src/Security/ClientPlatform/CommonVoter.php line 22

Open in your IDE?
  1. <?php
  2. //------------------------------------------------------------------------------
  3. // src/Security/CommonVoter.php
  4. // OK @ Plan.io Task #3710
  5. //------------------------------------------------------------------------------
  6. namespace App\Security\ClientPlatform;
  8. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  9. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  10. use Symfony\Component\Security\Core\Security;
  11. use Doctrine\Persistence\ManagerRegistry;
  13. use App\Entity\AccessClient\AccessClient;
  14. use App\Entity\Common\Attachment;
  15. use App\Entity\Platform\Devis\Devis;
  16. use App\Entity\Platform\Invoice\Invoice;
  17. use App\Entity\ProjectManager\ProjectNotebook;
  18. use App\Entity\Webapp\Document;
  19. use App\Services\AccessClient\AccessClientTools;
  20. use App\Services\LogTools;
  22. class CommonVoter extends Voter
  23. {
  24.     //--------------------------------------------------------------------------------
  25.     // is_granted constants
  26.     const VIEW_ATTACHMENT "client_platform_view_attachment";
  27.     const VIEW_DEVIS_PDF "client_platform_view_devis_pdf";
  28.     const VIEW_DOCUMENT_PDF "client_platform_view_document_pdf";
  29.     const VIEW_INVOICE_PDF "client_platform_view_invoice_pdf";
  30.     // Plan.io Task #4624 #4654 
  31.     const VIEW_PROJECT_NOTEBOOK_PDF "client_platform_view_project_notebook_pdf";
  33.     const IS_GRANTED_CONSTANTS = array(
  34.         self::VIEW_ATTACHMENT,
  35.         self::VIEW_DEVIS_PDF,
  36.         self::VIEW_DOCUMENT_PDF,
  37.         self::VIEW_INVOICE_PDF,
  38.         self::VIEW_PROJECT_NOTEBOOK_PDF,
  39.     );
  41.     //--------------------------------------------------------------------------------
  42.     // acl constants
  43.     //--------------------------------------------------------------------------------
  45.     public function __construct(Security $securityManagerRegistry $doctrineAccessClientTools $accessClientToolsLogTools $logTools)
  46.     {
  47.         $this->security $security;
  48.         $this->em $doctrine->getManager();
  49.         $this->accessClientTools $accessClientTools;
  50.         $this->logTools $logTools;
  51.     }
  53.     protected function supports(string $attribute$subject): bool
  54.     {
  55.         // if the attribute isn't one we support, return false
  56.         if (!in_array($attributeself::IS_GRANTED_CONSTANTS))
  57.         {
  58.             return false;
  59.         }
  61.         // only vote on Attachment|Devis|Document|Invoice|ProjectNotebook objects inside this voter
  62.         if ($subject !== null)
  63.         {
  64.             if (!($subject instanceof Attachment) &&
  65.                 !($subject instanceof Devis) &&
  66.                 !($subject instanceof Document) &&
  67.                 !($subject instanceof Invoice) &&
  68.                 !($subject instanceof ProjectNotebook))
  69.             return false;
  70.         }
  72.         return true;
  73.     }
  75.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  76.     {
  77.         // Only AccessClient with ROLE_CLIENT
  78.         if (!$this->security->isGranted('ROLE_CLIENT'))
  79.             return false;
  81.         $user $token->getUser();
  83.         if (!$user instanceof AccessClient)
  84.         {
  85.             // the user must be logged in; if not, deny access
  86.             return false;
  87.         }
  89.         // Check AccessClient affectation
  90.         if ($subject !== null)
  91.         {
  92.             $receiver $subject->getReceiver();
  93.             if ($receiver === null)
  94.             {
  95.                 $mission $subject->getMission();
  96.                 if ($mission === null)
  97.                 {
  98.                     return false;
  99.                 }
  100.                 $receiver $mission->getReceiver();
  101.                 if ($receiver === null)
  102.                 {
  103.                     return false;
  104.                 }
  105.             }
  106.             if (!$this->accessClientTools->areLinked($receiver$user))
  107.             {
  108.                 return false;
  109.             }
  110.         }
  112.         switch ($attribute)
  113.         {
  114.             case self::VIEW_ATTACHMENT:
  115.                 return true;
  116.             case self::VIEW_DOCUMENT_PDF:
  117.                 return true;
  118.             case self::VIEW_INVOICE_PDF:
  119.                 return true;
  120.             case self::VIEW_DEVIS_PDF:
  121.                 return true;
  122.             case self::VIEW_PROJECT_NOTEBOOK_PDF:
  123.                 return true;
  124.         }
  126.         throw new \LogicException('This code should not be reached!');
  127.     }
  128. }