src/Security/ClientVoter.php line 12

Open in your IDE?
  1. <?php
  2. namespace App\Security;
  4. use App\Entity\Users;
  5. use App\Entity\VehicleClients;
  6. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  7. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  8. use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
  9. use Doctrine\ORM\EntityManagerInterface;
  10. use App\Service\UserHelper;
  12. class ClientVoter extends Voter
  13. {
  14.     const ACCESS= [ 
  15.         'client_vehicles_list'              => 'client_vehicles_list',
  16.         'client_view_delegations'           => 'client_view_delegations',
  17.         'client_add_delegations'            => 'client_add_delegations',
  18.         'client_bidding'                    => 'client_bidding',
  19.         'client_current_auction_deposit'    => 'client_current_auction_deposit',
  20.         'client_transactions'               => 'client_transactions',
  21.         'client_bonds'                      => 'client_bonds',
  22.         'client_financial'                  => 'client_financial'];
  24.     /**
  25.      * @var AccessDecisionManager|null
  26.      */
  27.     protected $decisionManager;
  29.     /**
  30.      * @var EntityManager|null
  31.      */
  32.     protected $entityManager;
  34.     /**
  35.      * @var EntityManager|null
  36.      */
  37.     protected $userHelper;
  40.     /**
  41.      * DelegateVoter constructor.
  42.      * @param AccessDecisionManager|null $decisionManager
  43.      * @param EntityManager|null $entityManager
  44.      */
  45.     public function __construct(AccessDecisionManagerInterface $decisionManagerEntityManagerInterface $entityManagerUserHelper $userHelper)
  46.     {
  47.         $this->decisionManager $decisionManager;
  48.         $this->entityManager $entityManager;
  49.         $this->userHelper $userHelper;
  50.     }
  52.     /**
  53.      * determines if your voter should vote on the attribute/subject combination. If you return true, 
  54.      * voteOnAttribute() will be called. Otherwise, your voter is done: some other voter should process this
  55.      */
  56.     protected function supports($attribute$subject)
  57.     {
  58.         // if the attribute isn't one we support, return false
  59.         if (!in_array($attributeself::ACCESS)) {
  60.             return false;
  61.         }
  62.         return true;
  63.     }
  65.     /**
  66.      * If you return true from supports(), then this method is called. Your job is simple: return true to allow access 
  67.      * and false to deny access
  68.      */
  69.     protected function voteOnAttribute($attribute$subjectTokenInterface $token)
  70.     {
  71.         $user $token->getUser();
  73.         if (!$user instanceof Users) {
  74.             return false// the user must be logged in; if not, deny access
  75.         }
  76.         
  77.         // ROLE_SUPER_ADMIN can do anything! The power! Calling decide() on the AccessDecisionManager is essentially the same
  78.         // as calling isGranted() from a controller or other places (it's just a little lower-level, which is necessary for a voter).
  79.         if ($this->decisionManager->decide($token, ['ROLE_SUPER_ADMIN'])) {
  80.             return true;
  81.         }
  83.         // you know $subject is a VehicleClient object, thanks to supports
  84.         /** @var VehicleClients $vehicleClient */
  85.         $vehicleClient $subject;
  87.         switch ($attribute) {
  88.             case self::ACCESS['client_vehicles_list']:
  89.                 return $vehicleClient->getUser() == $user || $this->isDelegated($vehicleClient$user) || $this->decisionManager->decide($token, ['ROLE_ADMIN']);
  90.             case self::ACCESS['client_view_delegations']:
  91.                 return $this->decisionManager->decide($token, ['ROLE_ADMIN']);
  92.             case self::ACCESS['client_add_delegations']:
  93.                 return $this->decisionManager->decide($token, ['ROLE_ADMIN']);
  94.             case self::ACCESS['client_transactions']:
  95.             case self::ACCESS['client_bonds']:
  96.                 return $this->decisionManager->decide($token, ['ROLE_ADMIN']);
  97.             case self::ACCESS['client_bidding']:
  98.                 return $vehicleClient->getUser() == $user || $this->isDelegated($vehicleClient$user);
  99.             case self::ACCESS['client_current_auction_deposit']:
  100.                 return $this->decisionManager->decide($token, ['ROLE_ADMIN']);
  101.             case self::ACCESS['client_financial']:
  102.                 return $this->decisionManager->decide($token, ['ROLE_ACCOUNTANT']);
  103.         }
  105.         throw new \LogicException('This code should not be reached!');
  106.     }
  108.     /**
  109.      */
  110.     private function isDelegated(VehicleClients $delegatorUsers $user)
  111.     {
  112. //        $em = $this->entityManager;
  113. //        $delegations = $em->getRepository(ClientsDelegation::class)->findByDelegated($user->getUserId());
  114.         $delegations$this->userHelper->getUserDelegators($user);
  115.         foreach($delegations as $delegation){
  116.             if($delegation->getDelegator() && 
  117.                     ($delegation->getDelegator()->getCompany()->getCompanyId() == $delegator->getClientId()
  118.                         || $delegation->getDelegator()->getUser()  == $delegator->getClientId() )
  119.                     ){
  120.                 return true;
  121.             }
  122.         }
  123.         return false;
  124.     }
  126.     /**
  127.      */
  128.     private function canView(Post $postUser $user)
  129.     {
  130.         // if they can edit, they can view
  131.         if ($this->canEdit($post$user)) {
  132.             return true;
  133.         }
  135.         // the Post object could have, for example, a method isPrivate()
  136.         // that checks a boolean $private property
  137.         return !$post->isPrivate();
  138.     }
  140. }