src/TSMS/TradeBundle/Security/Voter/CanSeeFolderVoter.php line 23

Open in your IDE?
  1. <?php
  2. /**
  3. * Copyright (C) SUEZ Smart Solutions - All Rights Reserved
  4. * On’Connect Gateway Management, 2018
  5. * Unauthorized copying of this file, via any medium is strictly prohibited
  6. * Proprietary and confidential
  7. * For the full copyright and license information, please report to the LICENSE CONTRACT.
  8. */
  10. namespace TSMS\TradeBundle\Security\Voter;
  12. use Doctrine\ORM\EntityManager;
  13. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  14. use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
  15. use TSMS\CoreBundle\Entity\EserviceFamily;
  16. use TSMS\CoreBundle\Entity\EserviceOption;
  17. use TSMS\CoreBundle\Manager\ContractManager;
  18. use TSMS\CoreBundle\Manager\ContractManagerInterface;
  19. use TSMS\CoreBundle\Entity\Eservice;
  20. use TSMS\CoreBundle\Entity\User;
  21. use TSMS\TradeBundle\Entity\Folder;
  23. class CanSeeFolderVoter implements VoterInterface
  24. {
  25.     const DOCUMENT_CAN_SEE_FOLDER 'DOCUMENT_CAN_SEE_FOLDER';
  27.     /**
  28.      * @var EntityManager
  29.      */
  30.     private $em;
  32.     /**
  33.      * @param EntityManager $em
  34.      */
  35.     public function __construct(EntityManager $em)
  36.     {
  37.         $this->em $em;
  38.     }
  40.     /**
  41.      * {@inheritdoc}
  42.      */
  43.     public function supportsAttribute($attribute)
  44.     {
  45.         return in_array($attribute, [self::DOCUMENT_CAN_SEE_FOLDER]);
  46.     }
  48.     /**
  49.      * {@inheritdoc}
  50.      */
  51.     public function supportsClass($class)
  52.     {
  53.         $supportedClass 'TSMS\TradeBundle\Entity\Folder';
  55.         return $supportedClass === $class || is_subclass_of($class$supportedClass);
  56.     }
  58.     /**
  59.      * @param TokenInterface $token
  60.      * @param null|Folder    $folder
  61.      * @param array          $attributes
  62.      *
  63.      * @return int
  64.      */
  65.     public function vote(TokenInterface $token$folder, array $attributes)
  66.     {
  67.         // check if the class of this object is supported by this voter
  68.         if (
  69.             is_array($folder) ||
  70.             (null !== $folder && !$this->supportsClass(get_class($folder)))
  71.         ) {
  72.             return VoterInterface::ACCESS_ABSTAIN;
  73.         }
  75.         // check if the voter is used correctly, only allow one attribute
  76.         // this isn't a requirement, it's just one easy way for you to
  77.         // design your voter
  78.         if (!== count($attributes)) {
  79.             throw new \InvalidArgumentException(
  80.                 'Only one attribute is allowed for DOCUMENT_CAN_SEE_FOLDER'
  81.             );
  82.         }
  84.         // set the attribute to check against
  85.         $attribute $attributes[0];
  87.         // check if the given attribute is covered by this voter
  88.         if (!$this->supportsAttribute($attribute)) {
  89.             return VoterInterface::ACCESS_ABSTAIN;
  90.         }
  92.         // get current logged in user
  93.         $user $token->getUser();
  95.         // make sure there is a user object (i.e. that the user is logged in)
  96.         if (!$user instanceof User) {
  97.             return VoterInterface::ACCESS_DENIED;
  98.         }
  100.         switch ($attribute) {
  101.             case self::DOCUMENT_CAN_SEE_FOLDER:
  102.                $eserviceOptionRepository $this->em->getRepository(EserviceOption::class);
  103.                 $writeOption =  $eserviceOptionRepository
  104.                     ->getUserEServiceOptionByCodeAndFamily(
  105.                         $user ,
  106.                         EserviceFamily::DOC_ESERVICE_FAMILY,
  107.                         "W_".$folder->getEservice());
  108.                 if ($writeOption !==null) {
  110.                     return VoterInterface::ACCESS_GRANTED;
  111.                 }
  113.                 $readOption =  $eserviceOptionRepository
  114.                     ->getUserEServiceOptionByCodeAndFamily(
  115.                         $user ,
  116.                         EserviceFamily::DOC_ESERVICE_FAMILY,
  117.                         "R_".$folder->getEservice());
  119.                 if ($readOption !==null) {
  121.                     return VoterInterface::ACCESS_GRANTED;
  122.                 }
  123.                 break;
  124.         }
  126.         return VoterInterface::ACCESS_DENIED;
  127.     }
  128. }