<?php//------------------------------------------------------------------------------// src/Security/ExternalObjectVoter.php//------------------------------------------------------------------------------namespace App\Security;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;use Doctrine\Persistence\ManagerRegistry;use App\Entity\Access;use App\Entity\Config\Config;use App\Entity\Config\Module;use App\Entity\HR\AccessFunction;use App\Entity\Platform\Devis\Devis;use App\Entity\Platform\Devis\ExternalDevis;use App\Entity\Platform\Invoice\ExternalInvoice;use App\Entity\Planning\ExternalTask;use App\Entity\Security\Acl;use App\Entity\Webapp\ExternalDocument;class ExternalObjectVoter extends Voter{ //-------------------------------------------------------------------------------- // is_granted constants const VIEW = "view_external_object"; const VIEW_DEVIS = "view_external_devis"; const VIEW_INVOICE = "view_external_invoice"; const VIEW_TASK = "view_external_task"; const VIEW_DOC = "view_external_document"; const IS_GRANTED_CONSTANTS = array( self::VIEW, self::VIEW_DEVIS, self::VIEW_INVOICE, self::VIEW_TASK, self::VIEW_DOC, ); //-------------------------------------------------------------------------------- public function __construct(AccessDecisionManagerInterface $accessDecisionManager, ManagerRegistry $doctrine) { $this->accessDecisionManager = $accessDecisionManager; $this->em = $doctrine->getManager(); } // Plan.io Task #4453 [See AccessVoter for details] public function supportsAttribute(string $attribute): bool { return in_array($attribute, self::IS_GRANTED_CONSTANTS, true); } protected function supports(string $attribute, $subject = null): bool { // if the attribute isn't one we support, return false if (!in_array($attribute, self::IS_GRANTED_CONSTANTS)) { return false; } if ($subject !== null && !($subject instanceof ExternalDevis || $subject instanceof ExternalInvoice || $subject instanceof ExternalDocument || $subject instanceof ExternalTask)) { return false; } return true; } protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool { $user = $token->getUser(); if (!$user instanceof Access) { // the user must be logged in; if not, deny access return false; } // The user must have a function; if not deny access $function = $user->getFunction(); if ($function === null) return false; // Plan.io Task #3710 : Get current group $currentGroup = $user->getSocietyGroup(); if ($currentGroup === null) return false; $this->currentGroup = $currentGroup; // Plan.io Task #3230 // In order to take sharing into account, // decide the viewing of the ExternalObject based on its Mission $mission = $subject->getMission(); if ($mission === null) { // This should not happen return false; } return $this->accessDecisionManager->decide($token, ['view_mission'], $mission); throw new \LogicException('This code should not be reached!'); }}