessFunction $function)
{
// Three Acl_Permission may exist
$aclPerm = $this->aclPermissionRepository->findOneByName(self::ACL_PERM_ADD_NOTE);
$aclPermSociety = $this->aclPermissionRepository->findOneByName(self::ACL_PERM_ADD_NOTE_SOCIETY);
// If all are null, exit
if ($aclPerm === null && $aclPermSociety === null)
return false;
// Get First one
if ($aclPerm !== null)
{
$acl = $this->aclRepository->findOneBy(array(
'function' => $function,
'permission' => $aclPerm
));
if ($acl !== null)
{
if ($acl->getValue())
{
// A single positive answer is enough
return true;
}
}
}
// If we are here it means that nothing good has been found
// Load second permission
if ($aclPermSociety !== null)
{
$acl = $this->aclRepository->findOneBy(array(
'function' => $function,
'permission' => $aclPermSociety
));
if ($acl !== null)
{
if ($acl->getValue())
{
// A single positive answer is enough
// In this case the good answer will be provided by the checkSociety
return $this->checkSociety($application, $user);
}
}
}
// If we are here, all hope is lost
return false;
}
private function canEditNote(Note $note, Access $user, AccessFunction $function)
{
// Allow editing own notes
if ($user->equals($note->getAuthor()))
{
return true;
}
// Three Acl_Permission may exist
$aclPerm = $this->aclPermissionRepository->findOneByName(self::ACL_PERM_EDIT_NOTE);
$aclPermSociety = $this->aclPermissionRepository->findOneByName(self::ACL_PERM_EDIT_NOTE_SOCIETY);
// If all are null, exit
if ($aclPerm === null && $aclPermSociety === null)
return false;
// Get First one
if ($aclPerm !== null)
{
$acl = $this->aclRepository->findOneBy(array(
'function' => $function,
'permission' => $aclPerm
));
if ($acl !== null)
{
if ($acl->getValue())
{
// A single positive answer is enough
return true;
}
}
}
// If we are here it means that nothing good has been found
// Load second permission
if ($aclPermSociety !== null)
{
$acl = $this->aclRepository->findOneBy(array(
'function' => $function,
'permission' => $aclPermSociety
));
if ($acl !== null)
{
if ($acl->getValue())
{
// A single positive answer is enough
// In this case the good answer will be provided by the checkSociety
return $this->checkSociety($note, $user);
}
}
}
// If we are here, all hope is lost
return false;
}
private function canDeleteNote(Note $note, Access $user, AccessFunction $function)
{
// Allow deleting own notes
if ($user->equals($note->getAuthor()))
{
return true;
}
// Three Acl_Permission may exist
$aclPerm = $this->aclPermissionRepository->findOneByName(self::ACL_PERM_DELETE_NOTE);
$aclPermSociety = $this->aclPermissionRepository->findOneByName(self::ACL_PERM_DELETE_NOTE_SOCIETY);
// If all are null, exit
if ($aclPerm === null && $aclPermSociety === null)
return false;
// Get First one
if ($aclPerm !== null)
{
$acl = $this->aclRepository->findOneBy(array(
'function' => $function,
'permission' => $aclPerm
));
if ($acl !== null)
{
if ($acl->getValue())
{
// A single positive answer is enough
return true;
}
}
}
// If we are here it means that nothing good has been found
// Load second permission
if ($aclPermSociety !== null)
{
$acl = $this->aclRepository->findOneBy(array(
'function' => $function,
'permission' => $aclPermSociety
));
if ($acl !== null)
{
if ($acl->getValue())
{
// A single positive answer is enough
// In this case the good answer will be provided by the checkSociety
return $this->checkSociety($note, $user);
}
}
}
// If we are here, all hope is lost
return false;
}
private function canAccept(Application $application)
{
$societyGroup = $application->getSocietyGroup();
// Application must have a society group
if ($societyGroup === null)
{
return false;
}
// Society Group should be Jcaf
if ($societyGroup->isNotJcaf())
{
return false;
}
// Application should be not accepted, nor rejected
if ($application->isAcceptedOrRejected())
{
return false;
}
// All seems to be good
return true;
}
private function canReject(Application $application)
{
$societyGroup = $application->getSocietyGroup();
// Application must have a society group
if ($societyGroup === null)
{
return false;
}
// Society Group should be Jcaf
if ($societyGroup->isNotJcaf())
{
return false;
}
// Application should be not accepted, nor rejected
if ($application->isAcceptedOrRejected())
{
return false;
}
// All seems to be good
return true;
}
}

src/Security/ApplicationVoter.php line 100