src/Security/RHFormVoter.php line 103

Open in your IDE?
  1. <?php
  2. //------------------------------------------------------------------------------
  3. // src/Security/RHFormVoter.php
  4. //------------------------------------------------------------------------------
  5. namespace App\Security;
  7. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  8. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  9. use Doctrine\Persistence\ManagerRegistry;
  11. use App\Entity\Access;
  12. use App\Entity\Config\Config;
  13. use App\Entity\Config\Module;
  14. use App\Entity\HR\AccessFunction;
  15. use App\Entity\HR\RHForm\RHForm;
  16. use App\Entity\Platform\Society;
  17. use App\Entity\Security\Acl;
  18. use App\Entity\Security\AclPermission;
  19. use App\Services\Config\ModuleTools;
  21. class RHFormVoter extends Voter
  22. {
  23.     //--------------------------------------------------------------------------------
  24.     // is_granted special constant
  25.     const IS_ACTIVE "rhform_is_active";
  27.     //--------------------------------------------------------------------------------
  28.     // is_granted constants
  29.     const ADD "add_rh_form";
  30.     const ADD_FOR_OTHERS "add_rh_form_for_others";
  31.     const ADD_ANY "add_rh_form_any";
  32.     const ADD_ALL "add_rh_form_all";    // Plan.io Task #462
  34.     const LISTING "list_rh_forms";
  35.     const LISTING_SOCIETY "list_rh_forms_society";
  36.     const LISTING_OWN "list_rh_forms_own";
  37.     const LISTING_ANY "list_rh_forms_any";
  39.     const LISTING_OTHER_THAN_OWN "list_rh_forms_other_than_own";
  41.     const VIEW "view_rh_form";
  43.     const EDIT "edit_rh_form";
  44.     const EDIT_STATUS "edit_rh_form_status";
  45.     const EDIT_DATES "edit_rh_form_dates";
  46.     const EDIT_HOURS "edit_rh_form_hours";
  48.     const DELETE "delete_rh_form";
  50.     const IS_GRANTED_CONSTANTS = array(
  51.         self::IS_ACTIVE,
  52.         self::ADD,
  53.         self::ADD_FOR_OTHERS,
  54.         self::ADD_ANY,
  55.         self::ADD_ALL,
  56.         self::LISTING,
  57.         self::LISTING_SOCIETY,
  58.         self::LISTING_OWN,
  59.         self::LISTING_ANY,
  60.         self::LISTING_OTHER_THAN_OWN,
  61.         self::VIEW,
  62.         self::EDIT,
  63.         self::EDIT_STATUS,
  64.         self::EDIT_DATES,
  65.         self::EDIT_HOURS,
  66.         self::DELETE,
  67.     );
  69.     //--------------------------------------------------------------------------------
  70.     // acl constants
  71.     const ACL_PERM_ADD "rh_form_add";
  72.     const ACL_PERM_ADD_FOR_OTHERS "rh_form_add_for_others";
  73.     const ACL_PERM_ADD_ALL "rh_form_add_all";
  75.     const ACL_PERM_LISTING "rh_form_list";
  76.     const ACL_PERM_LISTING_SOCIETY "rh_form_list_society";
  77.     const ACL_PERM_LISTING_OWN "rh_form_list_own";
  79.     const ACL_PERM_VIEW "rh_form_view";
  80.     const ACL_PERM_VIEW_SOCIETY "rh_form_view_society";
  81.     const ACL_PERM_VIEW_OWN "rh_form_view_own";
  83.     const ACL_PERM_EDIT "rh_form_edit";
  84.     const ACL_PERM_EDIT_SOCIETY "rh_form_edit_society";
  85.     const ACL_PERM_EDIT_OWN "rh_form_edit_own";
  87.     const ACL_PERM_EDIT_STATUS "rh_form_edit_status";
  88.     const ACL_PERM_EDIT_STATUS_SOCIETY "rh_form_edit_status_society";
  90.     const ACL_PERM_EDIT_DATES "rh_form_edit_dates";
  91.     const ACL_PERM_EDIT_DATES_SOCIETY "rh_form_edit_dates_society";
  93.     const ACL_PERM_EDIT_HOURS "rh_form_hours_edit";
  94.     const ACL_PERM_EDIT_HOURS_SOCIETY "rh_form_hours_edit_society";
  96.     //--------------------------------------------------------------------------------
  98.     public function __construct(ManagerRegistry $doctrineModuleTools $moduleTools)
  99.     {
  100.         $this->em $doctrine->getManager();
  101.         $this->moduleTools $moduleTools;
  103.         $this->aclRepository $this->em->getRepository(Acl::class);
  104.         $this->aclPermissionRepository $this->em->getRepository(AclPermission::class);
  105.     }
  107.     // Plan.io Task #4453 [See AccessVoter for details]
  108.     public function supportsAttribute(string $attribute): bool
  109.     {
  110.         return in_array($attributeself::IS_GRANTED_CONSTANTStrue);
  111.     }
  113.     protected function supports(string $attribute$subject null): bool
  114.     {
  115.         // if the attribute isn't one we support, return false
  116.         if (!in_array($attributeself::IS_GRANTED_CONSTANTS))
  117.         {
  118.             return false;
  119.         }
  121.         // only vote on RHForm objects inside this voter
  122.         if ($subject !== null && !$subject instanceof RHForm)
  123.         {
  124.             return false;
  125.         }
  127.         return true;
  128.     }
  130.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  131.     {
  132.         $user $token->getUser();
  134.         if (!$user instanceof Access)
  135.         {
  136.             // the user must be logged in; if not, deny access
  137.             return false;
  138.         }
  140.         // The user must have a function; if not deny access
  141.         $function $user->getFunction();
  142.         if ($function === null)        return false;
  144.         // Plan.io Task #3710 : Get current group
  145.         $currentGroup $user->getSocietyGroup();
  146.         if ($currentGroup === null)
  147.             return false;
  149.         // Module activated ?
  150.         if ($this->moduleTools->isInactiveByCode($currentGroupModule::MODULE_RHFORM))
  151.         {
  152.             return false;
  153.         }
  155.         // you know $subject is a RHForm object, thanks to supports
  156.         /** @var RHForm $rhForm */
  157.         $rhForm $subject;
  159.         // Check current group affectation
  160.         // Exception : own forms
  161.         if ($subject !== null && $subject->getAccess() !== null && !$subject->getAccess()->equals($user))
  162.         {
  163.             $subjectSociety $subject->getSociety();
  164.             if ($subjectSociety === null)
  165.                 return false;
  166.             $subjectGroup $subjectSociety->getGroup();
  167.             if ($subjectGroup === null)
  168.                 return false;
  169.             if (!$currentGroup->equals($subjectGroup))
  170.                 return false;
  171.         }
  173.         switch ($attribute)
  174.         {
  175.             // This is handled in the voteOnAttribute function,
  176.             // if we are here it means that the rhforms option is active
  177.             case self::IS_ACTIVE:
  178.                 return true;
  180.             case self::ADD:
  181.                 return $this->canAdd($user$function);
  182.             case self::ADD_FOR_OTHERS:
  183.                 return $this->canAddForOthers($user$function);
  184.             case self::ADD_ANY:
  185.                 return $this->canAddAny($user$function);
  186.             case self::ADD_ALL:
  187.                 return $this->canAddAll($user$function);
  189.             case self::LISTING:
  190.                 return $this->canList($user$function);
  191.             case self::LISTING_SOCIETY:
  192.                 return $this->canListSociety($user$function);
  193.             case self::LISTING_OWN:
  194.                 return $this->canListOwn($user$function);
  195.             case self::LISTING_ANY:
  196.                 return $this->canListAny($user$function);
  197.             case self::LISTING_OTHER_THAN_OWN:
  198.                 return $this->canListOtherThanOwn($user$function);
  200.             case self::VIEW:
  201.                 return $this->canView($rhForm$user$function);
  203.             case self::EDIT:
  204.                 return $this->canEdit($rhForm$user$function);
  205.             case self::EDIT_STATUS:
  206.                 return $this->canEditStatus($rhForm$user$function);
  207.             case self::EDIT_DATES:
  208.                 return $this->canEditDates($rhForm$user$function);
  209.             case self::EDIT_HOURS:
  210.                 return $this->canEditHours($rhForm$user$function);
  212.             case self::DELETE:
  213.                 return $this->canDelete($rhForm$user$function);
  214.         }
  216.         throw new \LogicException('This code should not be reached!');
  217.     }
  219.     // $access is the user trying to load the resource
  220.     // $rhForm is the resource being loaded
  222.     // Check if the Society of the resource
  223.     // belongs to the societies of the $access
  224.     private function checkSociety(RHForm $rhFormAccess $access)
  225.     {
  226.         // Get all the societies of the access
  227.         $societies $access->getSocieties();
  229.         // Get the Society of the RHForm
  230.         $rhFormSociety $rhForm->getSociety();
  232.         if ($rhFormSociety === null)
  233.             return false;
  235.         $found false;
  236.         foreach ($societies as $society)
  237.         {
  238.             if ($society->getId() == $rhFormSociety->getId())
  239.             {
  240.                 $found true;
  241.                 break;
  242.             }
  243.         }
  244.         return $found;
  245.     }
  247.     // Check if the $access is the author / access of the $rhForm
  248.     private function checkOwn(RHForm $rhFormAccess $access)
  249.     {
  250.         // Get author
  251.         $author $rhForm->getAuthor();
  252.         if ($author === null)
  253.             return false;
  255.         if ($author->getId() === $access->getId())
  256.             return true;
  258.         // Get access
  259.         $theOne $rhForm->getAccess();
  260.         if ($theOne === null)
  261.             return false;
  263.         if ($theOne->getId() === $access->getId())
  264.             return true;
  266.         return false;
  267.     }
  269.     private function canAdd(Access $userAccessFunction $function)
  270.     {
  271.         // Get Acl_Permission
  272.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_ADD);
  273.         if ($aclPerm === null)        return false;
  275.         // Get Acl
  276.         $acl $this->aclRepository->findOneBy(array(
  277.             'function'        =>    $function,
  278.             'permission'    =>    $aclPerm
  279.         ));
  280.         if ($acl === null)        return false;
  282.         // Since only one acl type can exist
  283.         // we can return the result of the acl_permission
  284.         return $acl->getValue();
  285.     }
  287.     private function canAddForOthers(Access $userAccessFunction $function)
  288.     {
  289.         // Get Acl_Permission
  290.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_ADD_FOR_OTHERS);
  291.         if ($aclPerm === null)        return false;
  293.         // Get Acl
  294.         $acl $this->aclRepository->findOneBy(array(
  295.             'function'        =>    $function,
  296.             'permission'    =>    $aclPerm
  297.         ));
  298.         if ($acl === null)        return false;
  300.         // Since only one acl type can exist
  301.         // we can return the result of the acl_permission
  302.         return $acl->getValue();
  303.     }
  305.     private function canAddAll(Access $userAccessFunction $function)
  306.     {
  307.         // Get Acl_Permission
  308.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_ADD_ALL);
  309.         if ($aclPerm === null)        return false;
  311.         // Get Acl
  312.         $acl $this->aclRepository->findOneBy(array(
  313.             'function'        =>    $function,
  314.             'permission'    =>    $aclPerm
  315.         ));
  316.         if ($acl === null)        return false;
  318.         // Since only one acl type can exist
  319.         // we can return the result of the acl_permission
  320.         return $acl->getValue();
  321.     }
  323.     private function canAddAny(Access $userAccessFunction $function)
  324.     {
  325.         // Three Acl_Permission may exist
  326.         // The third one was added for Plan.io Task #4239
  327.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_ADD);
  328.         $aclPermOthers $this->aclPermissionRepository->findOneByName(self::ACL_PERM_ADD_FOR_OTHERS);
  329.         $aclPermAll $this->aclPermissionRepository->findOneByName(self::ACL_PERM_ADD_ALL);
  331.         // If all are null, exit
  332.         if ($aclPerm === null && $aclPermOthers === null && $aclPermAll === null)
  333.             return false;
  335.         // Get First one
  336.         if ($aclPerm !== null)
  337.         {
  338.             $acl $this->aclRepository->findOneBy(array(
  339.                 'function'        =>    $function,
  340.                 'permission'    =>    $aclPerm
  341.             ));
  342.             if ($acl !== null)
  343.             {
  344.                 if ($acl->getValue())
  345.                 {
  346.                     // A single positive answer is enough
  347.                     return true;
  348.                 }
  349.             }
  350.         }
  351.         // If we are here it means that nothing good has been found
  352.         // Load second permission
  353.         if ($aclPermOthers !== null)
  354.         {
  355.             $acl $this->aclRepository->findOneBy(array(
  356.                 'function'        =>    $function,
  357.                 'permission'    =>    $aclPermOthers
  358.             ));
  359.             if ($acl !== null)
  360.             {
  361.                 if ($acl->getValue())
  362.                 {
  363.                     // A single positive answer is enough
  364.                     return true;
  365.                 }
  366.             }
  367.         }
  368.         // If we are here it means that nothing good has been found
  369.         // Load third permission
  370.         if ($aclPermAll !== null)
  371.         {
  372.             $acl $this->aclRepository->findOneBy(array(
  373.                 'function'        =>    $function,
  374.                 'permission'    =>    $aclPermAll
  375.             ));
  376.             if ($acl !== null)
  377.             {
  378.                 if ($acl->getValue())
  379.                 {
  380.                     // A single positive answer is enough
  381.                     return true;
  382.                 }
  383.             }
  384.         }
  385.         // If we are here, all hope is lost
  386.         return false;
  387.     }
  389.     private function canList(Access $userAccessFunction $function)
  390.     {
  391.         // Get Acl_Permission
  392.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_LISTING);
  393.         if ($aclPerm === null)        return false;
  395.         // Get Acl
  396.         $acl $this->aclRepository->findOneBy(array(
  397.             'function'        =>    $function,
  398.             'permission'    =>    $aclPerm
  399.         ));
  400.         if ($acl === null)        return false;
  402.         // Since only one acl type can exist
  403.         // we can return the result of the acl_permission
  404.         return $acl->getValue();
  405.     }
  407.     private function canListSociety(Access $userAccessFunction $function)
  408.     {
  409.         // Get Acl_Permission
  410.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_LISTING_SOCIETY);
  411.         if ($aclPerm === null)        return false;
  413.         // Get Acl
  414.         $acl $this->aclRepository->findOneBy(array(
  415.             'function'        =>    $function,
  416.             'permission'    =>    $aclPerm
  417.         ));
  418.         if ($acl === null)        return false;
  420.         // Since only one acl type can exist
  421.         // we can return the result of the acl_permission
  422.         // Further filtering is done in the Controller
  423.         return $acl->getValue();
  424.     }
  426.     private function canListOwn(Access $userAccessFunction $function)
  427.     {
  428.         // Get Acl_Permission
  429.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_LISTING_OWN);
  430.         if ($aclPerm === null)        return false;
  432.         // Get Acl
  433.         $acl $this->aclRepository->findOneBy(array(
  434.             'function'        =>    $function,
  435.             'permission'    =>    $aclPerm
  436.         ));
  437.         if ($acl === null)        return false;
  439.         // Since only one acl type can exist
  440.         // we can return the result of the acl_permission
  441.         // Further filtering is done in the Controller
  442.         return $acl->getValue();
  443.     }
  445.     private function canListAny(Access $userAccessFunction $function)
  446.     {
  447.         // Two Acl_Permission may exist
  448.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_LISTING);
  449.         $aclPermSociety $this->aclPermissionRepository->findOneByName(self::ACL_PERM_LISTING_SOCIETY);
  450.         $aclPermOwn $this->aclPermissionRepository->findOneByName(self::ACL_PERM_LISTING_OWN);
  452.         // If both are null, exit
  453.         if ($aclPerm === null && $aclPermSociety === null && $aclPermOwn === null)
  454.             return false;
  456.         // Get First one
  457.         if ($aclPerm !== null)
  458.         {
  459.             $acl $this->aclRepository->findOneBy(array(
  460.                 'function'        =>    $function,
  461.                 'permission'    =>    $aclPerm
  462.             ));
  463.             if ($acl !== null)
  464.             {
  465.                 if ($acl->getValue())
  466.                 {
  467.                     // A single positive answer is enough
  468.                     return true;
  469.                 }
  470.             }
  471.         }
  472.         // If we are here it means that nothing good has been found
  473.         // Load second permission
  474.         if ($aclPermSociety !== null)
  475.         {
  476.             $acl $this->aclRepository->findOneBy(array(
  477.                 'function'        =>    $function,
  478.                 'permission'    =>    $aclPermSociety
  479.             ));
  480.             if ($acl !== null)
  481.             {
  482.                 if ($acl->getValue())
  483.                 {
  484.                     // A single positive answer is enough
  485.                     return true;
  486.                 }
  487.             }
  488.         }
  489.         // If we are here it means that nothing good has been found
  490.         // Load third permission
  491.         if ($aclPermOwn !== null)
  492.         {
  493.             $acl $this->aclRepository->findOneBy(array(
  494.                 'function'        =>    $function,
  495.                 'permission'    =>    $aclPermOwn
  496.             ));
  497.             if ($acl !== null)
  498.             {
  499.                 if ($acl->getValue())
  500.                 {
  501.                     // A single positive answer is enough
  502.                     return true;
  503.                 }
  504.             }
  505.         }
  506.         // If we are here, all hope is lost
  507.         return false;
  508.     }
  510.     private function canListOtherThanOwn(Access $userAccessFunction $function)
  511.     {
  512.         // Two Acl_Permission may exist
  513.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_LISTING);
  514.         $aclPermSociety $this->aclPermissionRepository->findOneByName(self::ACL_PERM_LISTING_SOCIETY);
  516.         // If both are null, exit
  517.         if ($aclPerm === null && $aclPermSociety === null)
  518.             return false;
  520.         // Get First one
  521.         if ($aclPerm !== null)
  522.         {
  523.             $acl $this->aclRepository->findOneBy(array(
  524.                 'function'        =>    $function,
  525.                 'permission'    =>    $aclPerm
  526.             ));
  527.             if ($acl !== null)
  528.             {
  529.                 if ($acl->getValue())
  530.                 {
  531.                     // A single positive answer is enough
  532.                     return true;
  533.                 }
  534.             }
  535.         }
  536.         // If we are here it means that nothing good has been found
  537.         // Load second permission
  538.         if ($aclPermSociety !== null)
  539.         {
  540.             $acl $this->aclRepository->findOneBy(array(
  541.                 'function'        =>    $function,
  542.                 'permission'    =>    $aclPermSociety
  543.             ));
  544.             if ($acl !== null)
  545.             {
  546.                 if ($acl->getValue())
  547.                 {
  548.                     // A single positive answer is enough
  549.                     return true;
  550.                 }
  551.             }
  552.         }
  554.         // If we are here, all hope is lost
  555.         return false;
  556.     }
  558.     private function canView(RHForm $rhFormAccess $userAccessFunction $function)
  559.     {
  560.         // Three Acl_Permission may exist
  561.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW);
  562.         $aclPermSociety $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW_SOCIETY);
  563.         $aclPermOwn $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW_OWN);
  565.         // If all are null, exit
  566.         if ($aclPerm === null && $aclPermSociety === null && $aclPermOwn === null)
  567.             return false;
  569.         // Get First one
  570.         if ($aclPerm !== null)
  571.         {
  572.             $acl $this->aclRepository->findOneBy(array(
  573.                 'function'        =>    $function,
  574.                 'permission'    =>    $aclPerm
  575.             ));
  576.             if ($acl !== null)
  577.             {
  578.                 if ($acl->getValue())
  579.                 {
  580.                     // A single positive answer is enough
  581.                     return true;
  582.                 }
  583.             }
  584.         }
  585.         // If we are here it means that nothing good has been found
  586.         // Load second permission
  587.         if ($aclPermSociety !== null)
  588.         {
  589.             $acl $this->aclRepository->findOneBy(array(
  590.                 'function'        =>    $function,
  591.                 'permission'    =>    $aclPermSociety
  592.             ));
  593.             if ($acl !== null)
  594.             {
  595.                 if ($acl->getValue())
  596.                 {
  597.                     // A single positive answer is enough
  598.                     // In this case the good answer will be provided by the checkSociety
  599.                     return $this->checkSociety($rhForm$user);
  600.                 }
  601.             }
  602.         }
  603.         // If we are here it means that nothing good has been found
  604.         // Load third permission
  605.         if ($aclPermOwn !== null)
  606.         {
  607.             $acl $this->aclRepository->findOneBy(array(
  608.                 'function'        =>    $function,
  609.                 'permission'    =>    $aclPermOwn
  610.             ));
  611.             if ($acl !== null)
  612.             {
  613.                 if ($acl->getValue())
  614.                 {
  615.                     // A single positive answer is enough
  616.                     // In this case the good answer will be provided by the checkSociety
  617.                     return $this->checkOwn($rhForm$user);
  618.                 }
  619.             }
  620.         }
  621.         // If we are here, all hope is lost
  622.         return false;
  623.     }
  625.     private function canEdit(RHForm $rhFormAccess $userAccessFunction $function)
  626.     {
  627.         // Two Acl_Permission may exist
  628.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_EDIT);
  629.         $aclPermSociety $this->aclPermissionRepository->findOneByName(self::ACL_PERM_EDIT_SOCIETY);
  630.         $aclPermOwn $this->aclPermissionRepository->findOneByName(self::ACL_PERM_EDIT_OWN);
  632.         // If all are null, exit
  633.         if ($aclPerm === null && $aclPermSociety === null && $aclPermOwn === null)
  634.             return false;
  636.         // Get First one
  637.         if ($aclPerm !== null)
  638.         {
  639.             $acl $this->aclRepository->findOneBy(array(
  640.                 'function'        =>    $function,
  641.                 'permission'    =>    $aclPerm
  642.             ));
  643.             if ($acl !== null)
  644.             {
  645.                 if ($acl->getValue())
  646.                 {
  647.                     // A single positive answer is enough
  648.                     return true;
  649.                 }
  650.             }
  651.         }
  653.         // If we are here it means that nothing good has been found
  654.         // Load second permission
  655.         if ($aclPermSociety !== null)
  656.         {
  657.             $acl $this->aclRepository->findOneBy(array(
  658.                 'function'        =>    $function,
  659.                 'permission'    =>    $aclPermSociety
  660.             ));
  661.             if ($acl !== null)
  662.             {
  663.                 if ($acl->getValue())
  664.                 {
  665.                     // A single positive answer is enough
  666.                     // In this case the good answer will be provided by the checkSociety
  667.                     return $this->checkSociety($rhForm$user);
  668.                 }
  669.             }
  670.         }
  672.         // If we are here it means that nothing good has been found
  673.         // Load third permission
  674.         if ($aclPermOwn !== null)
  675.         {
  676.             $acl $this->aclRepository->findOneBy(array(
  677.                 'function'        =>    $function,
  678.                 'permission'    =>    $aclPermOwn
  679.             ));
  680.             if ($acl !== null)
  681.             {
  682.                 if ($acl->getValue())
  683.                 {
  684.                     // A single positive answer is enough
  685.                     // In this case the good answer will be provided by the checkSociety
  686.                     return $this->checkOwn($rhForm$user);
  687.                 }
  688.             }
  689.         }
  690.         // If we are here, all hope is lost
  691.         return false;
  692.     }
  694.     private function canEditStatus(RHForm $rhFormAccess $userAccessFunction $function)
  695.     {
  696.         // If annuled no one can edit sttaus
  697.         if ($rhForm->isAnnulled())
  698.             return false;
  700.         // Two Acl_Permission may exist
  701.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_EDIT_STATUS);
  702.         $aclPermSociety $this->aclPermissionRepository->findOneByName(self::ACL_PERM_EDIT_STATUS_SOCIETY);
  704.         // If all are null, exit
  705.         if ($aclPerm === null && $aclPermSociety === null)
  706.             return false;
  708.         // Get First one
  709.         if ($aclPerm !== null)
  710.         {
  711.             $acl $this->aclRepository->findOneBy(array(
  712.                 'function'        =>    $function,
  713.                 'permission'    =>    $aclPerm
  714.             ));
  715.             if ($acl !== null)
  716.             {
  717.                 if ($acl->getValue())
  718.                 {
  719.                     // A single positive answer is enough
  720.                     return true;
  721.                 }
  722.             }
  723.         }
  724.         // If we are here it means that nothing good has been found
  725.         // Load second permission
  726.         if ($aclPermSociety !== null)
  727.         {
  728.             $acl $this->aclRepository->findOneBy(array(
  729.                 'function'        =>    $function,
  730.                 'permission'    =>    $aclPermSociety
  731.             ));
  732.             if ($acl !== null)
  733.             {
  734.                 if ($acl->getValue())
  735.                 {
  736.                     // A single positive answer is enough
  737.                     // In this case the good answer will be provided by the checkSociety
  738.                     return $this->checkSociety($rhForm$user);
  739.                 }
  740.             }
  741.         }
  743.         // If we are here, all hope is lost
  744.         return false;
  745.     }
  747.     private function canEditDates(RHForm $rhFormAccess $userAccessFunction $function)
  748.     {
  749.         // If waiting validation, everyone can edit dates
  750.         if ($rhForm->isWaitingValidation())
  751.             return true;
  753.         // If closed or annuled no one can edit dates
  754.         if ($rhForm->isPartiallyClosed() || $rhForm->isClosed() || $rhForm->isAnnulled())
  755.             return false;
  757.         // Two Acl_Permission may exist
  758.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_EDIT_DATES);
  759.         $aclPermSociety $this->aclPermissionRepository->findOneByName(self::ACL_PERM_EDIT_DATES_SOCIETY);
  761.         // If all are null, exit
  762.         if ($aclPerm === null && $aclPermSociety === null)
  763.             return false;
  765.         // Get First one
  766.         if ($aclPerm !== null)
  767.         {
  768.             $acl $this->aclRepository->findOneBy(array(
  769.                 'function'        =>    $function,
  770.                 'permission'    =>    $aclPerm
  771.             ));
  772.             if ($acl !== null)
  773.             {
  774.                 if ($acl->getValue())
  775.                 {
  776.                     // A single positive answer is enough
  777.                     return true;
  778.                 }
  779.             }
  780.         }
  781.         // If we are here it means that nothing good has been found
  782.         // Load second permission
  783.         if ($aclPermSociety !== null)
  784.         {
  785.             $acl $this->aclRepository->findOneBy(array(
  786.                 'function'        =>    $function,
  787.                 'permission'    =>    $aclPermSociety
  788.             ));
  789.             if ($acl !== null)
  790.             {
  791.                 if ($acl->getValue())
  792.                 {
  793.                     // A single positive answer is enough
  794.                     // In this case the good answer will be provided by the checkSociety
  795.                     return $this->checkSociety($rhForm$user);
  796.                 }
  797.             }
  798.         }
  800.         // If we are here, all hope is lost
  801.         return false;
  802.     }
  804.     private function canEditHours(RHForm $rhFormAccess $userAccessFunction $function)
  805.     {
  806.         // Only available for RHForm_Hours
  807.         if ($rhForm->isHours() === false)
  808.             return false;
  810.         // Two Acl_Permission may exist
  811.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_EDIT_HOURS);
  812.         $aclPermSociety $this->aclPermissionRepository->findOneByName(self::ACL_PERM_EDIT_HOURS_SOCIETY);
  814.         // If all are null, exit
  815.         if ($aclPerm === null && $aclPermSociety === null)
  816.             return false;
  818.         // Get First one
  819.         if ($aclPerm !== null)
  820.         {
  821.             $acl $this->aclRepository->findOneBy(array(
  822.                 'function'        =>    $function,
  823.                 'permission'    =>    $aclPerm
  824.             ));
  825.             if ($acl !== null)
  826.             {
  827.                 if ($acl->getValue())
  828.                 {
  829.                     // A single positive answer is enough
  830.                     return true;
  831.                 }
  832.             }
  833.         }
  834.         // If we are here it means that nothing good has been found
  835.         // Load second permission
  836.         if ($aclPermSociety !== null)
  837.         {
  838.             $acl $this->aclRepository->findOneBy(array(
  839.                 'function'        =>    $function,
  840.                 'permission'    =>    $aclPermSociety
  841.             ));
  842.             if ($acl !== null)
  843.             {
  844.                 if ($acl->getValue())
  845.                 {
  846.                     // A single positive answer is enough
  847.                     // In this case the good answer will be provided by the checkSociety
  848.                     return $this->checkSociety($rhForm$user);
  849.                 }
  850.             }
  851.         }
  853.         // If we are here, all hope is lost
  854.         return false;
  855.     }
  857.     private function canDelete(RHForm $rhFormAccess $userAccessFunction $function)
  858.     {
  859.         return false;
  860.     }
  861. }