src/Security/Voter/ContainerOwnerVoter.php line 13

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter;
  5. use App\Util\EsUtil;
  6. use App\Service\EsCache;
  7. use Symfony\Component\Security\Core\Security;
  8. use App\Entity\Interfaces\ContainerMappedInterface;
  9. use Symfony\Component\Security\Core\User\UserInterface;
  10. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  11. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  13. class ContainerOwnerVoter extends Voter
  14. {
  15.     private $esCache;
  16.     private $security;
  18.     public function __construct(EsCache $esCacheSecurity $security)
  19.     {
  20.         $this->esCache $esCache;
  21.         $this->security $security;
  22.     }
  24.     protected function supports($attribute$subject): bool
  25.     {
  26.         // IS_CO = Is container owner
  27.         return (in_array($attribute, [
  28.                 'IS_CO',
  29.                 'IS_CO_ANY',
  30.                 'IS_CO_ADM',
  31.                 'IS_CO_OPR',
  32.                 'IS_CO_SPE',
  33.                 'IS_CO_MOD',
  34.                 'IS_CO_USR',
  35.                 'IS_CO_ADM_SPE',
  36.                 'IS_CO_OPR_SPE',
  37.                 'IS_CO_USR_SPE',
  38.                 'IS_CO_ANY_SPE',
  39.                 'IS_CO_ANY_SPE_CHATTHREAD',
  40.                 'IS_CO_SESSCO_SPE_MODERATOR',
  41.                 'IS_CO_SESSCO_SPE_SPEAKER',
  42.                 'IS_CO_SESSQA_SPE_MODERATOR',
  43.                 'IS_CO_SESSQA_SPE_SPEAKER',
  44.                 'IS_CO_INS_SPE_COURSE',
  45.                 'IS_CO_ANY_SPE_DOCFILE_AUTHOR'
  46.             ])
  47.             && $subject instanceof ContainerMappedInterface)
  48.             || in_array($attribute, ['IS_ANY_SPE''IS_ANY_SPE_CHATMESSAGE_EDIT']);
  49.     }
  51.     protected function voteOnAttribute($attribute$subjectTokenInterface $token): bool
  52.     {
  53.         $user $token->getUser();
  54.         if (!$user instanceof UserInterface) {
  55.             return false;
  56.         }
  58.         if ($this->security->isGranted('ROLE_SUPER_ADMIN')) {
  59.             return true;
  60.         }
  62.         if (EsUtil::isCommunityEntity($subject)) {
  63.             return true;
  64.             /*
  65.             $client = $this->esCache->getClient();
  66.             if ($client->getIsCommunitySharingEnable()) {
  67.                 return true;
  68.             }
  69.             */
  70.         }
  72.         $container $isCo null;
  73.         if ($subject instanceof ContainerMappedInterface) {
  74.             $container $this->esCache->getContainer();
  75.             $isCo $subject->getContainer()->getId() === $container->getId();
  76.         }
  77.         switch ($attribute) {
  78.             case 'IS_ANY_SPE':
  79.                 if (method_exists($subject'getUser')) {
  80.                     return ($this->security->isGranted('IS_AUTHENTICATED_FULLY')
  81.                         && $subject->getUser() === $user);
  82.                 }
  83.                 break;
  84.             case 'IS_ANY_SPE_CHATMESSAGE_EDIT':
  85.                 if (method_exists($subject'getUser')) {
  86.                     $createdAt $subject->getCreatedAt();
  87.                     $createdAt->add(new \DateInterval('PT5M'));
  88.                     $isTimeValid = (new \DateTime()) < $createdAt;
  89.                     return ($this->security->isGranted('IS_AUTHENTICATED_FULLY')
  90.                         && $subject->getUser() === $user && $isTimeValid);
  91.                 }
  92.                 break;
  93.             case 'IS_CO':
  94.                 return $isCo;
  95.                 break;
  96.             case 'IS_CO_ANY':
  97.                 return ($isCo && $this->security->isGranted('IS_AUTHENTICATED_FULLY'));
  98.                 break;
  99.             case 'IS_CO_ADM':
  100.                 return ($isCo && $this->security->isGranted('ROLE_ADMIN'));
  101.                 break;
  102.             case 'IS_CO_OPR':
  103.                 return ($isCo && $this->security->isGranted('ROLE_OPERATOR'));
  104.                 break;
  105.             case 'IS_CO_SPE':
  106.                 return ($isCo && $this->security->isGranted('ROLE_SPEAKER'));
  107.                 break;
  108.             case 'IS_CO_MOD':
  109.                 return ($isCo && $this->security->isGranted('ROLE_MODERATOR'));
  110.                 break;
  111.             case 'IS_CO_USR':
  112.                 return ($isCo && $this->security->isGranted('ROLE_USER'));
  113.                 break;
  114.             case 'IS_CO_ADM_SPE':
  115.                 if (method_exists($subject'getUser')) {
  116.                     return ($isCo
  117.                         && $this->security->isGranted('ROLE_ADMIN')
  118.                         && $subject->getUser() === $user);
  119.                 }
  120.                 break;
  121.             case 'IS_CO_OPR_SPE':
  122.                 if (method_exists($subject'getUser')) {
  123.                     return ($isCo
  124.                         && $this->security->isGranted('ROLE_OPERATOR')
  125.                         && $subject->getUser() === $user);
  126.                 }
  127.                 break;
  128.             case 'IS_CO_USR_SPE':
  129.                 if (method_exists($subject'getUser')) {
  130.                     return ($isCo
  131.                         && $this->security->isGranted('ROLE_USER')
  132.                         && $subject->getUser() === $user);
  133.                 }
  134.                 break;
  135.             case 'IS_CO_ANY_SPE':
  136.                 if (method_exists($subject'getUser')) {
  137.                     return ($isCo
  138.                         && $this->security->isGranted('IS_AUTHENTICATED_FULLY')
  139.                         && $subject->getUser() === $user);
  140.                 }
  141.                 break;
  142.             case 'IS_CO_ANY_SPE_CHATTHREAD':
  143.                 if (method_exists($subject'getUsers')) {
  144.                     $users $subject->getUsers();
  145.                     $hasUser false;
  146.                     foreach ($users as $selectUser) {
  147.                         if ($selectUser === $user) {
  148.                             $hasUser true;
  149.                             break;
  150.                         }
  151.                     }
  152.                     return ($isCo
  153.                         && $this->security->isGranted('IS_AUTHENTICATED_FULLY')
  154.                         && $hasUser);
  155.                 }
  156.                 break;
  157.             case 'IS_CO_INS_SPE_COURSE':
  158.                 if (method_exists($subject'getInstructor')) {
  159.                     return ($isCo
  160.                         && $this->security->isGranted('ROLE_INSTRUCTOR')
  161.                         && $subject->getInstructor() === $user);
  162.                 }
  163.                 break;
  164.             case 'IS_CO_ANY_SPE_DOCFILE_AUTHOR':
  165.                 if (method_exists($subject'getAutors')) {
  166.                     $users $subject->getAuthors();
  167.                     $hasUser false;
  168.                     foreach ($users as $selectUser) {
  169.                         if ($selectUser === $user) {
  170.                             $hasUser true;
  171.                             break;
  172.                         }
  173.                     }
  174.                     return ($isCo
  175.                         && $this->security->isGranted('IS_AUTHENTICATED_FULLY')
  176.                         && $hasUser);
  177.                 }
  178.                 break;
  179.         }
  181.         /*
  182.         if ($this->security->isGranted('ROLE_SUPER_ADMIN')) {
  184.             return true;
  186.         } else if ($this->security->isGranted('ROLE_ADMIN')) {
  188.             $container = $this->esCache->getContainer();
  189.             switch ($attribute) {
  190.                 case 'IS_CO':
  191.                     return ($subject->getContainer()->getId() === $container->getId());
  192.                     break;
  193.             }
  194.         }
  195.         */
  196.         return false;
  197.     }
  198. }