src/Security/ClientPlatform/MissionVoter.php line 18

Open in your IDE?
  1. <?php
  2. //------------------------------------------------------------------------------
  3. // src/Security/ClientPlatform/MissionVoter.php
  4. //------------------------------------------------------------------------------
  5. namespace App\Security\ClientPlatform;
  7. use Doctrine\Persistence\ManagerRegistry;
  8. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  9. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  10. use Symfony\Component\Security\Core\Security;
  12. use App\Entity\AccessClient\AccessClient;
  13. use App\Entity\Mission\Mission;
  14. use App\Services\AccessClient\AccessClientTools;
  15. use App\Services\Config\OptionConfigTools;
  16. use App\Services\LogTools;
  18. class MissionVoter extends Voter
  19. {
  20.     //--------------------------------------------------------------------------------
  21.     // is_granted constants
  22.     const VIEW "client_view_mission";
  23.     const EDIT "client_edit_mission";
  24.     const CAN_BOOK_SLOT "can_book_slot_mission";
  26.     const IS_GRANTED_CONSTANTS = array(
  27.         self::VIEW,
  28.         self::EDIT,
  29.         self::CAN_BOOK_SLOT,
  30.     );
  31.     //--------------------------------------------------------------------------------
  33.     public function __construct(Security $securityManagerRegistry $doctrineAccessClientTools $accessClientToolsLogTools $logToolsOptionConfigTools $optionConfigTools)
  34.     {
  35.         $this->security $security;
  36.         $this->em $doctrine->getManager();
  37.         $this->accessClientTools $accessClientTools;
  38.         $this->logTools $logTools;
  39.         $this->optionConfigTools $optionConfigTools;
  40.     }
  42.     protected function supports(string $attribute$subject): bool
  43.     {
  44.         // if the attribute isn't one we support, return false
  45.         if (!in_array($attributeself::IS_GRANTED_CONSTANTS))
  46.         {
  47.             return false;
  48.         }
  50.         // only vote on Mission objects inside this voter
  51.         if ($subject !== null && !$subject instanceof Mission)
  52.         {
  53.             return false;
  54.         }
  56.         return true;
  57.     }
  59.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  60.     {
  61.         // Only access ROLE_CLIENT
  62.         if (!$this->security->isGranted('ROLE_CLIENT'))
  63.         {
  64.             return false;
  65.         }
  67.         $user $token->getUser();
  69.         if (!$user instanceof AccessClient)
  70.         {
  71.             // the user must be logged in; if not, deny access
  72.             return false;
  73.         }
  75.         switch ($attribute)
  76.         {
  77.             case self::VIEW:
  78.                 return $this->canView($subject$user);
  80.             case self::EDIT:
  81.                 return $this->canEdit($subject$user);
  83.             case self::CAN_BOOK_SLOT:
  84.                 return $this->canBookSlot($subject$user);
  85.         }
  87.         throw new \LogicException('This code should not be reached!');
  88.     }
  90.     // Id the $object related to $accessClient ?
  91.     private function checkOwnership(Mission $objectAccessClient $accessClient)
  92.     {
  93.         $clientObjects $this->accessClientTools->getMissionsForAccessClient($accessClient);
  94.         foreach ($clientObjects as $clientObject)
  95.         {
  96.             if ($clientObject->equals($object))
  97.             {
  98.                 return true;
  99.             }
  100.         }
  101.         return false;
  102.     }
  104.     private function canView(Mission $missionAccessClient $user)
  105.     {
  106.         // Check Ownership
  107.         if ($this->checkOwnership($mission$user))
  108.         {
  109.             return true;
  110.         }
  112.         // If we are here, all hope is lost
  113.         return false;
  114.     }
  116.     private function canEdit(Mission $missionAccessClient $user)
  117.     {
  118.         // Check Ownership
  119.         if ($this->checkOwnership($mission$user))
  120.         {
  121.             return true;
  122.         }
  124.         // If we are here, all hope is lost
  125.         return false;
  126.     }
  128.     private function canBookSlot(Mission $missionAccessClient $user)
  129.     {
  130.         if (!$this->canView($mission$user))
  131.         {
  132.             return false;
  133.         }
  135.         // NOTE: Use SocietyGroupOwner, we want the permission from the current mission manager (SocietyGroup) 
  136.         $societyGroupOwner $mission->getSocietyGroupOwner();
  137.         if (!$this->optionConfigTools->isActive_OnlineBooking($societyGroupOwner))
  138.         {
  139.             return false;
  140.         }
  141.         if (!$this->optionConfigTools->isActive_planningOptimisation($societyGroupOwner))
  142.         {
  143.             return false;
  144.         }
  146.         return true;
  147.     }
  148. }