Symfony Profiler

<?php
//------------------------------------------------------------------------------
// src/Security/StoreVoter.php
//------------------------------------------------------------------------------
namespace App\Security;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Doctrine\Persistence\ManagerRegistry;
use App\Entity\Access;
use App\Entity\Client\Store;
use App\Entity\Config\Config;
use App\Entity\Config\Module;
use App\Entity\HR\AccessFunction;
use App\Entity\Security\Acl;
use App\Entity\Security\AclPermission;
use App\Services\Config\ModuleTools;
class StoreVoter extends Voter
{
const ADD = "add_store";
const LISTING = "list_stores";
const VIEW = "view_store";
const EDIT = "edit_store";
const IS_GRANTED_CONSTANTS = array(
self::ADD,
self::LISTING,
self::VIEW,
self::EDIT,
);
//--------------------------------------------------------------------------------
// acl constants
const ACL_PERM_ADD = "store_add";
const ACL_PERM_LISTING = "store_list";
const ACL_PERM_VIEW = "store_view";
const ACL_PERM_EDIT = "store_edit";
//--------------------------------------------------------------------------------
public function __construct(ManagerRegistry $doctrine, ModuleTools $moduleTools)
{
$this->em = $doctrine->getManager();
$this->moduleTools = $moduleTools;
$this->aclRepository = $this->em->getRepository(Acl::class);
$this->aclPermissionRepository = $this->em->getRepository(AclPermission::class);
}
// Plan.io Task #4453 [See AccessVoter for details]
public function supportsAttribute(string $attribute): bool
{
return in_array($attribute, self::IS_GRANTED_CONSTANTS, true);
}
protected function supports(string $attribute, $subject): bool
{
// if the attribute isn't one we support, return false
if (!in_array($attribute, self::IS_GRANTED_CONSTANTS))
{
return false;
}
// only vote on Store objects inside this voter
if ($subject !== null && !$subject instanceof Store)
{
return false;
}
return true;
}
protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
{
$user = $token->getUser();
if (!$user instanceof Access)
{
// the user must be logged in; if not, deny access
return false;
}
// The user must have a function; if not deny access
$function = $user->getFunction();
if ($function === null) return false;
// Plan.io Task #3710 : Get current group
$currentGroup = $user->getSocietyGroup();
if ($currentGroup === null)
return false;
$this->currentGroup = $currentGroup;
// Module activated ?
if ($this->moduleTools->isInactiveByCode($currentGroup, Module::MODULE_CLIENT) && $this->moduleTools->isInactiveByCode($currentGroup, Module::MODULE_CLIENT_LIGHT))
{
return false;
}
// you know $subject is a Store object, thanks to supports
/** @var Store $store */
$store = $subject;
// Check current group affectation
if ($subject !== null)
{
$subjectGroup = $subject->getSocietyGroup();
if ($subjectGroup === null)
return false;
if (!$currentGroup->equals($subjectGroup))
return false;
}
switch ($attribute)
{
case self::ADD:
return $this->canAdd($user, $function);
case self::LISTING:
return $this->canList($user, $function);
case self::VIEW:
return $this->canView($store, $user, $function);
case self::EDIT:
return $this->canEdit($store, $user, $function);
}
throw new \LogicException('This code should not be reached!');
}
private function canAdd(Access $access, AccessFunction $function)
{
// Module activated ?
// CLIENT_LIGHT cannot add Clients / Stores
if ($this->moduleTools->isInactiveByCode($this->currentGroup, Module::MODULE_CLIENT))
{
return false;
}
// Get Acl_Permission
$aclPerm = $this->aclPermissionRepository->findOneByName(self::ACL_PERM_ADD);
if ($aclPerm === null) return false;
// Get Acl
$acl = $this->aclRepository->findOneBy(array(
'function' => $function,
'permission' => $aclPerm
));
if ($acl === null) return false;
return $acl->getValue();
}
private function canList(Access $access, AccessFunction $function)
{
// Restrictions are also applied in the Controller
// But this helps speeding page loading if the access is not even allowed to load the page
// (ie. if it has no list privileges whatsoever)
// Get Acl_Permission
$aclPerm = $this->aclPermissionRepository->findOneByName(self::ACL_PERM_LISTING);
if ($aclPerm === null) return false;
// Get Acl
$acl = $this->aclRepository->findOneBy(array(
'function' => $function,
'permission' => $aclPerm
));
if ($acl === null) return false;
// Since only one list type can exist for the Stores,
// we can return the result of the acl_permission
return $acl->getValue();
}
private function canView(Store $store, Access $access, AccessFunction $function)
{
// Several Acl_Permission exist
$aclPerm = $this->aclPermissionRepository->findOneByName(self::ACL_PERM_VIEW);
// If all are null, exit
if ($aclPerm === null)
return false;
// Get First one (view all)
if ($aclPerm !== null)
{
$acl = $this->aclRepository->findOneBy(array(
'function' => $function,
'permission' => $aclPerm
));
if ($acl !== null)
{
if ($acl->getValue())
{
// A single positive answer is enough
return true;
}
}
}
// If we are here, all hope is lost
return false;
}
private function canEdit(Store $store, Access $access, AccessFunction $function)
{
// Several Acl_Permission exist
$aclPerm = $this->aclPermissionRepository->findOneByName(self::ACL_PERM_EDIT);
// If all are null, exit
if ($aclPerm === null)
return false;
// Get First one (view all)
if ($aclPerm !== null)
{
$acl = $this->aclRepository->findOneBy(array(
'function' => $function,
'permission' => $aclPerm
));
if ($acl !== null)
{
if ($acl->getValue())
{
// A single positive answer is enough
return true;
}
}
}
// If we are here, all hope is lost
return false;
}
}

src/Security/StoreVoter.php line 20