src/Security/DevisVoter.php line 160

Open in your IDE?
  1. <?php
  2. //------------------------------------------------------------------------------
  3. // src/Security/DevisVoter.php
  4. //------------------------------------------------------------------------------
  5. namespace App\Security;
  7. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  8. use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
  9. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  10. use Doctrine\Persistence\ManagerRegistry;
  12. use App\Entity\Access;
  13. use App\Entity\APIRest\AccessAPI;
  14. use App\Entity\Config\Config;
  15. use App\Entity\Config\Module;
  16. use App\Entity\HR\AccessFunction;
  17. use App\Entity\Planning\Task;
  18. use App\Entity\Platform\Devis\Devis;
  19. use App\Entity\Mission\Mission;
  20. use App\Entity\Security\Acl;
  21. use App\Entity\Security\AclPermission;
  22. use App\Services\LogTools;
  23. use App\Services\Config\ModuleTools;
  24. use App\Services\Config\OptionConfigTools;
  26. class DevisVoter extends Voter
  27. {
  28.     // For now manager = author (both)
  30.     //--------------------------------------------------------------------------------
  31.     // is_granted constants
  32.     const IS_ACTIVE "devis_is_active";
  34.     const ADD "add_devis";
  36.     // Plan.io Task #3605
  37.     const ADD_GHOST "add_ghost_devis";
  38.     const EDIT_GHOST "edit_ghost_devis";
  40.     // Plan.io Task #3633
  41.     // This is to allow users to manually update the products of a ghost devis
  42.     // without actually modifying the original devis
  43.     const UPDATE_GHOST "update_ghost_devis";
  45.     const LISTING "list_devis";
  46.     const LISTING_SOCIETY "list_devis_society";
  47.     const LISTING_MANAGER "list_devis_manager";
  49.     const LISTING_ANY "list_devis_any";
  51.     const VIEW "view_devis";
  53.     const VIEW_PDF_HT_INTERNAL "view_pdf_devis_ht_internal";
  54.     const VIEW_PDF_HT_PUBLIC "view_pdf_devis_ht_public";
  55.     const VIEW_PDF_TTC_PUBLIC "view_pdf_devis_ttc_public";
  57.     const VIEW_PDF_NO_PRICE "view_pdf_devis_no_price";
  58.     const VIEW_PDF_WITH_PRICE "view_pdf_devis_with_price";
  60.     const EDIT "edit_devis";
  61.     const DELETE "delete_devis";
  63.     const ANNUL "annul_devis";
  64.     const REVIVE "revive_devis";
  66.     // Plan.io Task #3621
  67.     const EDIT_IKEA_OS_FROM_TASK "edit_devis_ikea_order_number_from_task";
  69.     const IS_GRANTED_CONSTANTS = array(
  70.         self::IS_ACTIVE,
  71.         self::ADD,
  73.         self::LISTING,
  74.         self::LISTING_SOCIETY,
  75.         self::LISTING_MANAGER,
  76.         self::LISTING_ANY,
  78.         self::VIEW,
  79.         self::VIEW_PDF_HT_INTERNAL,
  80.         self::VIEW_PDF_HT_PUBLIC,
  81.         self::VIEW_PDF_TTC_PUBLIC,
  82.         self::VIEW_PDF_NO_PRICE,
  83.         self::VIEW_PDF_WITH_PRICE,
  85.         self::EDIT,
  86.         self::DELETE,
  87.         self::ANNUL,
  88.         self::REVIVE,
  90.         // Plan.io Task #3605
  91.         self::ADD_GHOST,
  92.         self::EDIT_GHOST,
  94.         // Plan.io Task #3633
  95.         self::UPDATE_GHOST,
  97.         // Plan.io Task #3621
  98.         self::EDIT_IKEA_OS_FROM_TASK,
  99.     );
  101.     const IS_GRANTED_CONSTANTS_SHARING_EXCEPTION = array(
  102.         self::VIEW,
  103.         self::VIEW_PDF_HT_INTERNAL,
  104.         self::VIEW_PDF_HT_PUBLIC,
  105.         self::VIEW_PDF_TTC_PUBLIC,
  106.         self::VIEW_PDF_NO_PRICE,
  107.     );
  109.     //--------------------------------------------------------------------------------
  110.     // acl constants
  111.     const ACL_PERM_ADD "devis_add";
  113.     // Plan.io Task #3633
  114.     const ACL_PERM_UPDATE_GHOST "ghost_devis_update";
  116.     const ACL_PERM_LISTING "devis_list";
  117.     const ACL_PERM_LISTING_SOCIETY "devis_list_society";
  118.     const ACL_PERM_LISTING_MANAGER "devis_list_manager";
  120.     const ACL_PERM_VIEW "devis_view";
  121.     const ACL_PERM_VIEW_SOCIETY "devis_view_society";
  122.     const ACL_PERM_VIEW_MANAGER "devis_view_manager";
  123.     const ACL_PERM_VIEW_CLIENT_MANAGER "devis_view_ind_manager";
  124.     const ACL_PERM_VIEW_IF_TASK "devis_view_if_task";
  126.     const ACL_PERM_EDIT "devis_edit";
  127.     const ACL_PERM_EDIT_SOCIETY "devis_edit_society";
  128.     const ACL_PERM_EDIT_MANAGER "devis_edit_manager";
  129.     const ACL_PERM_EDIT_CLIENT_MANAGER "devis_edit_ind_manager";
  130.     const ACL_PERM_EDIT_IF_TASK "devis_edit_if_task";
  132.     const ACL_PERM_ANNUL "devis_annul";
  133.     const ACL_PERM_ANNUL_SOCIETY "devis_annul_society";
  135.     const ACL_PERM_REVIVE "devis_revive";
  136.     const ACL_PERM_REVIVE_SOCIETY "devis_revive_society";
  138.     const ACL_PERM_VIEW_PDF_HT_INTERNAL "devis_view_pdf_ht_internal";
  139.     const ACL_PERM_VIEW_PDF_HT_INTERNAL_SOCIETY "devis_view_pdf_ht_internal_society";
  140.     const ACL_PERM_VIEW_PDF_HT_INTERNAL_MANAGER "devis_view_pdf_ht_internal_manager";
  141.     const ACL_PERM_VIEW_PDF_HT_INTERNAL_CLIENT_MANAGER "devis_view_pdf_ht_internal_ind_manager";
  143.     const ACL_PERM_VIEW_PDF_HT_PUBLIC "devis_view_pdf_ht_public";
  144.     const ACL_PERM_VIEW_PDF_HT_PUBLIC_SOCIETY "devis_view_pdf_ht_public_society";
  145.     const ACL_PERM_VIEW_PDF_HT_PUBLIC_MANAGER "devis_view_pdf_ht_public_manager";
  146.     const ACL_PERM_VIEW_PDF_HT_PUBLIC_CLIENT_MANAGER "devis_view_pdf_ht_public_ind_manager";
  148.     const ACL_PERM_VIEW_PDF_TTC_PUBLIC "devis_view_pdf_ttc_public";
  149.     const ACL_PERM_VIEW_PDF_TTC_PUBLIC_SOCIETY "devis_view_pdf_ttc_public_society";
  150.     const ACL_PERM_VIEW_PDF_TTC_PUBLIC_MANAGER "devis_view_pdf_ttc_public_manager";
  151.     const ACL_PERM_VIEW_PDF_TTC_PUBLIC_CLIENT_MANAGER "devis_view_pdf_ttc_public_ind_manager";
  153.     const ACL_PERM_VIEW_PDF_NO_PRICE "devis_view_pdf_no_price_public";
  154.     const ACL_PERM_VIEW_PDF_NO_PRICE_SOCIETY "devis_view_pdf_no_price_public_society";
  155.     const ACL_PERM_VIEW_PDF_NO_PRICE_MANAGER "devis_view_pdf_no_price_public_manager";
  156.     const ACL_PERM_VIEW_PDF_NO_PRICE_CLIENT_MANAGER "devis_view_pdf_no_price_public_ind_manager";
  158.     //--------------------------------------------------------------------------------
  160.     public function __construct(AccessDecisionManagerInterface $accessDecisionManagerManagerRegistry $doctrineModuleTools $moduleToolsOptionConfigTools $optionConfigToolsLogTools $logTools)
  161.     {
  162.         $this->accessDecisionManager $accessDecisionManager;
  163.         $this->em $doctrine->getManager();
  164.         $this->moduleTools $moduleTools;
  165.         $this->optionConfigTools $optionConfigTools;
  166.         $this->logTools $logTools;
  168.         $this->aclRepository $this->em->getRepository(Acl::class);
  169.         $this->aclPermissionRepository $this->em->getRepository(AclPermission::class);
  170.     }
  172.     // Plan.io Task #4453 [See AccessVoter for details]
  173.     public function supportsAttribute(string $attribute): bool
  174.     {
  175.         return in_array($attributeself::IS_GRANTED_CONSTANTStrue);
  176.     }
  177.     
  178.     protected function supports(string $attribute$subject): bool
  179.     {
  180.         // if the attribute isn't one we support, return false
  181.         if (!in_array($attributeself::IS_GRANTED_CONSTANTS))
  182.         {
  183.             return false;
  184.         }
  186.         // Only vote on Devis and Mission objects inside this voter
  187.         if ($subject !== null && !($subject instanceof Devis || $subject instanceof Mission))
  188.         {
  189.             return false;
  190.         }
  192.         return true;
  193.     }
  195.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  196.     {
  197.         $user $token->getUser();
  199.         // Plan.io Task #3707
  200.         if ($user instanceof AccessAPI)
  201.         {
  202.             if ($user->getAccess() === null)
  203.             {
  204.                 return false;
  205.             }
  206.             $user $user->getAccess();
  207.         }
  209.         // Plan.io Task #3707
  210.         // At this point $user is an object of Access type
  211.         // even if the $token->getUser() is AccessAPI
  212.         if (!$user instanceof Access)
  213.         {
  214.             // the user must be logged in; if not, deny access
  215.             return false;
  216.         }
  218.         // The user must have a function; if not deny access
  219.         $function $user->getFunction();
  220.         if ($function === null)        return false;
  222.         // Plan.io Task #3710 : Get current group
  223.         $currentGroup $user->getSocietyGroup();
  224.         if ($currentGroup === null)
  225.             return false;
  227.         $this->currentGroup $currentGroup;
  229.         // Module activated ?
  230.         if ($this->moduleTools->isInactiveByCode($currentGroupModule::MODULE_DEVIS))
  231.         {
  232.             return false;
  233.         }
  234.         // Required modules : Misison, Product
  235.         if ($this->moduleTools->isInactiveByCode($currentGroupModule::MODULE_MISSION) && $this->moduleTools->isInactiveByCode($currentGroupModule::MODULE_MISSION_LIGHT) && $this->moduleTools->isInactiveByCode($currentGroupModule::MODULE_MISSION_PLUS))
  236.         {
  237.             return false;
  238.         }
  239.         if ($this->moduleTools->isInactiveByCode($currentGroupModule::MODULE_PRODUCT))
  240.         {
  241.             return false;
  242.         }
  244.         $devis null;
  245.         $mission null;
  247.         if ($subject instanceof Devis)
  248.         {
  249.             /** @var Devis $devis */
  250.             $devis $subject;
  252.             // Check current group affectation
  253.             // Make an exception for "view/pdf" : take sharing into account
  254.             if ($devis !== null)
  255.             {
  256.                 $devisSociety $devis->getSociety();
  257.                 if ($devisSociety === null)
  258.                     return false;
  259.                 $devisSocietyGroup $devisSociety->getGroup();
  260.                 if ($devisSocietyGroup === null)
  261.                     return false;
  263.                 if (!in_array($attributeself::IS_GRANTED_CONSTANTS_SHARING_EXCEPTION))
  264.                 {
  265.                     // Just check currentGroup
  266.                     if (!$currentGroup->equals($devisSocietyGroup))
  267.                         return false;
  268.                 }
  269.                 else
  270.                 {
  271.                     // Take sharing into account
  272.                     // If the devis belongs to a mission that was created by the currentGroup
  273.                     // (devis.mission.societyGroupAuthor == currentGroup)
  274.                     // Then it can see the devis
  275.                     if (!$currentGroup->equals($devisSocietyGroup))
  276.                     {
  277.                         if ($devis->getMission() !== null)
  278.                         {
  279.                             $missionSocietyGroupAuthor $devis->getMission()->getSocietyGroupAuthor();
  281.                             if (!$currentGroup->equals($missionSocietyGroupAuthor))
  282.                             {
  283.                                 return false;
  284.                             }
  285.                         }
  286.                     }
  287.                 }
  288.             }
  289.         }
  290.         else
  291.         {
  292.             if ($subject instanceof Mission)
  293.             {
  294.                 /** @var Mission $mission */
  295.                 $mission $subject;
  297.                 // Plan.io Task #3517
  298.                 // Adding a devis counts as editing a mission
  299.                 // So check if the current user has access to this mission
  300.                 // If this is too restrictive, change 'edit_mission' with 'view_mission'
  301.                 // 'view_mission' is better ;)
  302.                 if (!$this->accessDecisionManager->decide($token, ['view_mission'], $mission))
  303.                 {
  304.                     return false;
  305.                 }
  306.             }
  307.         }
  309.         switch ($attribute)
  310.         {
  311.             case self::IS_ACTIVE:
  312.                 return true;
  314.             // We are only adding devis for missions, so this makes sense
  315.             case self::ADD:
  316.                 return $this->canAdd($mission$user$function);
  318.             // Plan.io Task #3605
  319.             case self::ADD_GHOST:
  320.                 return $this->canAddGhost($devis$user$function);
  321.             case self::EDIT_GHOST:
  322.                 return $this->canEditGhost($devis$user$function);
  324.             // Plan.io Task #3633
  325.             case self::UPDATE_GHOST:
  326.                 return $this->canUpdateGhost($devis$user$function);
  328.             case self::LISTING:
  329.                 return $this->canList($user$function);
  330.             case self::LISTING_SOCIETY:
  331.                 return $this->canListSociety($user$function);
  332.             case self::LISTING_MANAGER:
  333.                 return $this->canListManager($user$function);
  335.             case self::LISTING_ANY:
  336.                 return $this->canListAny($user$function);
  338.             case self::VIEW:
  339.                 return $this->canView($devis$user$function);
  341.             case self::VIEW_PDF_HT_INTERNAL:
  342.                 return $this->canViewPdfHtInternal($devis$user$function);
  343.             case self::VIEW_PDF_HT_PUBLIC:
  344.                 return $this->canViewPdfHtPublic($devis$user$function);
  345.             case self::VIEW_PDF_TTC_PUBLIC:
  346.                 return $this->canViewPdfTtcPublic($devis$user$function);
  348.             case self::VIEW_PDF_NO_PRICE:
  349.                 return $this->canViewPdfNoPrice($devis$user$function);
  351.             case self::VIEW_PDF_WITH_PRICE:
  352.                 return $this->canViewPdfWithPrice($devis$user$function);
  354.             case self::EDIT:
  355.                 return $this->canEdit($devis$user$function$currentGroup);
  357.             case self::DELETE:
  358.                 return $this->canDelete($devis$user$function);
  360.             case self::ANNUL:
  361.                 return $this->canAnnul($devis$user$function$currentGroup);
  362.             case self::REVIVE:
  363.                 return $this->canRevive($devis$user$function$currentGroup);
  365.             // Plan.io Task #3621
  366.             case self::EDIT_IKEA_OS_FROM_TASK:
  367.                 return $this->canEditIkeaDataFromTask($devis$user$function$currentGroup);
  368.         }
  370.         throw new \LogicException('This code should not be reached!');
  371.     }
  373.     // $access is the user trying to load the resource
  374.     // $devis is the resource being loaded
  376.     // Check if the Society of the resource
  377.     // belongs to the societies of the $access
  378.     private function checkSociety(Devis $devisAccess $access)
  379.     {
  380.         // Get all the societies of the access
  381.         $societies $access->getSocieties();
  383.         // Get the Society of the Devis
  384.         $devisSociety $devis->getSociety();
  386.         if ($devisSociety === null)
  387.             return false;
  389.         $found false;
  390.         foreach ($societies as $society)
  391.         {
  392.             if ($society->getId() == $devisSociety->getId())
  393.             {
  394.                 $found true;
  395.                 break;
  396.             }
  397.         }
  398.         return $found;
  399.     }
  401.     // Check if the $access is the manager / author of the $devis
  402.     private function checkManager(Devis $devisAccess $access)
  403.     {
  404.         // Get manager
  405.         $manager $devis->getManager();
  406.         $author $devis->getAuthor();
  408.         if ($manager === null && $author === null)
  409.             return false;
  411.         if ($manager !== null)
  412.             if ($manager->getId() === $access->getId())
  413.                 return true;
  415.         if ($author !== null)
  416.             if ($author->getId() === $access->getId())
  417.                 return true;
  419.         return false;
  420.     }
  422.     // Check if the $access is the manager of the $devis
  423.     private function checkClientManager(Devis $devisAccess $access)
  424.     {
  425.         // Get Client
  426.         $client $devis->getReceiver();
  427.         if ($client === null)
  428.             return false;
  430.         if ($client->getIndividual() !== null)
  431.         {
  432.             // Only Individuals have managers
  433.             // Get manager
  434.             $manager $devis->getReceiver()->getIndividual()->getManager();
  435.             if ($manager === null)
  436.                 return false;
  438.             if ($manager->getId() === $access->getId())
  439.                 return true;
  440.         }
  442.         return false;
  443.     }
  445.     // Check if there is at least one task
  446.     // having this access as resource and this devis
  447.     private function checkTask(Devis $devisAccess $access)
  448.     {
  449.         $taskRep $this->em->getRepository(Task::class);
  451.         $resources $access->getPlanningResources();
  453.         foreach ($resources as $r)
  454.         {
  455.             $tasks $taskRep->findForDevisAndResource($devis$r);
  456.             if (count($tasks) > 0)
  457.                 return true;
  458.         }
  459.         return false;
  460.     }
  462.     private function canAdd(Mission $missionAccess $userAccessFunction $function)
  463.     {
  464.         // Deny actions on archivedRefused objects
  465.         if ($mission->isArchivedRefused())
  466.         {
  467.             return false;
  468.         }
  470.         // If the mission is shared and the author is the current group, deny adding devis
  471.         // When a mission is shared, the author cannot edit it
  472.         if ($mission->isShared())
  473.         {
  474.             if ($mission->isSharedBySocietyGroup($this->currentGroup))
  475.             {
  476.                 return false;
  477.             }
  478.         }
  480.         // Get Acl_Permission
  481.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_ADD);
  482.         if ($aclPerm === null)        return false;
  484.         // Get Acl
  485.         $acl $this->aclRepository->findOneBy(array(
  486.             'function'        =>    $function,
  487.             'permission'    =>    $aclPerm
  488.         ));
  489.         if ($acl === null)        return false;
  491.         // Since only one acl type can exist
  492.         // we can return the result of the acl_permission
  493.         return $acl->getValue();
  494.     }
  496.     // Plan.io Task #3605
  497.     private function canAddGhost(Devis $devisAccess $userAccessFunction $function)
  498.     {
  499.         if (!$this->optionConfigTools->isActive_GhostInvoicing($this->currentGroup))
  500.         {
  501.             return false;
  502.         }
  504.         if ($devis->getGhost() !== null)
  505.         {
  506.             return false;
  507.         }
  509.         if (!$this->canAdd($devis->getMission(), $user$function))
  510.         {
  511.             return false;
  512.         }
  514.         $template $devis->getTemplate();
  515.         if ($template === null)
  516.         {
  517.             return false;
  518.         }
  520.         if ($template->hasProductWithInvoicingProduct())
  521.         {
  522.             return true;
  523.         }
  525.         return false;
  526.     }
  527.     // Plan.io Task #3605
  528.     private function canEditGhost(Devis $devisAccess $userAccessFunction $function)
  529.     {
  530.         if ($devis->getGhost() === null)
  531.         {
  532.             return false;
  533.         }
  535.         if (!$this->canEdit($devis$user$function$this->currentGroup))
  536.         {
  537.             return false;
  538.         }
  540.         $template $devis->getTemplate();
  541.         if ($template === null)
  542.         {
  543.             return false;
  544.         }
  546.         if ($template->hasProductWithInvoicingProduct())
  547.         {
  548.             return true;
  549.         }
  551.         return false;
  552.     }
  554.     // Plan.io Task #3633
  555.     private function canUpdateGhost(Devis $devisAccess $userAccessFunction $function)
  556.     {
  557.         if ($devis->getGhost() === null)
  558.         {
  559.             return false;
  560.         }
  562.         // Get Acl_Permission
  563.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_UPDATE_GHOST);
  564.         if ($aclPerm === null)        return false;
  566.         // Get Acl
  567.         $acl $this->aclRepository->findOneBy(array(
  568.             'function'        =>    $function,
  569.             'permission'    =>    $aclPerm
  570.         ));
  571.         if ($acl === null)        return false;
  573.         // Since only one acl type can exist
  574.         // we can return the result of the acl_permission
  575.         return $acl->getValue();
  576.     }
  578.     private function canList(Access $userAccessFunction $function)
  579.     {
  580.         // Get Acl_Permission
  581.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_LISTING);
  582.         if ($aclPerm === null)        return false;
  584.         // Get Acl
  585.         $acl $this->aclRepository->findOneBy(array(
  586.             'function'        =>    $function,
  587.             'permission'    =>    $aclPerm
  588.         ));
  589.         if ($acl === null)        return false;
  591.         // Since only one acl type can exist
  592.         // we can return the result of the acl_permission
  593.         return $acl->getValue();
  594.     }
  596.     private function canListSociety(Access $userAccessFunction $function)
  597.     {
  598.         // Get Acl_Permission
  599.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_LISTING_SOCIETY);
  600.         if ($aclPerm === null)        return false;
  602.         // Get Acl
  603.         $acl $this->aclRepository->findOneBy(array(
  604.             'function'        =>    $function,
  605.             'permission'    =>    $aclPerm
  606.         ));
  607.         if ($acl === null)        return false;
  609.         // Since only one acl type can exist
  610.         // we can return the result of the acl_permission
  611.         // Further filtering is done in the Controller
  612.         return $acl->getValue();
  613.     }
  615.     private function canListManager(Access $userAccessFunction $function)
  616.     {
  617.         // Get Acl_Permission
  618.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_LISTING_MANAGER);
  619.         if ($aclPerm === null)        return false;
  621.         // Get Acl
  622.         $acl $this->aclRepository->findOneBy(array(
  623.             'function'        =>    $function,
  624.             'permission'    =>    $aclPerm
  625.         ));
  626.         if ($acl === null)        return false;
  628.         // Since only one acl type can exist
  629.         // we can return the result of the acl_permission
  630.         // Further filtering is done in the Controller
  631.         return $acl->getValue();
  632.     }
  634.     private function canListAny(Access $userAccessFunction $function)
  635.     {
  636.         // Three Acl_Permission may exist
  637.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_LISTING);
  638.         $aclPermSociety $this->aclPermissionRepository->findOneByName(self::ACL_PERM_LISTING_SOCIETY);
  639.         $aclPermManager $this->aclPermissionRepository->findOneByName(self::ACL_PERM_LISTING_MANAGER);
  641.         // If all are null, exit
  642.         if ($aclPerm === null && $aclPermSociety === null && $aclPermManager === null)
  643.             return false;
  645.         // Get First one
  646.         if ($aclPerm !== null)
  647.         {
  648.             $acl $this->aclRepository->findOneBy(array(
  649.                 'function'        =>    $function,
  650.                 'permission'    =>    $aclPerm
  651.             ));
  652.             if ($acl !== null)
  653.             {
  654.                 if ($acl->getValue())
  655.                 {
  656.                     // A single positive answer is enough
  657.                     return true;
  658.                 }
  659.             }
  660.         }
  661.         // If we are here it means that nothing good has been found
  662.         // Load second permission
  663.         if ($aclPermSociety !== null)
  664.         {
  665.             $acl $this->aclRepository->findOneBy(array(
  666.                 'function'        =>    $function,
  667.                 'permission'    =>    $aclPermSociety
  668.             ));
  669.             if ($acl !== null)
  670.             {
  671.                 if ($acl->getValue())
  672.                 {
  673.                     // A single positive answer is enough
  674.                     return true;
  675.                 }
  676.             }
  677.         }
  679.         // If we are here it means that nothing good has been found
  680.         // Load third permission
  681.         if ($aclPermManager !== null)
  682.         {
  683.             $acl $this->aclRepository->findOneBy(array(
  684.                 'function'        =>    $function,
  685.                 'permission'    =>    $aclPermManager
  686.             ));
  687.             if ($acl !== null)
  688.             {
  689.                 if ($acl->getValue())
  690.                 {
  691.                     // A single positive answer is enough
  692.                     return true;
  693.                 }
  694.             }
  695.         }
  697.         // If we are here, all hope is lost
  698.         return false;
  699.     }
  701.     private function canView(Devis $devis nullAccess $userAccessFunction $function)
  702.     {
  703.         // Get Acl_Permissions
  704.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW);
  705.         $aclPermSociety $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW_SOCIETY);
  706.         $aclPermManager $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW_MANAGER);
  707.         $aclPermClientManager $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW_CLIENT_MANAGER);
  708.         $aclPermIfTask $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW_IF_TASK);
  710.         // If all are null, exit
  711.         if ($aclPerm === null && $aclPermSociety === null && $aclPermManager === null && $aclPermClientManager === null && $aclPermIfTask === null)
  712.             return false;
  714.         // The aclPermIfTask should be checked first, and if it is false, the others should be cheked
  715.         // ($aclPerm ^ $aclPermSociety ^ $aclPermManager ^ $aclPermClientManager) = empty
  716.         // ($aclPerm ^ $aclPermSociety ^ $aclPermManager ^ $aclPermClientManager) ^ $aclPermIfTask = not empty
  717.         // This means that an user can have access to the devis of his society
  718.         // and also have access to the devis realted to his tasks
  719.         if ($aclPermIfTask !== null)
  720.         {
  721.             $acl $this->aclRepository->findOneBy(array(
  722.                 'function'        =>    $function,
  723.                 'permission'    =>    $aclPermIfTask
  724.             ));
  725.             if ($acl !== null)
  726.             {
  727.                 if ($acl->getValue())
  728.                 {
  729.                     if ($this->checkTask($devis$user))
  730.                         return true;
  731.                 }
  732.             }
  733.         }
  734.         // If we are here it means that the user doesn't have access to the Devis
  735.         // by the bias of one of his tasks
  736.         // So check regular permissions next
  738.         // Get First one
  739.         if ($aclPerm !== null)
  740.         {
  741.             $acl $this->aclRepository->findOneBy(array(
  742.                 'function'        =>    $function,
  743.                 'permission'    =>    $aclPerm
  744.             ));
  745.             if ($acl !== null)
  746.             {
  747.                 if ($acl->getValue())
  748.                 {
  749.                     // A single positive answer is enough
  750.                     return true;
  751.                 }
  752.             }
  753.         }
  754.         // If we are here it means that nothing good has been found
  755.         // Load second permission
  756.         if ($aclPermSociety !== null)
  757.         {
  758.             $acl $this->aclRepository->findOneBy(array(
  759.                 'function'        =>    $function,
  760.                 'permission'    =>    $aclPermSociety
  761.             ));
  762.             if ($acl !== null)
  763.             {
  764.                 if ($acl->getValue())
  765.                 {
  766.                     // A single positive answer is enough
  767.                     // In this case the good answer will be provided by the checkSociety
  768.                     return $this->checkSociety($devis$user);
  769.                 }
  770.             }
  771.         }
  772.         // If we are here it means that nothing good has been found
  773.         // Load third permission
  774.         if ($aclPermManager !== null)
  775.         {
  776.             $acl $this->aclRepository->findOneBy(array(
  777.                 'function'        =>    $function,
  778.                 'permission'    =>    $aclPermManager
  779.             ));
  780.             if ($acl !== null)
  781.             {
  782.                 if ($acl->getValue())
  783.                 {
  784.                     // A single positive answer is enough
  785.                     // In this case the good answer will be provided by the checkSociety
  786.                     return $this->checkManager($devis$user);
  787.                 }
  788.             }
  789.         }
  790.         // If we are here it means that nothing good has been found
  791.         // Load fourth permission
  792.         if ($aclPermClientManager !== null)
  793.         {
  794.             $acl $this->aclRepository->findOneBy(array(
  795.                 'function'        =>    $function,
  796.                 'permission'    =>    $aclPermClientManager
  797.             ));
  798.             if ($acl !== null)
  799.             {
  800.                 if ($acl->getValue())
  801.                 {
  802.                     // A single positive answer is enough
  803.                     // In this case the good answer will be provided by the checkSociety
  804.                     return $this->checkClientManager($devis$user);
  805.                 }
  806.             }
  807.         }
  809.         // If we are here, all hope is lost
  810.         return false;
  811.     }
  813.     private function canViewPdfHtInternal(Devis $devis nullAccess $userAccessFunction $function)
  814.     {
  815.         // Unfinished Simulations
  816.         if ($devis->getReceiver() === null)
  817.             return false;
  819.         // Four Acl_Permission may exist
  820.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW_PDF_HT_INTERNAL);
  821.         $aclPermSociety $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW_PDF_HT_INTERNAL_SOCIETY);
  822.         $aclPermManager $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW_PDF_HT_INTERNAL_MANAGER);
  823.         $aclPermClientManager $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW_PDF_HT_INTERNAL_CLIENT_MANAGER);
  825.         // If all are null, exit
  826.         if ($aclPerm === null && $aclPermSociety === null && $aclPermManager === null && $aclPermClientManager === null)
  827.             return false;
  829.         // Get First one
  830.         if ($aclPerm !== null)
  831.         {
  832.             $acl $this->aclRepository->findOneBy(array(
  833.                 'function'        =>    $function,
  834.                 'permission'    =>    $aclPerm
  835.             ));
  836.             if ($acl !== null)
  837.             {
  838.                 if ($acl->getValue())
  839.                 {
  840.                     // A single positive answer is enough
  841.                     return true;
  842.                 }
  843.             }
  844.         }
  845.         // If we are here it means that nothing good has been found
  846.         // Load second permission
  847.         if ($aclPermSociety !== null)
  848.         {
  849.             $acl $this->aclRepository->findOneBy(array(
  850.                 'function'        =>    $function,
  851.                 'permission'    =>    $aclPermSociety
  852.             ));
  853.             if ($acl !== null)
  854.             {
  855.                 if ($acl->getValue())
  856.                 {
  857.                     // A single positive answer is enough
  858.                     // In this case the good answer will be provided by the checkSociety
  859.                     return $this->checkSociety($devis$user);
  860.                 }
  861.             }
  862.         }
  863.         // If we are here it means that nothing good has been found
  864.         // Load third permission
  865.         if ($aclPermManager !== null)
  866.         {
  867.             $acl $this->aclRepository->findOneBy(array(
  868.                 'function'        =>    $function,
  869.                 'permission'    =>    $aclPermManager
  870.             ));
  871.             if ($acl !== null)
  872.             {
  873.                 if ($acl->getValue())
  874.                 {
  875.                     // A single positive answer is enough
  876.                     // In this case the good answer will be provided by the checkSociety
  877.                     return $this->checkManager($devis$user);
  878.                 }
  879.             }
  880.         }
  881.         // If we are here it means that nothing good has been found
  882.         // Load fourth permission
  883.         if ($aclPermClientManager !== null)
  884.         {
  885.             $acl $this->aclRepository->findOneBy(array(
  886.                 'function'        =>    $function,
  887.                 'permission'    =>    $aclPermClientManager
  888.             ));
  889.             if ($acl !== null)
  890.             {
  891.                 if ($acl->getValue())
  892.                 {
  893.                     // A single positive answer is enough
  894.                     // In this case the good answer will be provided by the checkSociety
  895.                     return $this->checkClientManager($devis$user);
  896.                 }
  897.             }
  898.         }
  899.         // If we are here, all hope is lost
  900.         return false;
  901.     }
  903.     private function canViewPdfHtPublic(Devis $devis nullAccess $userAccessFunction $function)
  904.     {
  905.         // Unfinished Simulations
  906.         if ($devis->getReceiver() === null)
  907.             return false;
  909.         // Four Acl_Permission may exist
  910.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW_PDF_HT_PUBLIC);
  911.         $aclPermSociety $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW_PDF_HT_PUBLIC_SOCIETY);
  912.         $aclPermManager $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW_PDF_HT_PUBLIC_MANAGER);
  913.         $aclPermClientManager $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW_PDF_HT_PUBLIC_CLIENT_MANAGER);
  915.         // If all are null, exit
  916.         if ($aclPerm === null && $aclPermSociety === null && $aclPermManager === null && $aclPermClientManager === null)
  917.             return false;
  919.         // Get First one
  920.         if ($aclPerm !== null)
  921.         {
  922.             $acl $this->aclRepository->findOneBy(array(
  923.                 'function'        =>    $function,
  924.                 'permission'    =>    $aclPerm
  925.             ));
  926.             if ($acl !== null)
  927.             {
  928.                 if ($acl->getValue())
  929.                 {
  930.                     // A single positive answer is enough
  931.                     return true;
  932.                 }
  933.             }
  934.         }
  935.         // If we are here it means that nothing good has been found
  936.         // Load second permission
  937.         if ($aclPermSociety !== null)
  938.         {
  939.             $acl $this->aclRepository->findOneBy(array(
  940.                 'function'        =>    $function,
  941.                 'permission'    =>    $aclPermSociety
  942.             ));
  943.             if ($acl !== null)
  944.             {
  945.                 if ($acl->getValue())
  946.                 {
  947.                     // A single positive answer is enough
  948.                     // In this case the good answer will be provided by the checkSociety
  949.                     return $this->checkSociety($devis$user);
  950.                 }
  951.             }
  952.         }
  953.         // If we are here it means that nothing good has been found
  954.         // Load third permission
  955.         if ($aclPermManager !== null)
  956.         {
  957.             $acl $this->aclRepository->findOneBy(array(
  958.                 'function'        =>    $function,
  959.                 'permission'    =>    $aclPermManager
  960.             ));
  961.             if ($acl !== null)
  962.             {
  963.                 if ($acl->getValue())
  964.                 {
  965.                     // A single positive answer is enough
  966.                     // In this case the good answer will be provided by the checkSociety
  967.                     return $this->checkManager($devis$user);
  968.                 }
  969.             }
  970.         }
  971.         // If we are here it means that nothing good has been found
  972.         // Load fourth permission
  973.         if ($aclPermClientManager !== null)
  974.         {
  975.             $acl $this->aclRepository->findOneBy(array(
  976.                 'function'        =>    $function,
  977.                 'permission'    =>    $aclPermClientManager
  978.             ));
  979.             if ($acl !== null)
  980.             {
  981.                 if ($acl->getValue())
  982.                 {
  983.                     // A single positive answer is enough
  984.                     // In this case the good answer will be provided by the checkSociety
  985.                     return $this->checkClientManager($devis$user);
  986.                 }
  987.             }
  988.         }
  989.         // If we are here, all hope is lost
  990.         return false;
  991.     }
  993.     private function canViewPdfTtcPublic(Devis $devis nullAccess $userAccessFunction $function)
  994.     {
  995.         // Unfinished Simulations
  996.         // if ($devis->getReceiver() === null)
  997.         //     return false;
  999.         // Four Acl_Permission may exist
  1000.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW_PDF_TTC_PUBLIC);
  1001.         $aclPermSociety $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW_PDF_TTC_PUBLIC_SOCIETY);
  1002.         $aclPermManager $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW_PDF_TTC_PUBLIC_MANAGER);
  1003.         $aclPermClientManager $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW_PDF_TTC_PUBLIC_CLIENT_MANAGER);
  1005.         // If all are null, exit
  1006.         if ($aclPerm === null && $aclPermSociety === null && $aclPermManager === null && $aclPermClientManager === null)
  1007.             return false;
  1009.         // Get First one
  1010.         if ($aclPerm !== null)
  1011.         {
  1012.             $acl $this->aclRepository->findOneBy(array(
  1013.                 'function'        =>    $function,
  1014.                 'permission'    =>    $aclPerm
  1015.             ));
  1016.             if ($acl !== null)
  1017.             {
  1018.                 if ($acl->getValue())
  1019.                 {
  1020.                     // A single positive answer is enough
  1021.                     return true;
  1022.                 }
  1023.             }
  1024.         }
  1025.         // If we are here it means that nothing good has been found
  1026.         // Load second permission
  1027.         if ($aclPermSociety !== null)
  1028.         {
  1029.             $acl $this->aclRepository->findOneBy(array(
  1030.                 'function'        =>    $function,
  1031.                 'permission'    =>    $aclPermSociety
  1032.             ));
  1033.             if ($acl !== null)
  1034.             {
  1035.                 if ($acl->getValue())
  1036.                 {
  1037.                     // A single positive answer is enough
  1038.                     // In this case the good answer will be provided by the checkSociety
  1039.                     return $this->checkSociety($devis$user);
  1040.                 }
  1041.             }
  1042.         }
  1043.         // If we are here it means that nothing good has been found
  1044.         // Load third permission
  1045.         if ($aclPermManager !== null)
  1046.         {
  1047.             $acl $this->aclRepository->findOneBy(array(
  1048.                 'function'        =>    $function,
  1049.                 'permission'    =>    $aclPermManager
  1050.             ));
  1051.             if ($acl !== null)
  1052.             {
  1053.                 if ($acl->getValue())
  1054.                 {
  1055.                     // A single positive answer is enough
  1056.                     // In this case the good answer will be provided by the checkSociety
  1057.                     return $this->checkManager($devis$user);
  1058.                 }
  1059.             }
  1060.         }
  1061.         // If we are here it means that nothing good has been found
  1062.         // Load fourth permission
  1063.         if ($aclPermClientManager !== null)
  1064.         {
  1065.             $acl $this->aclRepository->findOneBy(array(
  1066.                 'function'        =>    $function,
  1067.                 'permission'    =>    $aclPermClientManager
  1068.             ));
  1069.             if ($acl !== null)
  1070.             {
  1071.                 if ($acl->getValue())
  1072.                 {
  1073.                     // A single positive answer is enough
  1074.                     // In this case the good answer will be provided by the checkSociety
  1075.                     return $this->checkClientManager($devis$user);
  1076.                 }
  1077.             }
  1078.         }
  1079.         // If we are here, all hope is lost
  1080.         return false;
  1081.     }
  1083.     private function canViewPdfNoPrice(Devis $devis nullAccess $userAccessFunction $function)
  1084.     {
  1085.         // Unfinished Simulations
  1086.         // if ($devis->getReceiver() === null)
  1087.         //     return false;
  1089.         // Four Acl_Permission may exist
  1090.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW_PDF_NO_PRICE);
  1091.         $aclPermSociety $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW_PDF_NO_PRICE_SOCIETY);
  1092.         $aclPermManager $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW_PDF_NO_PRICE_MANAGER);
  1093.         $aclPermClientManager $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW_PDF_NO_PRICE_CLIENT_MANAGER);
  1095.         // If all are null, exit
  1096.         if ($aclPerm === null && $aclPermSociety === null && $aclPermManager === null && $aclPermClientManager === null)
  1097.             return false;
  1099.         // Get First one
  1100.         if ($aclPerm !== null)
  1101.         {
  1102.             $acl $this->aclRepository->findOneBy(array(
  1103.                 'function'        =>    $function,
  1104.                 'permission'    =>    $aclPerm
  1105.             ));
  1106.             if ($acl !== null)
  1107.             {
  1108.                 if ($acl->getValue())
  1109.                 {
  1110.                     // A single positive answer is enough
  1111.                     return true;
  1112.                 }
  1113.             }
  1114.         }
  1115.         // If we are here it means that nothing good has been found
  1116.         // Load second permission
  1117.         if ($aclPermSociety !== null)
  1118.         {
  1119.             $acl $this->aclRepository->findOneBy(array(
  1120.                 'function'        =>    $function,
  1121.                 'permission'    =>    $aclPermSociety
  1122.             ));
  1123.             if ($acl !== null)
  1124.             {
  1125.                 if ($acl->getValue())
  1126.                 {
  1127.                     // A single positive answer is enough
  1128.                     // In this case the good answer will be provided by the checkSociety
  1129.                     return $this->checkSociety($devis$user);
  1130.                 }
  1131.             }
  1132.         }
  1133.         // If we are here it means that nothing good has been found
  1134.         // Load third permission
  1135.         if ($aclPermManager !== null)
  1136.         {
  1137.             $acl $this->aclRepository->findOneBy(array(
  1138.                 'function'        =>    $function,
  1139.                 'permission'    =>    $aclPermManager
  1140.             ));
  1141.             if ($acl !== null)
  1142.             {
  1143.                 if ($acl->getValue())
  1144.                 {
  1145.                     // A single positive answer is enough
  1146.                     // In this case the good answer will be provided by the checkSociety
  1147.                     return $this->checkManager($devis$user);
  1148.                 }
  1149.             }
  1150.         }
  1151.         // If we are here it means that nothing good has been found
  1152.         // Load fourth permission
  1153.         if ($aclPermClientManager !== null)
  1154.         {
  1155.             $acl $this->aclRepository->findOneBy(array(
  1156.                 'function'        =>    $function,
  1157.                 'permission'    =>    $aclPermClientManager
  1158.             ));
  1159.             if ($acl !== null)
  1160.             {
  1161.                 if ($acl->getValue())
  1162.                 {
  1163.                     // A single positive answer is enough
  1164.                     // In this case the good answer will be provided by the checkSociety
  1165.                     return $this->checkClientManager($devis$user);
  1166.                 }
  1167.             }
  1168.         }
  1169.         // If we are here, all hope is lost
  1170.         return false;
  1171.     }
  1173.     // Plan.io Task #3621
  1174.     private function canEditConditions(Devis $devis)
  1175.     {
  1176.         // Plan.io Task #4329
  1177.         if ($devis->hasDrafts())
  1178.         {
  1179.             return false;
  1180.         }
  1182.         // Plan.io Task #3793
  1183.         if ($devis->hasSignature())
  1184.         {
  1185.             return false;
  1186.         }
  1188.         // Deny edit on archivedRefused objects
  1189.         if ($devis->isArchivedRefused())
  1190.         {
  1191.             return false;
  1192.         }
  1194.         // Deny for an annulled devis
  1195.         if ($devis->isAnnulled())
  1196.         {
  1197.             return false;
  1198.         }
  1200.         // Deny for a devis that is partially or totally invoiced
  1201.         if ($devis->isInvoiced() || $devis->isPartiallyInvoiced())
  1202.         {
  1203.             return false;
  1204.         }
  1206.         // If the Devis has been sent to the Rekto Platform, deny edit
  1207.         if ($devis->getRemoteId() !== null)
  1208.         {
  1209.             return false;
  1210.         }
  1212.         // Unfinished Simulations
  1213.         if ($devis->getReceiver() === null)
  1214.         {
  1215.             return false;
  1216.         }
  1218.         return true;
  1219.     }
  1221.     private function canViewPdfWithPrice(Devis $devis nullAccess $userAccessFunction $function)
  1222.     {
  1223.         if ($this->canViewPdfHtPublic($devis$user$function))
  1224.         {
  1225.             return true;
  1226.         }
  1227.         if ($this->canViewPdfHtPublic($devis$user$function))
  1228.         {
  1229.             return true;
  1230.         }
  1231.         if ($this->canViewPdfTtcPublic($devis$user$function))
  1232.         {
  1233.             return true;
  1234.         }
  1236.         // If we are here, all hope is lost
  1237.         return false;
  1238.     }
  1241.     private function canEdit(Devis $devis nullAccess $userAccessFunction $function$currentGroup$withConditions true)
  1242.     {
  1243.         // Plan.io Task #3621
  1244.         if ($withConditions)
  1245.         {
  1246.             if (!$this->canEditConditions($devis))
  1247.             {
  1248.                 return false;
  1249.             }
  1250.         }
  1252.         // Get Acl_Permissions
  1253.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_EDIT);
  1254.         $aclPermSociety $this->aclPermissionRepository->findOneByName(self::ACL_PERM_EDIT_SOCIETY);
  1255.         $aclPermManager $this->aclPermissionRepository->findOneByName(self::ACL_PERM_EDIT_MANAGER);
  1256.         $aclPermClientManager $this->aclPermissionRepository->findOneByName(self::ACL_PERM_EDIT_CLIENT_MANAGER);
  1257.         $aclPermIfTask $this->aclPermissionRepository->findOneByName(self::ACL_PERM_EDIT_IF_TASK);
  1259.         // If all are null, exit
  1260.         if ($aclPerm === null && $aclPermSociety === null && $aclPermManager === null && $aclPermClientManager === null && $aclPermIfTask === null)
  1261.             return false;
  1263.         // The aclPermIfTask should be checked first, and if it is false, the others should be cheked
  1264.         // ($aclPerm ^ $aclPermSociety ^ $aclPermManager ^ $aclPermClientManager) = empty
  1265.         // ($aclPerm ^ $aclPermSociety ^ $aclPermManager ^ $aclPermClientManager) ^ $aclPermIfTask = not empty
  1266.         // This means that an user can have access to the devis of his society
  1267.         // and also have access to the devis realted to his tasks
  1268.         if ($aclPermIfTask !== null)
  1269.         {
  1270.             $acl $this->aclRepository->findOneBy(array(
  1271.                 'function'        =>    $function,
  1272.                 'permission'    =>    $aclPermIfTask
  1273.             ));
  1274.             if ($acl !== null)
  1275.             {
  1276.                 if ($acl->getValue())
  1277.                 {
  1278.                     if ($this->checkTask($devis$user))
  1279.                         return true;
  1280.                 }
  1281.             }
  1282.         }
  1283.         // If we are here it means that the user doesn't have access to the Devis
  1284.         // by the bias of one of his tasks
  1285.         // So check regular permissions next
  1287.         // Get First one
  1288.         if ($aclPerm !== null)
  1289.         {
  1290.             $acl $this->aclRepository->findOneBy(array(
  1291.                 'function'        =>    $function,
  1292.                 'permission'    =>    $aclPerm
  1293.             ));
  1294.             if ($acl !== null)
  1295.             {
  1296.                 if ($acl->getValue())
  1297.                 {
  1298.                     // A single positive answer is enough
  1299.                     return true;
  1300.                 }
  1301.             }
  1302.         }
  1303.         // If we are here it means that nothing good has been found
  1304.         // Load second permission
  1305.         if ($aclPermSociety !== null)
  1306.         {
  1307.             $acl $this->aclRepository->findOneBy(array(
  1308.                 'function'        =>    $function,
  1309.                 'permission'    =>    $aclPermSociety
  1310.             ));
  1311.             if ($acl !== null)
  1312.             {
  1313.                 if ($acl->getValue())
  1314.                 {
  1315.                     // A single positive answer is enough
  1316.                     // In this case the good answer will be provided by the checkSociety
  1317.                     return $this->checkSociety($devis$user);
  1318.                 }
  1319.             }
  1320.         }
  1321.         // If we are here it means that nothing good has been found
  1322.         // Load third permission
  1323.         if ($aclPermManager !== null)
  1324.         {
  1325.             $acl $this->aclRepository->findOneBy(array(
  1326.                 'function'        =>    $function,
  1327.                 'permission'    =>    $aclPermManager
  1328.             ));
  1329.             if ($acl !== null)
  1330.             {
  1331.                 if ($acl->getValue())
  1332.                 {
  1333.                     // A single positive answer is enough
  1334.                     // In this case the good answer will be provided by the checkSociety
  1335.                     return $this->checkManager($devis$user);
  1336.                 }
  1337.             }
  1338.         }
  1339.         // If we are here it means that nothing good has been found
  1340.         // Load fourth permission
  1341.         if ($aclPermClientManager !== null)
  1342.         {
  1343.             $acl $this->aclRepository->findOneBy(array(
  1344.                 'function'        =>    $function,
  1345.                 'permission'    =>    $aclPermClientManager
  1346.             ));
  1347.             if ($acl !== null)
  1348.             {
  1349.                 if ($acl->getValue())
  1350.                 {
  1351.                     // A single positive answer is enough
  1352.                     // In this case the good answer will be provided by the checkSociety
  1353.                     return $this->checkClientManager($devis$user);
  1354.                 }
  1355.             }
  1356.         }
  1358.         // If we are here, all hope is lost
  1359.         return false;
  1360.     }
  1362.     private function canDelete(Devis $devis nullAccess $userAccessFunction $function)
  1363.     {
  1364.         return false;
  1365.     }
  1367.     private function canAnnul(Devis $devis nullAccess $userAccessFunction $function$currentGroup)
  1368.     {
  1369.         // Plan.io Task #4329
  1370.         if ($devis->hasDrafts())
  1371.         {
  1372.             return false;
  1373.         }
  1375.         // Deny for an annulled devis
  1376.         if ($devis->isAnnulled())
  1377.             return false;
  1379.         // Deny for a devis that is partially or totally invoiced
  1380.         if ($devis->isInvoiced() || $devis->isPartiallyInvoiced())
  1381.             return false;
  1383.         // Get Acl_Permissions
  1384.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_ANNUL);
  1385.         $aclPermSociety $this->aclPermissionRepository->findOneByName(self::ACL_PERM_ANNUL_SOCIETY);
  1387.         // If all are null, exit
  1388.         if ($aclPerm === null && $aclPermSociety === null)
  1389.             return false;
  1391.         // Get First one
  1392.         if ($aclPerm !== null)
  1393.         {
  1394.             $acl $this->aclRepository->findOneBy(array(
  1395.                 'function'        =>    $function,
  1396.                 'permission'    =>    $aclPerm
  1397.             ));
  1398.             if ($acl !== null)
  1399.             {
  1400.                 if ($acl->getValue())
  1401.                 {
  1402.                     // A single positive answer is enough
  1403.                     return true;
  1404.                 }
  1405.             }
  1406.         }
  1407.         // If we are here it means that nothing good has been found
  1408.         // Load second permission
  1409.         if ($aclPermSociety !== null)
  1410.         {
  1411.             $acl $this->aclRepository->findOneBy(array(
  1412.                 'function'        =>    $function,
  1413.                 'permission'    =>    $aclPermSociety
  1414.             ));
  1415.             if ($acl !== null)
  1416.             {
  1417.                 if ($acl->getValue())
  1418.                 {
  1419.                     // A single positive answer is enough
  1420.                     // In this case the good answer will be provided by the checkSociety
  1421.                     return $this->checkSociety($devis$user);
  1422.                 }
  1423.             }
  1424.         }
  1425.         // If we are here, all hope is lost
  1426.         return false;
  1427.     }
  1429.     private function canRevive(Devis $devis nullAccess $userAccessFunction $function$currentGroup)
  1430.     {
  1431.         // Deny reviving a devis that is not annulled
  1432.         if ($devis->isAnnulled() == false)
  1433.             return false;
  1435.         // Get Acl_Permissions
  1436.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_REVIVE);
  1437.         $aclPermSociety $this->aclPermissionRepository->findOneByName(self::ACL_PERM_REVIVE_SOCIETY);
  1439.         // If all are null, exit
  1440.         if ($aclPerm === null && $aclPermSociety === null)
  1441.             return false;
  1443.         // Get First one
  1444.         if ($aclPerm !== null)
  1445.         {
  1446.             $acl $this->aclRepository->findOneBy(array(
  1447.                 'function'        =>    $function,
  1448.                 'permission'    =>    $aclPerm
  1449.             ));
  1450.             if ($acl !== null)
  1451.             {
  1452.                 if ($acl->getValue())
  1453.                 {
  1454.                     // A single positive answer is enough
  1455.                     return true;
  1456.                 }
  1457.             }
  1458.         }
  1459.         // If we are here it means that nothing good has been found
  1460.         // Load second permission
  1461.         if ($aclPermSociety !== null)
  1462.         {
  1463.             $acl $this->aclRepository->findOneBy(array(
  1464.                 'function'        =>    $function,
  1465.                 'permission'    =>    $aclPermSociety
  1466.             ));
  1467.             if ($acl !== null)
  1468.             {
  1469.                 if ($acl->getValue())
  1470.                 {
  1471.                     // A single positive answer is enough
  1472.                     // In this case the good answer will be provided by the checkSociety
  1473.                     return $this->checkSociety($devis$user);
  1474.                 }
  1475.             }
  1476.         }
  1477.         // If we are here, all hope is lost
  1478.         return false;
  1479.     }
  1481.     // Plan.io Task #3621
  1482.     private function canEditIkeaDataFromTask(Devis $devis$user$function$currentGroup)
  1483.     {
  1484.         return $this->canEdit($devis$user$function$currentGroupfalse);
  1485.     }
  1486. }