<?php
/**
* Copyright (C) SUEZ Smart Solutions - All Rights Reserved
* On’Connect Gateway Management, 2018
* Unauthorized copying of this file, via any medium is strictly prohibited
* Proprietary and confidential
* For the full copyright and license information, please report to the LICENSE CONTRACT.
*/
namespace TSMS\TradeBundle\Security\Voter;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
/**@todo check use / delete */
class FolderTreeVoter implements VoterInterface
{
const DOCUMENT_IS_FOLDER_TREE_CORRECT = 'DOCUMENT_IS_FOLDER_TREE_CORRECT';
/**
* {@inheritdoc}
*/
public function supportsAttribute($attribute)
{
return in_array($attribute, [self::DOCUMENT_IS_FOLDER_TREE_CORRECT]);
}
/**
* {@inheritdoc}
*/
public function supportsClass($class)
{
return is_array($class) && isset($class['foldersId']) && isset($class['folderPath']) && isset($class['contractId']);
}
/**
* @param TokenInterface $token
* @param null|object $object
* @param array $attributes
*
* @return int
*/
public function vote(TokenInterface $token, $object, array $attributes)
{
// check if the class of this object is supported by this voter
if (!$this->supportsClass($object)) {
return VoterInterface::ACCESS_ABSTAIN;
}
// check if the voter is used correctly, only allow one attribute
// this isn't a requirement, it's just one easy way for you to
// design your voter
if (1 !== count($attributes)) {
throw new \InvalidArgumentException(
'Only one attribute is allowed for DOCUMENT_IS_FOLDER_TREE_CORRECT'
);
}
// set the attribute to check against
$attribute = $attributes[0];
// check if the given attribute is covered by this voter
if (!$this->supportsAttribute($attribute)) {
return VoterInterface::ACCESS_ABSTAIN;
}
switch ($attribute) {
case self::DOCUMENT_IS_FOLDER_TREE_CORRECT:
$isSameContract = intval($object['contractId']) === intval(end($object['folderPath'])['contract']);
$isTreeCorrect = true;
foreach ($object['foldersId'] as $depth => $folderId) {
if (
!isset($object['folderPath'][$depth]) ||
$object['folderPath'][$depth]['parentId'] !== $folderId
) {
$isTreeCorrect = false;
}
}
if ($isSameContract && $isTreeCorrect) {
return VoterInterface::ACCESS_GRANTED;
}
break;
}
return VoterInterface::ACCESS_DENIED;
}
}