src/Security/ClientPlatform/DevisVoter.php line 34

Open in your IDE?
  1. <?php
  2. //------------------------------------------------------------------------------
  3. // src/Security/ClientPlatform/DevisVoter.php
  4. //------------------------------------------------------------------------------
  5. namespace App\Security\ClientPlatform;
  7. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  8. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  9. use Symfony\Component\Security\Core\Security;
  10. use Doctrine\Persistence\ManagerRegistry;
  12. use App\Entity\AccessClient\AccessClient;
  13. use App\Entity\Platform\Devis\Devis;
  14. use App\Services\AccessClient\AccessClientTools;
  15. use App\Services\LogTools;
  16. use App\Services\Platform\DevisTools;
  18. class DevisVoter extends Voter
  19. {
  20.     //--------------------------------------------------------------------------------
  21.     // is_granted constants
  22.     const REFUSE "client_platform_refuse_devis";
  24.     const IS_GRANTED_CONSTANTS = array(
  25.         self::REFUSE,
  26.     );
  27.     //--------------------------------------------------------------------------------
  29.     public function __construct(Security $securityManagerRegistry $doctrineLogTools $logTools,
  30.                 AccessClientTools $accessClientToolsDevisTools $devisTools)
  31.     {
  32.         $this->security $security;
  33.         $this->em $doctrine->getManager();
  34.         $this->accessClientTools $accessClientTools;
  35.         $this->devisTools $devisTools;
  36.         $this->logTools $logTools;
  37.     }
  39.     protected function supports(string $attribute$subject): bool
  40.     {
  41.         // if the attribute isn't one we support, return false
  42.         if (!in_array($attributeself::IS_GRANTED_CONSTANTS))
  43.         {
  44.             return false;
  45.         }
  47.         // only vote on Devis objects inside this voter
  48.         if ($subject !== null && !$subject instanceof Devis)
  49.         {
  50.             return false;
  51.         }
  53.         return true;
  54.     }
  56.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  57.     {
  58.         // Only access ROLE_CLIENT
  59.         if (!$this->security->isGranted('ROLE_CLIENT'))
  60.         {
  61.             return false;
  62.         }
  64.         $user $token->getUser();
  66.         if (!$user instanceof AccessClient)
  67.         {
  68.             // the user must be logged in; if not, deny access
  69.             return false;
  70.         }
  72.         switch ($attribute)
  73.         {
  74.             case self::REFUSE:
  75.                 return $this->canRefuse($subject$user);
  76.         }
  78.         throw new \LogicException('This code should not be reached!');
  79.     }
  81.     // Id the $object related to $accessClient ?
  82.     private function checkOwnership(Devis $objectAccessClient $accessClient)
  83.     {
  84.         $receiver $object->getReceiver();
  85.         if ($receiver === null)
  86.         {
  87.             $mission $object->getMission();
  88.             if ($mission === null)
  89.             {
  90.                 return false;
  91.             }
  92.             $receiver $mission->getReceiver();
  93.             if ($receiver === null)
  94.             {
  95.                 return false;
  96.             }
  97.         }
  98.         if (!$this->accessClientTools->areLinked($receiver$accessClient))
  99.         {
  100.             return false;
  101.         }
  102.         return true;
  103.     }
  105.     private function canRefuse(Devis $devisAccessClient $user)
  106.     {
  107.         // Plan.io Task #4493
  108.         // Deny refusing Ikea Devis
  109.         if ($devis->hasIkeaTemplate())
  110.         {
  111.             return false;
  112.         }
  114.         // Check Ownership
  115.         if ($this->checkOwnership($devis$user))
  116.         {
  117.             return true;
  118.         }
  120.         // If we are here, all hope is lost
  121.         return false;
  122.     }
  123. }