src/Security/IndividualVoter.php line 92

Open in your IDE?
  1. <?php
  2. //------------------------------------------------------------------------------
  3. // src/Security/IndividualVoter.php
  4. //------------------------------------------------------------------------------
  5. namespace App\Security;
  7. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  8. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  9. use Doctrine\Persistence\ManagerRegistry;
  11. use App\Entity\Access;
  12. use App\Entity\Client\Individual;
  13. use App\Entity\Config\Config;
  14. use App\Entity\Config\Module;
  15. use App\Entity\HR\AccessFunction;
  16. use App\Entity\Planning\Task;
  17. use App\Entity\Security\Acl;
  18. use App\Entity\Security\AclPermission;
  19. use App\Services\Config\ModuleTools;
  21. class IndividualVoter extends Voter
  22. {
  23.     //--------------------------------------------------------------------------------
  24.     // is_granted constants
  25.     const ADD "add_individual";
  27.     const LISTING "list_individuals";
  28.     const LISTING_SOCIETY "list_individuals_society";
  29.     const LISTING_MANAGER "list_individuals_manager";
  30.     const LISTING_ANY "list_individuals_any";
  32.     const VIEW "view_individual";
  33.     const EDIT "edit_individual";
  34.     const ANONYMIZE "anonymize_individual";
  36.     const EDIT_SOCIETY "edit_individual_society";
  38.     const IMPORT "import_individuals";
  40.     // Plan.Io Task #3747
  41.     const MERGE "merge_individual";
  42.     const MERGE_TOOL "merge_tool_individual";
  44.     const IS_GRANTED_CONSTANTS = array(
  45.         self::ADD,
  46.         self::LISTING,
  47.         self::LISTING_SOCIETY,
  48.         self::LISTING_MANAGER,
  49.         self::LISTING_ANY,
  50.         self::VIEW,
  51.         self::EDIT,
  52.         self::ANONYMIZE,
  53.         self::EDIT_SOCIETY,
  54.         self::IMPORT,
  55.         self::MERGE,
  56.         self::MERGE_TOOL,
  57.     );
  59.     //--------------------------------------------------------------------------------
  60.     // acl constants
  61.     const ACL_PERM_ADD "ind_add";
  63.     const ACL_PERM_LISTING "ind_list";
  64.     const ACL_PERM_LISTING_SOCIETY "ind_list_society";
  65.     const ACL_PERM_LISTING_MANAGER "ind_list_manager";
  67.     const ACL_PERM_VIEW "ind_view";
  68.     const ACL_PERM_VIEW_SOCIETY "ind_view_society";
  69.     const ACL_PERM_VIEW_MANAGER "ind_view_manager";
  70.     const ACL_PERM_VIEW_IF_TASK "ind_view_if_task";
  72.     const ACL_PERM_EDIT "ind_edit";
  73.     const ACL_PERM_EDIT_SOCIETY "ind_edit_society";
  74.     const ACL_PERM_EDIT_MANAGER "ind_edit_manager";
  76.     const ACL_PERM_ANONYMIZE "ind_anonymize";
  77.     const ACL_PERM_ANONYMIZE_SOCIETY "ind_anonymize_society";
  78.     const ACL_PERM_ANONYMIZE_MANAGER "ind_anonymize_manager";
  80.     const ACL_PERM_SOCIETY_EDIT "ind_society_edit";
  81.     const ACL_PERM_SOCIETY_EDIT_SOCIETY "ind_society_edit_society";
  82.     const ACL_PERM_SOCIETY_EDIT_MANAGER "ind_society_edit_manager";
  84.     const ACL_PERM_IMPORT "ind_import";
  86.     // Plan.io Task #3747
  87.     const ACL_PERM_MERGE "ind_merge";
  88.     const ACL_PERM_MERGE_SOCIETY "ind_merge_society";
  90.     //--------------------------------------------------------------------------------
  92.     public function __construct(ManagerRegistry $doctrineModuleTools $moduleTools)
  93.     {
  94.         $this->em $doctrine->getManager();
  95.         $this->moduleTools $moduleTools;
  97.         $this->aclRepository $this->em->getRepository(Acl::class);
  98.         $this->aclPermissionRepository $this->em->getRepository(AclPermission::class);
  99.     }
  101.     // Plan.io Task #4453 [See AccessVoter for details]
  102.     public function supportsAttribute(string $attribute): bool
  103.     {
  104.         return in_array($attributeself::IS_GRANTED_CONSTANTStrue);
  105.     }
  106.     
  107.     protected function supports(string $attribute$subject): bool
  108.     {
  109.         // if the attribute isn't one we support, return false
  110.         if (!in_array($attributeself::IS_GRANTED_CONSTANTS))
  111.         {
  112.             return false;
  113.         }
  115.         // only vote on Individual objects inside this voter
  116.         if ($subject !== null && !$subject instanceof Individual)
  117.         {
  118.             return false;
  119.         }
  121.         return true;
  122.     }
  124.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  125.     {
  126.         $user $token->getUser();
  128.         if (!$user instanceof Access)
  129.         {
  130.             // the user must be logged in; if not, deny access
  131.             return false;
  132.         }
  134.         // The user must have a function; if not deny access
  135.         $function $user->getFunction();
  136.         if ($function === null)        return false;
  138.         // Plan.io Task #3710 : Get current group
  139.         $currentGroup $user->getSocietyGroup();
  140.         if ($currentGroup === null)
  141.             return false;
  143.         $this->currentGroup $currentGroup;
  145.         // Module activated ?
  146.         if ($this->moduleTools->isInactiveByCode($currentGroupModule::MODULE_CLIENT) && $this->moduleTools->isInactiveByCode($currentGroupModule::MODULE_CLIENT_LIGHT))
  147.         {
  148.             return false;
  149.         }
  151.         if ($attribute == self::EDIT || $attribute == self::EDIT_SOCIETY)
  152.         {
  153.             if ($subject->getAnonymized())
  154.             {
  155.                 return false;
  156.             }
  157.         }
  159.         // you know $subject is a Individual object, thanks to supports
  160.         /** @var Individual $individual */
  161.         $individual $subject;
  163.         // Check current group affectation
  164.         if ($individual !== null)
  165.         {
  166.             $individualSociety $individual->getSociety();
  167.             if ($individualSociety === null)
  168.                 return false;
  169.             $individualSocietyGroup $individualSociety->getGroup();
  170.             if ($individualSocietyGroup === null)
  171.                 return false;
  173.             // Checking ...
  174.             // Do not allow viewing/editing the client of a shared mission
  175.             if (!$currentGroup->equals($individualSocietyGroup))
  176.             {
  177.                 return false;
  178.             }
  179.         }
  181.         switch ($attribute)
  182.         {
  183.             case self::ADD:
  184.                 return $this->canAdd($user$function);
  186.             case self::LISTING:
  187.                 return $this->canList($individual$user$function);
  188.             case self::LISTING_SOCIETY:
  189.                 return $this->canListSociety($individual$user$function);
  190.             case self::LISTING_MANAGER:
  191.                 return $this->canListManager($individual$user$function);
  192.             case self::LISTING_ANY:
  193.                 return $this->canListAny($individual$user$function);
  195.             case self::VIEW:
  196.                 return $this->canView($individual$user$function);
  198.             case self::EDIT:
  199.                 return $this->canEdit($individual$user$function);
  201.             case self::ANONYMIZE:
  202.                 return $this->canAnonymize($individual$user$function);
  204.             case self::EDIT_SOCIETY:
  205.                 return $this->canEditSociety($individual$user$function);
  207.             case self::IMPORT:
  208.                 return $this->canImport($user$function);
  210.             case self::MERGE:
  211.                 return $this->canMerge($individual$user$function);
  213.             case self::MERGE_TOOL:
  214.                 return $this->canUseMergeTool($user$function);
  215.         }
  217.         throw new \LogicException('This code should not be reached!');
  218.     }
  220.     // $access is the user trying to load the resource
  221.     // $individual is the resource being loaded
  223.     // Check if the Society of the resource
  224.     // belongs to the societies of the $access
  225.     private function checkSociety(Individual $individualAccess $access)
  226.     {
  227.         // Get all the societies of the access
  228.         $societies $access->getSocieties();
  230.         // Get the Society of the Individual
  231.         $individualSociety $individual->getSociety();
  233.         if ($individualSociety === null)
  234.             return false;
  236.         $found false;
  237.         foreach ($societies as $society)
  238.         {
  239.             if ($society->getId() == $individualSociety->getId())
  240.             {
  241.                 $found true;
  242.                 break;
  243.             }
  244.         }
  245.         return $found;
  246.     }
  248.     // Check if the $access is the manager / author of the $individual
  249.     private function checkManager(Individual $individualAccess $access)
  250.     {
  251.         // Get manager and author
  252.         $manager $individual->getManager();
  253.         $author $individual->getAuthor();
  255.         if ($manager === null && $author === null)
  256.             return false;
  258.         if ($manager !== null)
  259.             if ($manager->getId() === $access->getId())
  260.                 return true;
  262.         if ($author !== null)
  263.             if ($author->getId() === $access->getId())
  264.                 return true;
  266.         return false;
  267.     }
  269.     // Check if there is at least one task
  270.     // having this access as resource and this individual as client
  271.     private function checkTask(Individual $individualAccess $access)
  272.     {
  273.         $taskRep $this->em->getRepository(Task::class);
  275.         $resources $access->getPlanningResources();
  276.         $client $individual->getClient();
  278.         if ($client === null)
  279.             return false;
  281.         foreach ($resources as $r)
  282.         {
  283.             $tasks $taskRep->findForClientAndResource($client$r);
  284.             if (count($tasks) > 0)
  285.                 return true;
  286.         }
  287.         return false;
  288.     }
  290.     private function canAdd(Access $userAccessFunction $function)
  291.     {
  292.         // Module activated ?
  293.         // CLIENT_LIGHT cannot add Clients / Stores
  294.         if ($this->moduleTools->isInactiveByCode($this->currentGroupModule::MODULE_CLIENT))
  295.         {
  296.             return false;
  297.         }
  299.         // Get Acl_Permission
  300.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_ADD);
  301.         if ($aclPerm === null)        return false;
  303.         // Get Acl
  304.         $acl $this->aclRepository->findOneBy(array(
  305.             'function'        =>    $function,
  306.             'permission'    =>    $aclPerm
  307.         ));
  308.         if ($acl === null)        return false;
  310.         // Since only one acl type can exist
  311.         // we can return the result of the acl_permission
  312.         return $acl->getValue();
  313.     }
  315.     private function canList(Individual $individual nullAccess $userAccessFunction $function)
  316.     {
  317.         // Get Acl_Permission
  318.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_LISTING);
  319.         if ($aclPerm === null)        return false;
  321.         // Get Acl
  322.         $acl $this->aclRepository->findOneBy(array(
  323.             'function'        =>    $function,
  324.             'permission'    =>    $aclPerm
  325.         ));
  326.         if ($acl === null)        return false;
  328.         // Since only one acl type can exist
  329.         // we can return the result of the acl_permission
  330.         return $acl->getValue();
  331.     }
  333.     private function canListSociety(Individual $individual nullAccess $userAccessFunction $function)
  334.     {
  335.         // Get Acl_Permission
  336.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_LISTING_SOCIETY);
  337.         if ($aclPerm === null)        return false;
  339.         // Get Acl
  340.         $acl $this->aclRepository->findOneBy(array(
  341.             'function'        =>    $function,
  342.             'permission'    =>    $aclPerm
  343.         ));
  344.         if ($acl === null)        return false;
  346.         // Since only one acl type can exist
  347.         // we can return the result of the acl_permission
  348.         // Further filtering is done in the Controller
  349.         return $acl->getValue();
  350.     }
  352.     private function canListManager(Individual $individual nullAccess $userAccessFunction $function)
  353.     {
  354.         // Get Acl_Permission
  355.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_LISTING_MANAGER);
  356.         if ($aclPerm === null)        return false;
  358.         // Get Acl
  359.         $acl $this->aclRepository->findOneBy(array(
  360.             'function'        =>    $function,
  361.             'permission'    =>    $aclPerm
  362.         ));
  363.         if ($acl === null)        return false;
  365.         // Since only one acl type can exist
  366.         // we can return the result of the acl_permission
  367.         // Further filtering is done in the Controller
  368.         return $acl->getValue();
  369.     }
  371.     private function canListAny(Individual $individual nullAccess $userAccessFunction $function)
  372.     {
  373.         // Two Acl_Permission may exist
  374.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_LISTING);
  375.         $aclPermSociety $this->aclPermissionRepository->findOneByName(self::ACL_PERM_LISTING_SOCIETY);
  376.         $aclPermManager $this->aclPermissionRepository->findOneByName(self::ACL_PERM_LISTING_MANAGER);
  377.         // If both are null, exit
  378.         if ($aclPerm === null && $aclPermSociety === null && $aclPermManager === null)
  379.             return false;
  381.         // Get First one
  382.         if ($aclPerm !== null)
  383.         {
  384.             $acl $this->aclRepository->findOneBy(array(
  385.                 'function'        =>    $function,
  386.                 'permission'    =>    $aclPerm
  387.             ));
  388.             if ($acl !== null)
  389.             {
  390.                 if ($acl->getValue())
  391.                 {
  392.                     // A single positive answer is enough
  393.                     return true;
  394.                 }
  395.             }
  396.         }
  397.         // If we are here it means that nothing good has been found
  398.         // Load second permission
  399.         if ($aclPermSociety !== null)
  400.         {
  401.             $acl $this->aclRepository->findOneBy(array(
  402.                 'function'        =>    $function,
  403.                 'permission'    =>    $aclPermSociety
  404.             ));
  405.             if ($acl !== null)
  406.             {
  407.                 if ($acl->getValue())
  408.                 {
  409.                     // A single positive answer is enough
  410.                     return true;
  411.                 }
  412.             }
  413.         }
  414.         // If we are here it means that nothing good has been found
  415.         // Load third permission
  416.         if ($aclPermManager !== null)
  417.         {
  418.             $acl $this->aclRepository->findOneBy(array(
  419.                 'function'        =>    $function,
  420.                 'permission'    =>    $aclPermManager
  421.             ));
  422.             if ($acl !== null)
  423.             {
  424.                 if ($acl->getValue())
  425.                 {
  426.                     // A single positive answer is enough
  427.                     return true;
  428.                 }
  429.             }
  430.         }
  431.         // If we are here, all hope is lost
  432.         return false;
  433.     }
  435.     private function canView(Individual $individual nullAccess $userAccessFunction $function)
  436.     {
  437.         // Get Acl_Permissions
  438.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW);
  439.         $aclPermSociety $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW_SOCIETY);
  440.         $aclPermManager $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW_MANAGER);
  441.         $aclPermIfTask $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW_IF_TASK);
  443.         // If all are null, exit
  444.         if ($aclPerm === null && $aclPermSociety === null && $aclPermManager === null && $aclPermIfTask === null)
  445.             return false;
  447.         // The aclPermIfTask should be checked first, and if it is false, the others should be cheked
  448.         // ($aclPerm ^ $aclPermSociety ^ $aclPermManager) = empty
  449.         // ($aclPerm ^ $aclPermSociety ^ $aclPermManager) ^ $aclPermIfTask = not empty
  450.         // This means that an user can have access to the clients of his society
  451.         // and also have access to the individuals realted to his tasks
  452.         if ($aclPermIfTask !== null)
  453.         {
  454.             $acl $this->aclRepository->findOneBy(array(
  455.                 'function'        =>    $function,
  456.                 'permission'    =>    $aclPermIfTask
  457.             ));
  458.             if ($acl !== null)
  459.             {
  460.                 if ($acl->getValue())
  461.                 {
  462.                     if ($this->checkTask($individual$user))
  463.                         return true;
  464.                 }
  465.             }
  466.         }
  468.         // If we are here it means that the user doesn't have access to the Individual
  469.         // by the bias of one of his tasks
  470.         // So check regular permissions next
  472.         // Get First one
  473.         if ($aclPerm !== null)
  474.         {
  475.             $acl $this->aclRepository->findOneBy(array(
  476.                 'function'        =>    $function,
  477.                 'permission'    =>    $aclPerm
  478.             ));
  479.             if ($acl !== null)
  480.             {
  481.                 if ($acl->getValue())
  482.                 {
  483.                     // A single positive answer is enough
  484.                     return true;
  485.                 }
  486.             }
  487.         }
  489.         // If we are here it means that nothing good has been found
  490.         // Load second permission
  491.         if ($aclPermSociety !== null)
  492.         {
  493.             $acl $this->aclRepository->findOneBy(array(
  494.                 'function'        =>    $function,
  495.                 'permission'    =>    $aclPermSociety
  496.             ));
  497.             if ($acl !== null)
  498.             {
  499.                 if ($acl->getValue())
  500.                 {
  501.                     // A single positive answer is enough
  502.                     // In this case the good answer will be provided by the checkSociety
  503.                     return $this->checkSociety($individual$user);
  504.                 }
  505.             }
  506.         }
  508.         // If we are here it means that nothing good has been found
  509.         // Load third permission
  510.         if ($aclPermManager !== null)
  511.         {
  512.             $acl $this->aclRepository->findOneBy(array(
  513.                 'function'        =>    $function,
  514.                 'permission'    =>    $aclPermManager
  515.             ));
  516.             if ($acl !== null)
  517.             {
  518.                 if ($acl->getValue())
  519.                 {
  520.                     // A single positive answer is enough
  521.                     // In this case the good answer will be provided by the checkSociety
  522.                     return $this->checkManager($individual$user);
  523.                 }
  524.             }
  525.         }
  527.         // If we are here, all hope is lost
  528.         return false;
  529.     }
  531.     private function canEdit(Individual $individual nullAccess $userAccessFunction $function)
  532.     {
  533.         if($individual->getAnonymized())
  534.         {
  535.             return false;
  536.         }
  538.         // Two Acl_Permission may exist
  539.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_EDIT);
  540.         $aclPermSociety $this->aclPermissionRepository->findOneByName(self::ACL_PERM_EDIT_SOCIETY);
  541.         $aclPermManager $this->aclPermissionRepository->findOneByName(self::ACL_PERM_EDIT_MANAGER);
  543.         // If all are null, exit
  544.         if ($aclPerm === null && $aclPermSociety === null && $aclPermManager === null)
  545.             return false;
  547.         // Get First one
  548.         if ($aclPerm !== null)
  549.         {
  550.             $acl $this->aclRepository->findOneBy(array(
  551.                 'function'        =>    $function,
  552.                 'permission'    =>    $aclPerm
  553.             ));
  554.             if ($acl !== null)
  555.             {
  556.                 if ($acl->getValue())
  557.                 {
  558.                     // A single positive answer is enough
  559.                     return true;
  560.                 }
  561.             }
  562.         }
  563.         // If we are here it means that nothing good has been found
  564.         // Load second permission
  565.         if ($aclPermSociety !== null)
  566.         {
  567.             $acl $this->aclRepository->findOneBy(array(
  568.                 'function'        =>    $function,
  569.                 'permission'    =>    $aclPermSociety
  570.             ));
  571.             if ($acl !== null)
  572.             {
  573.                 if ($acl->getValue())
  574.                 {
  575.                     // A single positive answer is enough
  576.                     // In this case the good answer will be provided by the checkSociety
  577.                     return $this->checkSociety($individual$user);
  578.                 }
  579.             }
  580.         }
  581.         // If we are here it means that nothing good has been found
  582.         // Load third permission
  583.         if ($aclPermManager !== null)
  584.         {
  585.             $acl $this->aclRepository->findOneBy(array(
  586.                 'function'        =>    $function,
  587.                 'permission'    =>    $aclPermManager
  588.             ));
  589.             if ($acl !== null)
  590.             {
  591.                 if ($acl->getValue())
  592.                 {
  593.                     // A single positive answer is enough
  594.                     // In this case the good answer will be provided by the checkSociety
  595.                     return $this->checkManager($individual$user);
  596.                 }
  597.             }
  598.         }
  599.         // If we are here, all hope is lost
  600.         return false;
  601.     }
  603.     private function canAnonymize(Individual $individual nullAccess $userAccessFunction $function)
  604.     {
  605.         // Three Acl_Permission may exist
  606.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_ANONYMIZE);
  607.         $aclPermSociety $this->aclPermissionRepository->findOneByName(self::ACL_PERM_ANONYMIZE_SOCIETY);
  608.         $aclPermManager $this->aclPermissionRepository->findOneByName(self::ACL_PERM_ANONYMIZE_MANAGER);
  610.         // If all are null, exit
  611.         if ($aclPerm === null && $aclPermSociety === null && $aclPermManager === null)
  612.             return false;
  614.         // Get First one
  615.         if ($aclPerm !== null)
  616.         {
  617.             $acl $this->aclRepository->findOneBy(array(
  618.                 'function'        =>    $function,
  619.                 'permission'    =>    $aclPerm
  620.             ));
  622.             if ($acl !== null)
  623.             {
  624.                 if ($acl->getValue())
  625.                 {
  626.                     // A single positive answer is enough
  627.                     return true;
  628.                 }
  629.             }
  630.         }
  632.         // If we are here it means that nothing good has been found
  633.         // Load second permission
  634.         if ($aclPermSociety !== null)
  635.         {
  636.             $acl $this->aclRepository->findOneBy(array(
  637.                 'function'        =>    $function,
  638.                 'permission'    =>    $aclPermSociety
  639.             ));
  640.             if ($acl !== null)
  641.             {
  642.                 if ($acl->getValue())
  643.                 {
  644.                     // A single positive answer is enough
  645.                     // In this case the good answer will be provided by the checkSociety
  646.                     return $this->checkSociety($individual$user);
  647.                 }
  648.             }
  649.         }
  651.         // If we are here it means that nothing good has been found
  652.         // Load third permission
  653.         if ($aclPermManager !== null)
  654.         {
  655.             $acl $this->aclRepository->findOneBy(array(
  656.                 'function'        =>    $function,
  657.                 'permission'    =>    $aclPermManager
  658.             ));
  659.             if ($acl !== null)
  660.             {
  661.                 if ($acl->getValue())
  662.                 {
  663.                     // A single positive answer is enough
  664.                     // In this case the good answer will be provided by the checkSociety
  665.                     return $this->checkManager($individual$user);
  666.                 }
  667.             }
  668.         }
  669.         // If we are here, all hope is lost
  670.         return false;
  671.     }
  673.     private function canEditSociety(Individual $individual nullAccess $userAccessFunction $function)
  674.     {
  675.         if($individual->getAnonymized())
  676.         {
  677.             return false;
  678.         }
  680.         // Two Acl_Permission may exist
  681.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_SOCIETY_EDIT);
  682.         $aclPermSociety $this->aclPermissionRepository->findOneByName(self::ACL_PERM_SOCIETY_EDIT_SOCIETY);
  683.         $aclPermManager $this->aclPermissionRepository->findOneByName(self::ACL_PERM_SOCIETY_EDIT_MANAGER);
  685.         // If all are null, exit
  686.         if ($aclPerm === null && $aclPermSociety === null && $aclPermManager === null)
  687.             return false;
  689.         // Get First one
  690.         if ($aclPerm !== null)
  691.         {
  692.             $acl $this->aclRepository->findOneBy(array(
  693.                 'function'        =>    $function,
  694.                 'permission'    =>    $aclPerm
  695.             ));
  696.             if ($acl !== null)
  697.             {
  698.                 if ($acl->getValue())
  699.                 {
  700.                     // A single positive answer is enough
  701.                     return true;
  702.                 }
  703.             }
  704.         }
  705.         // If we are here it means that nothing good has been found
  706.         // Load second permission
  707.         if ($aclPermSociety !== null)
  708.         {
  709.             $acl $this->aclRepository->findOneBy(array(
  710.                 'function'        =>    $function,
  711.                 'permission'    =>    $aclPermSociety
  712.             ));
  713.             if ($acl !== null)
  714.             {
  715.                 if ($acl->getValue())
  716.                 {
  717.                     // A single positive answer is enough
  718.                     // In this case the good answer will be provided by the checkSociety
  719.                     return $this->checkSociety($individual$user);
  720.                 }
  721.             }
  722.         }
  723.         // If we are here it means that nothing good has been found
  724.         // Load third permission
  725.         if ($aclPermManager !== null)
  726.         {
  727.             $acl $this->aclRepository->findOneBy(array(
  728.                 'function'        =>    $function,
  729.                 'permission'    =>    $aclPermManager
  730.             ));
  731.             if ($acl !== null)
  732.             {
  733.                 if ($acl->getValue())
  734.                 {
  735.                     // A single positive answer is enough
  736.                     // In this case the good answer will be provided by the checkSociety
  737.                     return $this->checkManager($individual$user);
  738.                 }
  739.             }
  740.         }
  741.         // If we are here, all hope is lost
  742.         return false;
  743.     }
  745.     private function canImport(Access $userAccessFunction $function)
  746.     {
  747.         // Module activated ?
  748.         // CLIENT_LIGHT cannot add Clients / Stores
  749.         if ($this->moduleTools->isInactiveByCode($this->currentGroupModule::MODULE_CLIENT))
  750.         {
  751.             return false;
  752.         }
  754.         // Get Acl_Permission
  755.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_IMPORT);
  756.         if ($aclPerm === null)        return false;
  758.         // Get Acl
  759.         $acl $this->aclRepository->findOneBy(array(
  760.             'function'        =>    $function,
  761.             'permission'    =>    $aclPerm
  762.         ));
  763.         if ($acl === null)        return false;
  765.         // Since only one acl type can exist
  766.         // we can return the result of the acl_permission
  767.         return $acl->getValue();
  768.     }
  770.     // Plan.io Task #3747
  771.     private function canMerge(Individual $individualAccess $userAccessFunction $accessFunction)
  772.     {
  773.         // Two Acl_Permission may exist
  774.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_MERGE);
  775.         $aclPermSociety $this->aclPermissionRepository->findOneByName(self::ACL_PERM_MERGE_SOCIETY);
  777.         // If all are null, exit
  778.         if ($aclPerm === null && $aclPermSociety === null)
  779.             return false;
  781.         // Get First one
  782.         if ($aclPerm !== null)
  783.         {
  784.             $acl $this->aclRepository->findOneBy(array(
  785.                 'function'        =>    $accessFunction,
  786.                 'permission'    =>    $aclPerm
  787.             ));
  788.             if ($acl !== null)
  789.             {
  790.                 if ($acl->getValue())
  791.                 {
  792.                     // A single positive answer is enough
  793.                     return true;
  794.                 }
  795.             }
  796.         }
  798.         // If we are here it means that nothing good has been found
  799.         // Load second permission
  800.         if ($aclPermSociety !== null)
  801.         {
  802.             $acl $this->aclRepository->findOneBy(array(
  803.                 'function'        =>    $accessFunction,
  804.                 'permission'    =>    $aclPermSociety
  805.             ));
  806.             if ($acl !== null)
  807.             {
  808.                 if ($acl->getValue())
  809.                 {
  810.                     // A single positive answer is enough
  811.                     // In this case the good answer will be provided by the checkSociety
  812.                     return $this->checkSociety($individual$user);
  813.                 }
  814.             }
  815.         }
  817.         // If we are here, all hope is lost
  818.         return false;
  819.     }
  821.     // Plan.io Task #3747
  822.     // We need to know if the user can access the merge tool
  823.     // Specific merge permissions will be checked later
  824.     private function canUseMergeTool(Access $userAccessFunction $accessFunction)
  825.     {
  826.         // Two Acl_Permission may exist
  827.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_MERGE);
  828.         $aclPermSociety $this->aclPermissionRepository->findOneByName(self::ACL_PERM_MERGE_SOCIETY);
  830.         // If all are null, exit
  831.         if ($aclPerm === null && $aclPermSociety === null)
  832.             return false;
  834.         // Get First one
  835.         if ($aclPerm !== null)
  836.         {
  837.             $acl $this->aclRepository->findOneBy(array(
  838.                 'function'        =>    $accessFunction,
  839.                 'permission'    =>    $aclPerm
  840.             ));
  841.             if ($acl !== null)
  842.             {
  843.                 if ($acl->getValue())
  844.                 {
  845.                     // A single positive answer is enough
  846.                     return true;
  847.                 }
  848.             }
  849.         }
  851.         // If we are here it means that nothing good has been found
  852.         // Load second permission
  853.         if ($aclPermSociety !== null)
  854.         {
  855.             $acl $this->aclRepository->findOneBy(array(
  856.                 'function'        =>    $accessFunction,
  857.                 'permission'    =>    $aclPermSociety
  858.             ));
  859.             if ($acl !== null)
  860.             {
  861.                 if ($acl->getValue())
  862.                 {
  863.                     // A single positive answer is enough
  864.                     return true;
  865.                 }
  866.             }
  867.         }
  869.         // If we are here, all hope is lost
  870.         return false;
  871.     }
  872. }