src/Security/ClientVoter.php line 12

  1. <?php
  2. namespace App\Security;
  4. use App\Entity\Users;
  5. use App\Entity\VehicleClients;
  6. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  7. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  8. use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
  9. use Doctrine\ORM\EntityManagerInterface;
  10. use App\Service\UserHelper;
  12. class ClientVoter extends Voter
  13. {
  14.     const ACCESS= [ 
  15.         'client_vehicles_list'              => 'client_vehicles_list',
  16.         'client_view_delegations'           => 'client_view_delegations',
  17.         'client_add_delegations'            => 'client_add_delegations',
  18.         'client_bidding'                    => 'client_bidding',
  19.         'client_current_auction_deposit'    => 'client_current_auction_deposit',
  20.         'client_transactions'               => 'client_transactions',
  21.         'client_bonds'                      => 'client_bonds',
  22.         'client_financial'                  => 'client_financial'];
  24.     /**
  25.      * @var AccessDecisionManager|null
  26.      */
  27.     protected \Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface $decisionManager;
  29.     /**
  30.      * @var EntityManager|null
  31.      */
  32.     protected \Doctrine\ORM\EntityManagerInterface $entityManager;
  34.     /**
  35.      * @var EntityManager|null
  36.      */
  37.     protected \App\Service\UserHelper $userHelper;
  40.     /**
  41.      * DelegateVoter constructor.
  42.      * @param AccessDecisionManager|null $decisionManager
  43.      * @param EntityManager|null $entityManager
  44.      */
  45.     public function __construct(AccessDecisionManagerInterface $decisionManagerEntityManagerInterface $entityManagerUserHelper $userHelper)
  46.     {
  47.         $this->decisionManager $decisionManager;
  48.         $this->entityManager $entityManager;
  49.         $this->userHelper $userHelper;
  50.     }
  52.     /**
  53.      * determines if your voter should vote on the attribute/subject combination. If you return true,
  54.      * voteOnAttribute() will be called. Otherwise, your voter is done: some other voter should process this
  55.      */
  56.     protected function supports($attribute$subject): bool
  57.     {
  58.         // if the attribute isn't one we support, return false
  59.         return in_array($attributeself::ACCESS);
  60.     }
  62.     /**
  63.      * If you return true from supports(), then this method is called. Your job is simple: return true to allow access
  64.      * and false to deny access
  65.      */
  66.     protected function voteOnAttribute($attribute$subjectTokenInterface $token): bool
  67.     {
  68.         $user $token->getUser();
  70.         if (!$user instanceof Users) {
  71.             return false// the user must be logged in; if not, deny access
  72.         }
  73.         
  74.         // ROLE_SUPER_ADMIN can do anything! The power! Calling decide() on the AccessDecisionManager is essentially the same
  75.         // as calling isGranted() from a controller or other places (it's just a little lower-level, which is necessary for a voter).
  76.         if ($this->decisionManager->decide($token, ['ROLE_SUPER_ADMIN'])) {
  77.             return true;
  78.         }
  80.         // you know $subject is a VehicleClient object, thanks to supports
  81.         /** @var VehicleClients $vehicleClient */
  82.         $vehicleClient $subject;
  84.         switch ($attribute) {
  85.             case self::ACCESS['client_vehicles_list']:
  86.                 return $vehicleClient->getUser() == $user || $this->isDelegated($vehicleClient$user) || $this->decisionManager->decide($token, ['ROLE_ADMIN'])|| $this->decisionManager->decide($token, ['ROLE_BENEFICIARY_REP']);
  87.             case self::ACCESS['client_view_delegations']:
  88.             case self::ACCESS['client_add_delegations']:
  89.             case self::ACCESS['client_transactions']:
  90.             case self::ACCESS['client_bonds']:
  91.             case self::ACCESS['client_current_auction_deposit']:
  92.                 return $this->decisionManager->decide($token, ['ROLE_ADMIN']);
  93.             case self::ACCESS['client_bidding']:
  94.                 return $vehicleClient->getUser() == $user || $this->isDelegated($vehicleClient$user);
  95.             case self::ACCESS['client_financial']:
  96.                 return $this->decisionManager->decide($token, ['ROLE_ACCOUNTANT']);
  97.         }
  99.         throw new \LogicException('This code should not be reached!');
  100.     }
  102.     /**
  103.      */
  104.     private function isDelegated(VehicleClients $delegatorUsers $user)
  105.     {
  106. //        $em = $this->entityManager;
  107. //        $delegations = $em->getRepository(ClientsDelegation::class)->findByDelegated($user->getUserId());
  108.         $delegations$this->userHelper->getUserDelegators($user);
  109.         foreach($delegations as $delegation){
  110.             if($delegation->getDelegator() 
  111.                     && $delegation->getDelegator()->getCompany() 
  112.                     && $delegation->getDelegator()->getCompany()->getCompanyId() == $delegator->getClientId()){
  113.                 //the delegator is a company and matches the delegator client
  114.                 return true;
  115.             }else if($delegation->getDelegator() && 
  116.                     $delegation->getDelegator()->getUser()  == $delegator->getClientId() ){
  117.                 //the delegator is a user and matches the delegator client
  118.                 return true;
  119.             }
  120.         }
  121.         return false;
  122.     }
  124. }