src/Security/Voter/ClientOwnerVoter.php line 13

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter;
  5. use App\Util\EsUtil;
  6. use App\Service\EsCache;
  7. use Symfony\Component\Security\Core\Security;
  8. use App\Entity\Interfaces\ClientMappedInterface;
  9. use Symfony\Component\Security\Core\User\UserInterface;
  10. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  11. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  13. class ClientOwnerVoter extends Voter
  14. {
  15.     private $esCache;
  16.     private $security;
  18.     public function __construct(EsCache $esCacheSecurity $security)
  19.     {
  20.         $this->esCache $esCache;
  21.         $this->security $security;
  22.     }
  24.     protected function supports($attribute$subject): bool
  25.     {
  26.         return in_array($attribute, [
  27.                 'IS_CLIENT_OWNER',
  28.                 'IS_CLIENT_OPR',
  29.                 'IS_CLIENT_OWNER_ANY_SPE',
  30.                 'IS_CLIENT_OWNER_ANY_SPE_OR_MEETING_OWNER',
  31.                 'IS_CLIENT_OWNER_COMPANY_SPE',
  32.                 'IS_CLIENT_OWNER_COMPANY_SPE_PRODUCT',
  33.                 'IS_CLIENT_OWNER_COMPANY_SPE_PRODUCT_TAG'
  34.             ]) && $subject instanceof ClientMappedInterface;
  35.     }
  37.     protected function voteOnAttribute($attribute$subjectTokenInterface $token): bool
  38.     {
  39.         $user $token->getUser();
  40.         if (!$user instanceof UserInterface) {
  41.             return false;
  42.         }
  44.         if ($this->security->isGranted('ROLE_SUPER_ADMIN')) {
  46.             return true;
  48.         } elseif ($this->security->isGranted('ROLE_ADMIN') || $this->security->isGranted('ROLE_OPERATOR') || $this->security->isGranted('ROLE_SUPPORT')) {
  49.             if (EsUtil::allowCrossClientOwnerObjects($subject)) {
  50.                 return true;
  51.             }
  52.         }
  54.         $client $this->esCache->getClient();
  55.         $isCo $subject->getClient()->getId() === $client->getId();
  56.         switch ($attribute) {
  57.             case 'IS_CLIENT_OWNER':
  58.                 return $isCo;
  59.                 break;
  60.             case 'IS_CLIENT_OPR':
  61.                 return ($isCo && $this->security->isGranted('ROLE_OPERATOR'));
  62.                 break;
  63.             case 'IS_CLIENT_OWNER_ANY_SPE':
  64.                 if (method_exists($subject'getUser')) {
  65.                     return ($isCo
  66.                         && $this->security->isGranted('IS_AUTHENTICATED_FULLY')
  67.                         && $subject->getUser() === $user);
  68.                 }
  69.                 break;
  70.             case 'IS_CLIENT_OWNER_COMPANY_SPE':
  71.                 if (method_exists($subject'getOwners')) {
  72.                     $users $subject->getOwners();
  73.                     $hasUser false;
  74.                     foreach ($users as $selectUser) {
  75.                         if ($selectUser === $user) {
  76.                             $hasUser true;
  77.                             break;
  78.                         }
  79.                     }
  80.                     return ($isCo && $hasUser);
  81.                 }
  82.                 break;
  83.             case 'IS_CLIENT_OWNER_COMPANY_SPE_PRODUCT':
  84.                 $company $subject->getCompany();
  85.                 $hasUser false;
  86.                 if ($company && method_exists($company'getOwners')) {
  87.                     $users $company->getOwners();
  88.                     foreach ($users as $selectUser) {
  89.                         if ($selectUser === $user) {
  90.                             $hasUser true;
  91.                             break;
  92.                         }
  93.                     }
  94.                 }
  95.                 return ($isCo && $hasUser);
  96.                 break;
  97.             case 'IS_CLIENT_OWNER_COMPANY_SPE_PRODUCT_TAG':
  98.                 $companyProduct $subject->getCompanyProduct();
  99.                 $hasUser false;
  100.                 if ($companyProduct) {
  101.                     $company $companyProduct->getCompany();
  102.                     if ($company && method_exists($company'getOwners')) {
  103.                         $users $company->getOwners();
  104.                         foreach ($users as $selectUser) {
  105.                             if ($selectUser === $user) {
  106.                                 $hasUser true;
  107.                                 break;
  108.                             }
  109.                         }
  110.                     }
  111.                 }
  112.                 return ($isCo && $hasUser);
  113.                 break;
  114.             case 'IS_CLIENT_OWNER_ANY_SPE_OR_MEETING_OWNER':
  115.                 if (method_exists($subject'getUser')) {
  116.                     return ($isCo
  117.                         && $this->security->isGranted('IS_AUTHENTICATED_FULLY')
  118.                         && ($subject->getUser() === $user || $subject->getMeeting()->getUser() === $user));
  119.                 }
  120.                 break;
  121.         }
  123.         return false;
  124.     }
  125. }