src/TSMS/TradeBundle/Security/Voter/CanAddFileVoter.php line 19

Open in your IDE?
  1. <?php
  2. /**
  3. * Copyright (C) SUEZ Smart Solutions - All Rights Reserved
  4. * On’Connect Gateway Management, 2018
  5. * Unauthorized copying of this file, via any medium is strictly prohibited
  6. * Proprietary and confidential
  7. * For the full copyright and license information, please report to the LICENSE CONTRACT.
  8. */
  10. namespace TSMS\TradeBundle\Security\Voter;
  12. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  13. use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
  14. use TSMS\CoreBundle\Entity\Eservice;
  15. use TSMS\CoreBundle\Entity\User;
  16. use TSMS\CoreBundle\Repository\UserContractRepository;
  18. /**@todo check use / delete  */
  19. class CanAddFileVoter implements VoterInterface
  20. {
  21.     const DOCUMENT_CAN_ADD_FILE 'DOCUMENT_CAN_ADD_FILE';
  23.     /**
  24.      * @var UserContractRepository
  25.      */
  26.     private $userContractRepository;
  28.     /**
  29.      * @param UserContractRepository $userContractRepo
  30.      */
  31.     public function __construct(UserContractRepository $userContractRepo)
  32.     {
  33.         $this->userContractRepository $userContractRepo;
  34.     }
  36.     /**
  37.      * {@inheritdoc}
  38.      */
  39.     public function supportsAttribute($attribute)
  40.     {
  41.         return in_array($attribute, [self::DOCUMENT_CAN_ADD_FILE]);
  42.     }
  44.     /**
  45.      * {@inheritdoc}
  46.      */
  47.     public function supportsClass($class)
  48.     {
  49.         $supportedClass 'TSMS\CoreBundle\Entity\Contract';
  51.         return $supportedClass === $class || is_subclass_of($class$supportedClass);
  52.     }
  54.     /**
  55.      * @param TokenInterface $token
  56.      * @param null|object    $contract
  57.      * @param array          $attributes
  58.      *
  59.      * @return int
  60.      */
  61.     public function vote(TokenInterface $token$contract, array $attributes)
  62.     {
  63.         // check if the class of this object is supported by this voter
  64.         if (
  65.             is_array($contract)
  66.             || (null !== $contract && !$this->supportsClass(get_class($contract)))
  67.         ) {
  68.             return VoterInterface::ACCESS_ABSTAIN;
  69.         }
  71.         // check if the voter is used correctly, only allow one attribute
  72.         // this isn't a requirement, it's just one easy way for you to
  73.         // design your voter
  74.         if (!== count($attributes)) {
  75.             throw new \InvalidArgumentException(
  76.                 'Only one attribute is allowed for DOCUMENT_CAN_ADD_FILE'
  77.             );
  78.         }
  80.         // set the attribute to check against
  81.         $attribute $attributes[0];
  83.         // check if the given attribute is covered by this voter
  84.         if (!$this->supportsAttribute($attribute)) {
  85.             return VoterInterface::ACCESS_ABSTAIN;
  86.         }
  88.         // get current logged in user
  89.         $user $token->getUser();
  91.         // make sure there is a user object (i.e. that the user is logged in)
  92.         if (!$user instanceof User) {
  93.             return VoterInterface::ACCESS_DENIED;
  94.         }
  96.         switch ($attribute) {
  97.             case self::DOCUMENT_CAN_ADD_FILE:
  98.                 // When there are multiple document spaces, this should be changed to test each corresponding eservice
  99.                 $hasRoleDocumentWrite $this->userContractRepository->hasEserviceInContractForUser(
  100.                     Eservice::OUR_DOCUMENTS_WRITE_MNEMONIC,
  101.                     $contract->getId(),
  102.                     $user
  103.                 );
  105.                 if ($hasRoleDocumentWrite) {
  106.                     return VoterInterface::ACCESS_GRANTED;
  107.                 }
  108.                 break;
  109.         }
  111.         return VoterInterface::ACCESS_DENIED;
  112.     }
  113. }