Symfony Profiler

<?php
//------------------------------------------------------------------------------
// src/Security/BugVoter.php
//------------------------------------------------------------------------------
namespace App\Security;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Doctrine\Persistence\ManagerRegistry;
use App\Entity\Access;
use App\Entity\Config\Config;
use App\Entity\Config\Module;
use App\Entity\HR\AccessFunction;
use App\Entity\Platform\Bug\Bug;
use App\Entity\Security\Acl;
use App\Entity\Security\AclPermission;
use App\Services\Config\ModuleTools;
class BugVoter extends Voter
{
//--------------------------------------------------------------------------------
// is_granted constants
const ADD = "add_bug";
const LISTING = "list_bugs";
const VIEW = "view_bug";
const EDIT = "edit_bug";
const IS_GRANTED_CONSTANTS = array(
self::ADD,
self::LISTING,
self::VIEW,
self::EDIT,
);
//--------------------------------------------------------------------------------
// acl constants
const ACL_PERM_ADD = "bug_add";
const ACL_PERM_LISTING = "bug_list";
const ACL_PERM_VIEW = "bug_view";
const ACL_PERM_EDIT = "bug_edit";
//--------------------------------------------------------------------------------
public function __construct(ManagerRegistry $doctrine, ModuleTools $moduleTools)
{
$this->em = $doctrine->getManager();
$this->moduleTools = $moduleTools;
$this->aclRepository = $this->em->getRepository(Acl::class);
$this->aclPermissionRepository = $this->em->getRepository(AclPermission::class);
}
// Plan.io Task #4453 [See AccessVoter for details]
public function supportsAttribute(string $attribute): bool
{
return in_array($attribute, self::IS_GRANTED_CONSTANTS, true);
}
protected function supports(string $attribute, $subject): bool
{
// if the attribute isn't one we support, return false
if (!in_array($attribute, self::IS_GRANTED_CONSTANTS))
{
return false;
}
// only vote on Bug objects inside this voter
if ($subject !== null && !$subject instanceof Bug)
{
return false;
}
return true;
}
protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
{
$user = $token->getUser();
if (!$user instanceof Access)
{
// the user must be logged in; if not, deny access
return false;
}
// The user must have a function; if not deny access
$function = $user->getFunction();
if ($function === null) return false;
// Plan.io Task #3710 : Get current group
$currentGroup = $user->getSocietyGroup();
if ($currentGroup === null)
return false;
// you know $subject is a Bug object, thanks to supports
/** @var Bug $bug */
$bug = $subject;
// Check current group affectation
if ($subject !== null)
{
$subjectSociety = $subject->getSociety();
if ($subjectSociety === null)
return false;
$subjectGroup = $subjectSociety->getGroup();
if ($subjectGroup === null)
return false;
if (!$currentGroup->equals($subjectGroup))
return false;
}
switch ($attribute)
{
case self::ADD:
return $this->canAdd($user, $function);
case self::LISTING:
return $this->canList($user, $function);
case self::VIEW:
return $this->canView($bug, $user, $function);
case self::EDIT:
return $this->canEdit($bug, $user, $function);
}
throw new \LogicException('This code should not be reached!');
}
// $access is the user trying to load the resource
// $bug is the resource being loaded
// Check if the Society of the resource
// belongs to the societies of the $access
private function checkSociety(Bug $bug, Access $access)
{
// Get all the societies of the access
$societies = $access->getSocieties();
// Get the Society of the Bug
$bugSociety = $bug->getSociety();
if ($bugSociety === null)
return false;
$found = false;
foreach ($societies as $society)
{
if ($society->getId() == $bugSociety->getId())
{
$found = true;
break;
}
}
return $found;
}
private function canAdd(Access $user, AccessFunction $function)
{
// Get AclPermission
$aclPerm = $this->aclPermissionRepository->findOneByName(self::ACL_PERM_ADD);
if ($aclPerm === null) return false;
// Get Acl
$acl = $this->aclRepository->findOneBy(array(
'function' => $function,
'permission' => $aclPerm
));
if ($acl === null) return false;
// Since only one acl type can exist
// we can return the result of the acl_permission
return $acl->getValue();
}
private function canList(Access $user, AccessFunction $function)
{
// Get AclPermission
$aclPerm = $this->aclPermissionRepository->findOneByName(self::ACL_PERM_LISTING);
if ($aclPerm === null) return false;
// Get Acl
$acl = $this->aclRepository->findOneBy(array(
'function' => $function,
'permission' => $aclPerm
));
if ($acl === null) return false;
// Since only one acl type can exist
// we can return the result of the acl_permission
return $acl->getValue();
}
private function canView(Bug $bug, Access $user, AccessFunction $function)
{
// Two AclPermission may exist
$aclPerm = $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW);
// If both are null, exit
if ($aclPerm === null)
return false;
// Get First one
if ($aclPerm !== null)
{
$acl = $this->aclRepository->findOneBy(array(
'function' => $function,
'permission' => $aclPerm
));
if ($acl !== null)
{
if ($acl->getValue())
{
// A single positive answer is enough
return true;
}
}
}
// If we are here, all hope is lost
return false;
}
private function canEdit(Bug $bug, Access $user, AccessFunction $function)
{
// Two AclPermission may exist
$aclPerm = $this->aclPermissionRepository->findOneByName(self::ACL_PERM_EDIT);
// If both are null, exit
if ($aclPerm === null)
return false;
// Get First one
if ($aclPerm !== null)
{
$acl = $this->aclRepository->findOneBy(array(
'function' => $function,
'permission' => $aclPerm
));
if ($acl !== null)
{
if ($acl->getValue())
{
// A single positive answer is enough
return true;
}
}
}
// If we are here, all hope is lost
return false;
}
}

src/Security/BugVoter.php line 50