<?php
/**
* Copyright (C) SUEZ Smart Solutions - All Rights Reserved
* On’Connect Gateway Management, 2018
* Unauthorized copying of this file, via any medium is strictly prohibited
* Proprietary and confidential
* For the full copyright and license information, please report to the LICENSE CONTRACT.
*/
namespace TSMS\TradeBundle\Security\Voter;
use Doctrine\ORM\EntityManager;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
use TSMS\CoreBundle\Entity\Eservice;
use TSMS\CoreBundle\Entity\EserviceFamily;
use TSMS\CoreBundle\Entity\EserviceOption;
use TSMS\CoreBundle\Entity\User;
use TSMS\CoreBundle\Repository\UserContractRepository;
use TSMS\TradeBundle\Entity\Folder;
/**
* Class CanEditDeleteFolderVoter.
*/
class CanWriteInFolderVoter implements VoterInterface
{
const DOCUMENT_CAN_WRITE_IN_FOLDER = 'DOCUMENT_CAN_WRITE_IN_FOLDER';
/**
* @var EntityManager
*/
private $em;
/**
* @param EntityManager $em
*/
public function __construct(EntityManager $em)
{
$this->em = $em;
}
/**
* {@inheritdoc}
*/
public function supportsAttribute($attribute)
{
return in_array($attribute, [self::DOCUMENT_CAN_WRITE_IN_FOLDER]);
}
/**
* {@inheritdoc}
*/
public function supportsClass($class)
{
$supportedClass = 'TSMS\TradeBundle\Entity\Folder';
return $supportedClass === $class || is_subclass_of($class, $supportedClass);
}
/**
* @param TokenInterface $token
* @param null|Folder $folder
* @param array $attributes
*
* @return int
*/
public function vote(TokenInterface $token, $folder, array $attributes)
{
// check if the class of this object is supported by this voter
if (
is_array($folder) ||
(null !== $folder && !$this->supportsClass(get_class($folder)))
) {
return VoterInterface::ACCESS_ABSTAIN;
}
// check if the voter is used correctly, only allow one attribute
// this isn't a requirement, it's just one easy way for you to
// design your voter
if (1 !== count($attributes)) {
throw new \InvalidArgumentException(
'Only one attribute is allowed for DOCUMENT_CAN_SEE_FOLDER'
);
}
// set the attribute to check against
$attribute = $attributes[0];
// check if the given attribute is covered by this voter
if (!$this->supportsAttribute($attribute)) {
return VoterInterface::ACCESS_ABSTAIN;
}
// get current logged in user
$user = $token->getUser();
// make sure there is a user object (i.e. that the user is logged in)
if (!$user instanceof User) {
return VoterInterface::ACCESS_DENIED;
}
switch ($attribute) {
case self::DOCUMENT_CAN_WRITE_IN_FOLDER:
// When there are multiple document spaces, this should be changed to test each corresponding eservice
$eserviceOptionRepository = $this->em->getRepository(EserviceOption::class);
$writeOption = $eserviceOptionRepository
->getUserEServiceOptionByCodeAndFamily(
$user ,
EserviceFamily::DOC_ESERVICE_FAMILY,
"W_".$folder->getEservice());
if ($writeOption !==null) {
return VoterInterface::ACCESS_GRANTED;
}
break;
}
return VoterInterface::ACCESS_DENIED;
}
}