src/Security/SocietyGroupDirectoryVoter.php line 48

Open in your IDE?
  1. <?php
  2. //------------------------------------------------------------------------------
  3. // src/Security/SocietyGroupDirectoryVoter.php
  4. //------------------------------------------------------------------------------
  5. namespace App\Security;
  7. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  8. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  9. use Doctrine\Persistence\ManagerRegistry;
  11. use App\Entity\Access;
  12. use App\Entity\SocietyGroup;
  13. use App\Entity\Config\Config;
  14. use App\Entity\Config\Module;
  15. use App\Entity\HR\AccessFunction;
  16. use App\Entity\Security\Acl;
  17. use App\Entity\Security\AclPermission;
  18. use App\Services\Config\ModuleTools;
  19. use App\Services\Config\OptionConfigTools;
  21. class SocietyGroupDirectoryVoter extends Voter
  22. {
  23.     //--------------------------------------------------------------------------------
  24.     // is_granted constants
  25.     // Plan.io Task #4652 : Added IS_ACTIVE_HANDLE_FAV
  26.     const VIEW "view_society_group_directory";
  27.     const EDIT "edit_society_group_directory";    
  28.     const IS_ACTIVE_HANDLE_FAV "handle_society_group_fav_is_active";    
  30.     const IS_GRANTED_CONSTANTS = array(
  31.         self::VIEW,
  32.         self::EDIT,        
  33.     );
  35.     //--------------------------------------------------------------------------------
  36.     // acl constants
  37.     const ACL_PERM_VIEW "society_group_directory_view";
  38.     const ACL_PERM_EDIT "society_group_directory_edit";
  40.     //--------------------------------------------------------------------------------
  42.     public function __construct(ManagerRegistry $doctrineModuleTools $moduleToolsOptionConfigTools $optionConfigTools)
  43.     {
  44.         $this->em $doctrine->getManager();
  45.         $this->moduleTools $moduleTools;
  46.         $this->optionConfigTools $optionConfigTools;
  48.         $this->aclRepository $this->em->getRepository(Acl::class);
  49.         $this->aclPermissionRepository $this->em->getRepository(AclPermission::class);
  50.     }
  52.     // Plan.io Task #4453 [See AccessVoter for details]
  53.     public function supportsAttribute(string $attribute): bool
  54.     {
  55.         return in_array($attributeself::IS_GRANTED_CONSTANTStrue);
  56.     }
  57.     
  58.     protected function supports(string $attribute$subject null): bool
  59.     {
  60.         // if the attribute isn't one we support, return false
  61.         if (!in_array($attributeself::IS_GRANTED_CONSTANTS))
  62.         {
  63.             return false;
  64.         }
  66.         // Only vote on SocietyGroup objects inside this voter
  67.         if ($subject !== null && !$subject instanceof SocietyGroup)
  68.         {
  69.             return false;
  70.         }
  72.         return true;
  73.     }
  75.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  76.     {
  77.         $user $token->getUser();
  79.         if (!$user instanceof Access)
  80.         {
  81.             // the user must be logged in; if not, deny access
  82.             return false;
  83.         }
  85.         // The user must have a function; if not deny access
  86.         $function $user->getFunction();
  87.         if ($function === null)        return false;
  89.         // Plan.io Task #3710 : Get current group
  90.         $currentGroup $user->getSocietyGroup();
  91.         if ($currentGroup === null)
  92.             return false;
  94.         // Module activated ?
  95.         if ($this->moduleTools->isInactiveByCode($currentGroupModule::MODULE_MISSION_PLUS))
  96.         {
  97.             return false;
  98.         }
  100.         // you know $subject is a SocietyGroup object, thanks to supports
  101.         /** @var SocietyGroup $societyGroup */
  102.         $societyGroup $subject;
  104.         switch ($attribute)
  105.         {
  106.             case self::IS_ACTIVE_HANDLE_FAV:
  107.             {
  108.                 return $this->optionConfigTools->isActive_HandleSocietyGroupFav($societyGroup);
  109.             }
  110.             case self::VIEW:
  111.             {
  112.                 return $this->canView($user$function$societyGroup);
  113.             }
  114.             case self::EDIT:
  115.             {
  116.                 return $this->canEdit($user$function);
  117.             }
  118.         }
  120.         throw new \LogicException('This code should not be reached!');
  121.     }
  123.     private function canView(Access $accessAccessFunction $function$societyGroup null)
  124.     {
  125.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW);
  127.         // If all are null, exit
  128.         if ($aclPerm === null)
  129.             return false;
  131.         // Get First one
  132.         if ($aclPerm !== null)
  133.         {
  134.             $acl $this->aclRepository->findOneBy(array(
  135.                 'function'        =>    $function,
  136.                 'permission'    =>    $aclPerm
  137.             ));
  138.             if ($acl !== null)
  139.             {
  140.                 if ($acl->getValue())
  141.                 {
  142.                     // A single positive answer is enough
  143.                     return true;
  144.                 }
  145.             }
  146.         }
  147.         // If we are here, all hope is lost
  148.         return false;
  149.     }
  151.     private function canEdit(Access $accessAccessFunction $function)
  152.     {
  153.         $aclPerm $this->aclPermissionRepository->findOneByName(self::ACL_PERM_EDIT);
  155.         // If all are null, exit
  156.         if ($aclPerm === null)
  157.             return false;
  159.         // Get First one
  160.         if ($aclPerm !== null)
  161.         {
  162.             $acl $this->aclRepository->findOneBy(array(
  163.                 'function'        =>    $function,
  164.                 'permission'    =>    $aclPerm
  165.             ));
  166.             if ($acl !== null)
  167.             {
  168.                 if ($acl->getValue())
  169.                 {
  170.                     // A single positive answer is enough
  171.                     return true;
  172.                 }
  173.             }
  174.         }
  175.         // If we are here, all hope is lost
  176.         return false;
  177.     }
  178. }