src/Security/PlanningVoter.php line 64

Open in your IDE?
  1. <?php
  2. //------------------------------------------------------------------------------
  3. // src/Security/PlanningVoter.php
  4. // OK #4453 : VoterCache
  5. //------------------------------------------------------------------------------
  6. namespace App\Security;
  8. use Doctrine\Persistence\ManagerRegistry;
  9. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  10. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  12. use App\Entity\Access;
  13. use App\Entity\Config\Module;
  14. use App\Entity\Config\OptionConfig;
  15. use App\Entity\HR\AccessFunction;
  16. use App\Entity\Security\Acl;
  17. use App\Entity\Security\AclPermission;
  18. use App\Services\Config\ModuleTools;
  19. use App\Services\LogTools;
  21. class PlanningVoter extends Voter
  22. {
  23.     //--------------------------------------------------------------------------------
  24.     // is_granted constants
  26.     const IS_ACTIVE "planning_is_active";
  28.     const LOAD_GLOBAL_PLANNING "planning_global_view";
  29.     const LOAD_INDIVIDUAL_PLANNING "planning_individual_view";
  30.     const DECLARE_AVAILABILITIES "planning_declare_availabilities";
  31.     const VIEW_NUMBER_GLOBAL_PLANNING "planning_global_view_number";
  33.     const ORGANIZE_PLANNING_RESOURCES "planning_global_organize_planning_resources";
  35.     const PLANNING_OPTIMISATION_IS_ACTIVE "planning_optimisation_is_active";
  36.     const OPTIMISE_PLANNING "optimise_planning";
  37.     //--------------------------------------------------------------------------------
  39.     const IS_GRANTED_CONSTANTS = array(
  40.         self::IS_ACTIVE,
  42.         self::LOAD_GLOBAL_PLANNING,
  43.         self::LOAD_INDIVIDUAL_PLANNING,
  44.         self::DECLARE_AVAILABILITIES,
  45.         self::VIEW_NUMBER_GLOBAL_PLANNING,
  46.         self::ORGANIZE_PLANNING_RESOURCES,
  47.         self::PLANNING_OPTIMISATION_IS_ACTIVE,
  48.         self::OPTIMISE_PLANNING,
  49.     );
  51.     //--------------------------------------------------------------------------------
  52.     // acl constants
  53.     const ACL_PERM_LOAD_GLOBAL_PLANNING "planning_global_view";
  54.     const ACL_PERM_LOAD_INDIVIDUAL_PLANNING "planning_individual_view";
  55.     const ACL_PERM_DECLARE_AVAILABILITIES "planning_declare_availabilities";
  56.     const ACL_PERM_VIEW_NUMBER_GLOBAL_PLANNING "planning_global_view_number";
  57.     const ACL_PERM_ORGANIZE_PLANNING_RESOURCES "planning_global_organize_planning_resources";
  58.     const ACL_PERM_OPTIMISE_PLANNING "optimise_planning";
  59.     //--------------------------------------------------------------------------------
  61.     public function __construct(ManagerRegistry $doctrineModuleTools $moduleToolsLogTools $logTools)
  62.     {
  63.         $this->em $doctrine->getManager();
  64.         $this->moduleTools $moduleTools;
  65.         $this->logTools $logTools;
  67.         $this->aclRepository $this->em->getRepository(Acl::class);
  68.         $this->aclPermissionRepository $this->em->getRepository(AclPermission::class);
  69.     }
  71.     // Plan.io Task #4453 [See AccessVoter for details]
  72.     public function supportsAttribute(string $attribute): bool
  73.     {
  74.         return in_array($attributeself::IS_GRANTED_CONSTANTStrue);
  75.     }
  76.     
  77.     protected function supports(string $attribute$subject null): bool
  78.     {
  79.         // if the attribute isn't one we support, return false
  80.         if (!in_array($attributeself::IS_GRANTED_CONSTANTS))
  81.         {
  82.             return false;
  83.         }
  85.         // No object here
  86.         return true;
  87.     }
  89.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  90.     {
  91.         $user $token->getUser();
  93.         if (!$user instanceof Access)
  94.         {
  95.             // the user must be logged in; if not, deny access
  96.             return false;
  97.         }
  99.         // The user must have a function; if not deny access
  100.         $function $user->getFunction();
  101.         if ($function === null)        return false;
  103.         // Plan.io Task #3710 : Get current group
  104.         $currentGroup $user->getSocietyGroup();
  105.         if ($currentGroup === null)
  106.             return false;
  108.         // This is needed to check HumanResource Module in canLoadGlobalPlanning
  109.         $this->currentGroup $currentGroup;
  111.         // Module activated ?
  112.         if ($this->moduleTools->isInactiveByCode($currentGroupModule::MODULE_PLANNING))
  113.         {
  114.             return false;
  115.         }
  117.         switch ($attribute)
  118.         {
  119.             case self::IS_ACTIVE:
  120.                 return true;
  121.             case self::LOAD_GLOBAL_PLANNING:
  122.                 return $this->canLoadGlobalPlanning($user$function);
  123.             case self::LOAD_INDIVIDUAL_PLANNING:
  124.                 return $this->canLoadIndividualPlanning($user$function);
  125.             case self::DECLARE_AVAILABILITIES:
  126.                 return $this->canDeclareAvailabilities($user$function);
  127.             case self::VIEW_NUMBER_GLOBAL_PLANNING:
  128.                 return $this->canViewNumberGlobalPlanning($user$function);
  129.             case self::ORGANIZE_PLANNING_RESOURCES:
  130.                 return $this->canOrganizePlanningResources($user$function);
  131.             case self::PLANNING_OPTIMISATION_IS_ACTIVE:
  132.                 return $this->planningOptimisationIsActive($user$function);
  133.             case self::OPTIMISE_PLANNING:
  134.                 return $this->canOptimisePlanning($user$function);
  135.         }
  137.         throw new \LogicException('This code should not be reached!');
  138.     }
  140.     private function canLoadGlobalPlanning(Access $accessAccessFunction $function)
  141.     {
  142.         // Si le module Ressources humaines n'est pas activé, accès au planning individuel uniquement
  143.         if ($this->moduleTools->isInactiveByCode($this->currentGroupModule::MODULE_HUMAN_RESOURCE))
  144.         {
  145.             return false;
  146.         }
  148.         // Get Acl_Permission
  149.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_LOAD_GLOBAL_PLANNING);
  150.         if ($aclPerm === null)        return false;
  152.         // Get Acl
  153.         $acl $this->aclRepository->findOneBy(array(
  154.             'function'        =>    $function,
  155.             'permission'    =>    $aclPerm
  156.         ));
  157.         if ($acl === null)        return false;
  159.         return $acl->getValue();
  160.     }
  162.     private function canLoadIndividualPlanning(Access $accessAccessFunction $function)
  163.     {
  164.         // Get Acl_Permission
  165.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_LOAD_INDIVIDUAL_PLANNING);
  166.         if ($aclPerm === null)        return false;
  168.         // Get Acl
  169.         $acl $this->aclRepository->findOneBy(array(
  170.             'function'        =>    $function,
  171.             'permission'    =>    $aclPerm
  172.         ));
  173.         if ($acl === null)        return false;
  175.         return $acl->getValue();
  176.     }
  178.     private function canDeclareAvailabilities(Access $accessAccessFunction $function)
  179.     {
  180.         // Get Acl_Permission
  181.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_DECLARE_AVAILABILITIES);
  182.         if ($aclPerm === null)        return false;
  184.         // Get Acl
  185.         $acl $this->aclRepository->findOneBy(array(
  186.             'function'        =>    $function,
  187.             'permission'    =>    $aclPerm
  188.         ));
  189.         if ($acl === null)        return false;
  191.         return $acl->getValue();
  192.     }
  194.     private function canViewNumberGlobalPlanning(Access $accessAccessFunction $function)
  195.     {
  196.         // Get Acl_Permission
  197.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW_NUMBER_GLOBAL_PLANNING);
  198.         if ($aclPerm === null)        return false;
  200.         // Get Acl
  201.         $acl $this->aclRepository->findOneBy(array(
  202.             'function'        =>    $function,
  203.             'permission'    =>    $aclPerm
  204.         ));
  205.         if ($acl === null)        return false;
  208.         return $acl->getValue();
  209.     }
  211.     private function canOrganizePlanningResources(Access $accessAccessFunction $function)
  212.     {
  213.         // Si le module Ressources humaines n'est pas activé, accès au planning individuel uniquement
  214.         if ($this->moduleTools->isInactiveByCode($this->currentGroupModule::MODULE_HUMAN_RESOURCE))
  215.         {
  216.             return false;
  217.         }
  219.         // Get Acl_Permission
  220.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_ORGANIZE_PLANNING_RESOURCES);
  221.         if ($aclPerm === null)        return false;
  223.         // Get Acl
  224.         $acl $this->aclRepository->findOneBy(array(
  225.             'function'        =>    $function,
  226.             'permission'    =>    $aclPerm
  227.         ));
  228.         if ($acl === null)        return false;
  230.         return $acl->getValue();
  231.     }
  233.     private function planningOptimisationIsActive()
  234.     {
  235.         // Check if option "planning_optimisation" is active in module planning
  236.         $planningOptimisationConfig $this->em->getRepository(OptionConfig::class)
  237.             ->findOneBy(array(
  238.                 'code'                =>    OptionConfig::PLANNING_OPTIMISATION_CODE,
  239.                 'societyGroup'        =>    $this->currentGroup,
  240.             ));
  242.         if ($planningOptimisationConfig !== null)
  243.         {
  244.             return $planningOptimisationConfig->getValue();
  245.         }
  247.         return false;
  248.     }
  250.     private function canOptimisePlanning(Access $accessAccessFunction $function)
  251.     {
  252.         // Check if option "planning_optimisation" is active in module planning
  253.         if (!$this->planningOptimisationIsActive())
  254.         {
  255.             return false;
  256.         }
  258.         // Get Acl_Permission
  259.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_OPTIMISE_PLANNING);
  260.         if ($aclPerm === null)        return false;
  262.         // Get Acl
  263.         $acl $this->aclRepository->findOneBy(array(
  264.             'function'        =>    $function,
  265.             'permission'    =>    $aclPerm
  266.         ));
  267.         if ($acl === null)        return false;
  269.         return $acl->getValue();
  270.     }
  271. }