src/TSMS/TradeBundle/Security/Voter/CanWriteInFolderVoter.php line 25

Open in your IDE?
  1. <?php
  2. /**
  3.  * Copyright (C) SUEZ Smart Solutions - All Rights Reserved
  4.  * On’Connect Gateway Management, 2018
  5.  * Unauthorized copying of this file, via any medium is strictly prohibited
  6.  * Proprietary and confidential
  7.  * For the full copyright and license information, please report to the LICENSE CONTRACT.
  8.  */
  10. namespace TSMS\TradeBundle\Security\Voter;
  12. use Doctrine\ORM\EntityManager;
  13. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  14. use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
  15. use TSMS\CoreBundle\Entity\Eservice;
  16. use TSMS\CoreBundle\Entity\EserviceFamily;
  17. use TSMS\CoreBundle\Entity\EserviceOption;
  18. use TSMS\CoreBundle\Entity\User;
  19. use TSMS\CoreBundle\Repository\UserContractRepository;
  20. use TSMS\TradeBundle\Entity\Folder;
  22. /**
  23.  * Class CanEditDeleteFolderVoter.
  24.  */
  25. class CanWriteInFolderVoter implements VoterInterface
  26. {
  27.     const DOCUMENT_CAN_WRITE_IN_FOLDER 'DOCUMENT_CAN_WRITE_IN_FOLDER';
  29.     /**
  30.      * @var EntityManager
  31.      */
  32.     private $em;
  34.     /**
  35.      * @param EntityManager $em
  36.      */
  37.     public function __construct(EntityManager $em)
  38.     {
  39.         $this->em $em;
  40.     }
  42.     /**
  43.      * {@inheritdoc}
  44.      */
  45.     public function supportsAttribute($attribute)
  46.     {
  47.         return in_array($attribute, [self::DOCUMENT_CAN_WRITE_IN_FOLDER]);
  48.     }
  50.     /**
  51.      * {@inheritdoc}
  52.      */
  53.     public function supportsClass($class)
  54.     {
  55.         $supportedClass 'TSMS\TradeBundle\Entity\Folder';
  57.         return $supportedClass === $class || is_subclass_of($class$supportedClass);
  58.     }
  60.     /**
  61.      * @param TokenInterface $token
  62.      * @param null|Folder    $folder
  63.      * @param array $attributes
  64.      *
  65.      * @return int
  66.      */
  67.     public function vote(TokenInterface $token$folder, array $attributes)
  68.     {
  69.         // check if the class of this object is supported by this voter
  70.         if (
  71.             is_array($folder) ||
  72.             (null !== $folder && !$this->supportsClass(get_class($folder)))
  73.         ) {
  74.             return VoterInterface::ACCESS_ABSTAIN;
  75.         }
  77.         // check if the voter is used correctly, only allow one attribute
  78.         // this isn't a requirement, it's just one easy way for you to
  79.         // design your voter
  80.         if (!== count($attributes)) {
  81.             throw new \InvalidArgumentException(
  82.                 'Only one attribute is allowed for DOCUMENT_CAN_SEE_FOLDER'
  83.             );
  84.         }
  86.         // set the attribute to check against
  87.         $attribute $attributes[0];
  89.         // check if the given attribute is covered by this voter
  90.         if (!$this->supportsAttribute($attribute)) {
  91.             return VoterInterface::ACCESS_ABSTAIN;
  92.         }
  94.         // get current logged in user
  95.         $user $token->getUser();
  97.         // make sure there is a user object (i.e. that the user is logged in)
  98.         if (!$user instanceof User) {
  99.             return VoterInterface::ACCESS_DENIED;
  100.         }
  102.         switch ($attribute) {
  103.             case self::DOCUMENT_CAN_WRITE_IN_FOLDER:
  104.                 // When there are multiple document spaces, this should be changed to test each corresponding eservice
  105.                 $eserviceOptionRepository $this->em->getRepository(EserviceOption::class);
  106.                 $writeOption =  $eserviceOptionRepository
  107.                     ->getUserEServiceOptionByCodeAndFamily(
  108.                         $user ,
  109.                         EserviceFamily::DOC_ESERVICE_FAMILY,
  110.                         "W_".$folder->getEservice());
  112.                 if ($writeOption !==null) {
  113.                     return VoterInterface::ACCESS_GRANTED;
  114.                 }
  115.                 break;
  116.         }
  118.         return VoterInterface::ACCESS_DENIED;
  119.     }
  120. }