src/TSMS/AdminBundle/Security/Authorization/Voter/UserVoter.php line 18

Open in your IDE?
  1. <?php
  2. /**
  3. * Copyright (C) SUEZ Smart Solutions - All Rights Reserved
  4. * On’Connect Gateway Management, 2018
  5. * Unauthorized copying of this file, via any medium is strictly prohibited
  6. * Proprietary and confidential
  7. * For the full copyright and license information, please report to the LICENSE CONTRACT.
  8. */
  10. namespace TSMS\AdminBundle\Security\Authorization\Voter;
  12. use Symfony\Component\DependencyInjection\ContainerInterface;
  13. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  14. use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
  15. use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
  16. use TSMS\CoreBundle\Entity\User;
  18. class UserVoter implements VoterInterface
  19. {
  20.     const DELETE 'DELETE_USER';
  22.     /**
  23.      * @var ContainerInterface
  24.      */
  25.     private $container;
  27.     /**
  28.      * @var AuthorizationCheckerInterface
  29.      */
  30.     private $authorizationChecker;
  32.     /**
  33.      * @param ContainerInterface $container
  34.      */
  35.     public function __construct(ContainerInterface $container)
  36.     {
  37.         $this->container $container;
  38.     }
  40.     /**
  41.      * @param string $attribute
  42.      *
  43.      * @return bool
  44.      */
  45.     public function supportsAttribute($attribute)
  46.     {
  47.         return in_array($attribute, [self::DELETE]);
  48.     }
  50.     /**
  51.      * @param string $class
  52.      *
  53.      * @return bool
  54.      */
  55.     public function supportsClass($class)
  56.     {
  57.         $supportedClass 'TSMS\CoreBundle\Entity\User';
  59.         return $supportedClass === $class || is_subclass_of($class$supportedClass);
  60.     }
  62.     /**
  63.      * @param TokenInterface $token
  64.      * @param User           $user
  65.      * @param array          $attributes
  66.      */
  67.     public function vote(TokenInterface $token$user, array $attributes)
  68.     {
  69.         if (
  70.             !is_object($user) ||
  71.             (null !== $user && !$this->supportsClass(get_class($user)))
  72.         ) {
  73.             return VoterInterface::ACCESS_ABSTAIN;
  74.         }
  76.         if (!== count($attributes)) {
  77.             throw new \InvalidArgumentException(
  78.                 'Only one attribute is allowed for DELETE'
  79.             );
  80.         }
  82.         $attribute $attributes[0];
  83.         if (!$this->supportsAttribute($attribute)) {
  84.             return VoterInterface::ACCESS_ABSTAIN;
  85.         }
  87.         $this->authorizationChecker $this->container->get('security.authorization_checker');
  89.         $currentUser $token->getUser();
  90.         switch ($attribute) {
  91.             case self::DELETE:
  92.                 //Cannot delete himself.
  93.                 if ($currentUser->getId() == $user->getId() || null == $user->getId()) {
  94.                     return VoterInterface::ACCESS_DENIED;
  95.                 }
  97.                 //If not a user admin collectivity/ER/TSMS can not delete user.
  98.                 if (!$this->authorizationChecker->isGranted('ROLE_ADMIN_COLLECTIVITY')) {
  99.                     return VoterInterface::ACCESS_DENIED;
  100.                 }
  102.                 //if current user is admin collectivity, he can just delete external user.
  103.                 if (User::ADMIN_COLLECTIVITY_LEVEL == $currentUser->getAdminLevel()) {
  104.                     if (User::INTERNAL_USER_LEVEL == $user->getAdminLevel()) {
  105.                         return VoterInterface::ACCESS_DENIED;
  106.                     }
  107.                 }
  109.                 //If current user is admin collectivity/TSMS, can not delete admin TSMS.
  110.                 if (in_array($currentUser->getAdminLevel(), [User::ADMIN_PERIMETER_LEVELUser::ADMIN_COLLECTIVITY_LEVEL])) {
  111.                     if (User::ADMIN_TSMS_LEVEL == $user->getAdminLevel()) {
  112.                         return VoterInterface::ACCESS_DENIED;
  113.                     }
  114.                 }
  116.                 return VoterInterface::ACCESS_GRANTED;
  117.                 break;
  118.         }
  120.         return VoterInterface::ACCESS_DENIED;
  121.     }
  122. }