<?php//------------------------------------------------------------------------------// src/Security/TaskItemVoter.php//------------------------------------------------------------------------------namespace App\Security;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;use Doctrine\Persistence\ManagerRegistry;use App\Entity\Access;use App\Entity\APIRest\AccessAPI;use App\Entity\Config\Config;use App\Entity\Config\Module;use App\Entity\HR\AccessFunction;use App\Entity\Security\Acl;use App\Entity\Security\AclPermission;use App\Services\Config\ModuleTools;class TaskItemVoter extends Voter{ //-------------------------------------------------------------------------------- // is_granted / acl constants const ACL_PERM_DEVIS_PDF = "item_planning_task_devis_pdf"; const ACL_PERM_DEVIS_TOTAL = "item_planning_task_devis_total"; // const ACL_PERM_FILES = "item_planning_task_client_attachments"; // const ACL_PERM_FORMS = "item_planning_task_client_webapp_forms"; // const ACL_PERM_IA = "item_planning_task_intervention_address"; // const ACL_PERM_TYPE = "item_planning_task_type"; // const ACL_PERM_STATUS = "item_planning_task_status"; // const ACL_PERM_INFO = "item_planning_task_info"; // const ACL_PERM_DEVIS_FILES = "item_planning_task_devis_attachments"; const ACL_PERM_TH_DURATION = "item_planning_task_theoretical_duration"; const IS_GRANTED_CONSTANTS = array( self::ACL_PERM_DEVIS_PDF, self::ACL_PERM_DEVIS_TOTAL, self::ACL_PERM_TH_DURATION, ); //-------------------------------------------------------------------------------- public function __construct(ManagerRegistry $doctrine, ModuleTools $moduleTools) { $this->em = $doctrine->getManager(); $this->moduleTools = $moduleTools; $this->aclRepository = $this->em->getRepository(Acl::class); $this->aclPermissionRepository = $this->em->getRepository(AclPermission::class); } // Plan.io Task #4453 [See AccessVoter for details] public function supportsAttribute(string $attribute): bool { return in_array($attribute, self::IS_GRANTED_CONSTANTS, true); } protected function supports(string $attribute, $subject = null): bool { // if the attribute isn't one we support, return false if (!in_array($attribute, self::IS_GRANTED_CONSTANTS)) { return false; } return true; } protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool { $user = $token->getUser(); // Plan.io Task #3707 if ($user instanceof AccessAPI) { if ($user->getAccess() === null) { return false; } $user = $user->getAccess(); } // Plan.io Task #3707 // At this point $user is an object of Access type // even if the $token->getUser() is AccessAPI if (!$user instanceof Access) { // the user must be logged in; if not, deny access return false; } // The user must have a function; if not deny access $function = $user->getFunction(); if ($function === null) return false; // Plan.io Task #3710 : Get current group $currentGroup = $user->getSocietyGroup(); if ($currentGroup === null) return false; // Module activated ? if ($this->moduleTools->isInactiveByCode($currentGroup, Module::MODULE_PLANNING)) { return false; } return $this->canViewItem($attribute, $function); throw new \LogicException('This code should not be reached!'); } private function canViewItem($attribute, AccessFunction $function) { // Get Acl_Permission $aclPerm = $this->aclPermissionRepository->findOneByName($attribute); if ($aclPerm === null) return false; // Get Acl $acl = $this->aclRepository->findOneBy(array( 'function' => $function, 'permission' => $aclPerm )); if ($acl === null) return false; return $acl->getValue(); }}