src/Security/InvoiceProformaVoter.php line 23

Open in your IDE?
  1. <?php
  2. //------------------------------------------------------------------------------
  3. // src/Security/InvoiceProformaVoter.php
  4. //------------------------------------------------------------------------------
  5. namespace App\Security;
  7. use Doctrine\Persistence\ManagerRegistry;
  8. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  9. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  11. use App\Entity\Access;
  12. use App\Entity\APIRest\AccessAPI;
  13. use App\Entity\Config\Module;
  14. use App\Entity\HR\AccessFunction;
  15. use App\Entity\Platform\Devis\Devis;
  16. use App\Entity\Security\Acl;
  17. use App\Entity\Security\AclPermission;
  18. use App\Services\LogTools;
  19. use App\Services\Config\ModuleTools;
  20. use App\Services\Config\OptionConfigTools;
  22. // Task plan.io #3892
  23. class InvoiceProformaVoter extends Voter
  24. {
  25.     // For now manager = author (both)
  27.     //--------------------------------------------------------------------------------
  28.     // is_granted constants
  29.     const IS_ACTIVE "invoice_proforma_is_active";
  31.     const VIEW_PDF "view_pdf_invoice_proforma";
  33.     const IS_GRANTED_CONSTANTS = array(
  34.         self::IS_ACTIVE,
  35.         self::VIEW_PDF
  36.     );
  38.     //--------------------------------------------------------------------------------
  39.     // acl constants
  40.     const ACL_PERM_VIEW_PDF "invoice_proforma_view_pdf";
  41.     const ACL_PERM_VIEW_PDF_SOCIETY "invoice_proforma_view_pdf_society";
  42.     const ACL_PERM_VIEW_PDF_MANAGER "invoice_proforma_view_pdf_manager";
  43.     const ACL_PERM_VIEW_PDF_CLIENT_MANAGER "invoice_proforma_view_pdf_ind_manager";
  45.     //--------------------------------------------------------------------------------
  47.     public function __construct(ManagerRegistry $doctrineModuleTools $moduleToolsOptionConfigTools $optionConfigToolsLogTools $logTools)
  48.     {
  49.         $this->em $doctrine->getManager();
  50.         $this->moduleTools $moduleTools;
  51.         $this->optionConfigTools $optionConfigTools;
  52.         $this->logTools $logTools;
  54.         $this->aclRepository $this->em->getRepository(Acl::class);
  55.         $this->aclPermissionRepository $this->em->getRepository(AclPermission::class);
  56.     }
  58.     // Plan.io Task #4453 [See AccessVoter for details]
  59.     public function supportsAttribute(string $attribute): bool
  60.     {
  61.         return in_array($attributeself::IS_GRANTED_CONSTANTStrue);
  62.     }
  63.     
  64.     protected function supports(string $attribute$subject): bool
  65.     {
  66.         // if the attribute isn't one we support, return false
  67.         if (!in_array($attributeself::IS_GRANTED_CONSTANTS))
  68.         {
  69.             return false;
  70.         }
  72.         // Only vote on Devis and Mission objects inside this voter
  73.         if ($subject !== null && !($subject instanceof Devis))
  74.         {
  75.             return false;
  76.         }
  78.         return true;
  79.     }
  81.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  82.     {
  83.         $user $token->getUser();
  85.         // Plan.io Task #3707
  86.         if ($user instanceof AccessAPI)
  87.         {
  88.             if ($user->getAccess() === null)
  89.             {
  90.                 return false;
  91.             }
  92.             $user $user->getAccess();
  93.         }
  95.         // Plan.io Task #3707
  96.         // At this point $user is an object of Access type
  97.         // even if the $token->getUser() is AccessAPI
  98.         if (!$user instanceof Access)
  99.         {
  100.             // the user must be logged in; if not, deny access
  101.             return false;
  102.         }
  104.         // The user must have a function; if not deny access
  105.         $function $user->getFunction();
  106.         if ($function === null)        return false;
  108.         // Plan.io Task #3710 : Get current group
  109.         $currentGroup $user->getSocietyGroup();
  110.         if ($currentGroup === null)
  111.             return false;
  113.         $this->currentGroup $currentGroup;
  115.         // Module activated ?
  116.         if ($this->moduleTools->isInactiveByCode($currentGroupModule::MODULE_DEVIS))
  117.         {
  118.             return false;
  119.         }
  120.         if ($this->moduleTools->isInactiveByCode($currentGroupModule::MODULE_INVOICE))
  121.         {
  122.             return false;
  123.         }
  125.         /** @var Devis */
  126.         $devis $subject;
  128.         switch ($attribute)
  129.         {
  130.             case self::IS_ACTIVE:
  131.                 return true;
  133.             case self::VIEW_PDF:
  134.             {
  135.                 if ($devis !== null)
  136.                 {
  137.                     return $this->viewPdf($devis$user$function);
  138.                 }
  139.                 else
  140.                 {
  141.                     return false;
  142.                 }
  143.             }
  144.         }
  146.         throw new \LogicException('This code should not be reached!');
  147.     }
  149.     // $access is the user trying to load the resource
  150.     // $devis is the resource being loaded
  152.     // Check if the Society of the resource
  153.     // belongs to the societies of the $access
  154.     private function checkSociety(Devis $devisAccess $access)
  155.     {
  156.         // Get all the societies of the access
  157.         $societies $access->getSocieties();
  159.         // Get the Society of the Devis
  160.         $devisSociety $devis->getSociety();
  162.         if ($devisSociety === null)
  163.             return false;
  165.         $found false;
  166.         foreach ($societies as $society)
  167.         {
  168.             if ($society->getId() == $devisSociety->getId())
  169.             {
  170.                 $found true;
  171.                 break;
  172.             }
  173.         }
  174.         return $found;
  175.     }
  177.     // Check if the $access is the manager / author of the $devis
  178.     private function checkManager(Devis $devisAccess $access)
  179.     {
  180.         // Get manager
  181.         $manager $devis->getManager();
  182.         $author $devis->getAuthor();
  184.         if ($manager === null && $author === null)
  185.             return false;
  187.         if ($manager !== null)
  188.             if ($manager->getId() === $access->getId())
  189.                 return true;
  191.         if ($author !== null)
  192.             if ($author->getId() === $access->getId())
  193.                 return true;
  195.         return false;
  196.     }
  198.     // Check if the $access is the manager of the $devis->getIndividual()
  199.     private function checkClientManager(Devis $devisAccess $access)
  200.     {
  201.         // Get Client
  202.         $client $devis->getReceiver();
  203.         if ($client === null)
  204.             return false;
  206.         if ($client->getIndividual() !== null)
  207.         {
  208.             // Only Individuals have managers
  209.             // Get manager
  210.             $manager $devis->getReceiver()->getIndividual()->getManager();
  211.             if ($manager === null)
  212.                 return false;
  214.             if ($manager->getId() === $access->getId())
  215.                 return true;
  216.         }
  218.         return false;
  219.     }
  221.     public function viewPdf(Devis $devisAccess $accessAccessFunction $function)
  222.     {
  223.         // Get Acl_Permissions
  224.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW_PDF);
  225.         $aclPermSociety $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW_PDF_SOCIETY);
  226.         $aclPermManager $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW_PDF_MANAGER);
  227.         $aclPermClientManager $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW_PDF_CLIENT_MANAGER);
  229.         // If all are null, exit
  230.         if ($aclPerm === null && $aclPermSociety === null && $aclPermManager === null && $aclPermClientManager === null)
  231.         {
  232.             return false;
  233.         }
  235.         // Get First one
  236.         if ($aclPerm !== null)
  237.         {
  238.             $acl $this->aclRepository->findOneBy(array(
  239.                 'function'        =>    $function,
  240.                 'permission'    =>    $aclPerm
  241.             ));
  242.             if ($acl !== null)
  243.             {
  244.                 if ($acl->getValue())
  245.                 {
  246.                     // A single positive answer is enough
  247.                     return true;
  248.                 }
  249.             }
  250.         }
  252.         // If we are here it means that nothing good has been found
  253.         // Load second permission
  254.         if ($aclPermSociety !== null)
  255.         {
  256.             $acl $this->aclRepository->findOneBy(array(
  257.                 'function'        =>    $function,
  258.                 'permission'    =>    $aclPermSociety
  259.             ));
  260.             if ($acl !== null)
  261.             {
  262.                 if ($acl->getValue())
  263.                 {
  264.                     return $this->checkSociety($devis$access);
  265.                 }
  266.             }
  267.         }
  269.         // If we are here it means that nothing good has been found
  270.         // Load third permission
  271.         if ($aclPermManager !== null)
  272.         {
  273.             $acl $this->aclRepository->findOneBy(array(
  274.                 'function'        =>    $function,
  275.                 'permission'    =>    $aclPermManager
  276.             ));
  277.             if ($acl !== null)
  278.             {
  279.                 if ($acl->getValue())
  280.                 {
  281.                     return $this->checkManager($devis$access);
  282.                 }
  283.             }
  284.         }
  286.         // If we are here it means that nothing good has been found
  287.         // Load fourth permission
  288.         if ($aclPermClientManager !== null)
  289.         {
  290.             $acl $this->aclRepository->findOneBy(array(
  291.                 'function'        =>    $function,
  292.                 'permission'    =>    $aclPermClientManager
  293.             ));
  294.             if ($acl !== null)
  295.             {
  296.                 if ($acl->getValue())
  297.                 {
  298.                     return $this->checkClientManager($devis$access);
  299.                 }
  300.             }
  301.         }
  303.         // If we are here, all hope is lost
  304.         return false;
  305.     }
  306. }