src/Security/Voter/ProfileVoter.php line 15

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter;
  5. use App\Entity\Profile\Profile;
  6. use App\Entity\User\User;
  7. use App\Enums\Constants;
  8. use App\Repository\User\RoleRepository;
  9. use App\Service\AuthenticationService;
  10. use App\Service\ProfileService;
  11. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  12. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  13. use Symfony\Component\Security\Core\User\UserInterface;
  15. class ProfileVoter extends Voter
  16. {
  17.     private const PROFILE_ACCESS 'PROFILE_ACCESS';
  18.     private const PROFILE_OWNER 'PROFILE_OWNER';
  19.     private const PROFILE_ADMIN 'PROFILE_ADMIN';
  20.     private const PROFILE_EDITOR 'PROFILE_EDITOR';
  21.     private const PROFILE_ANALYTIC 'PROFILE_ANALYTIC';
  23.     /**
  24.      * @var ProfileService
  25.      */
  26.     private $profileService;
  28.     /**
  29.      * @var RoleRepository
  30.      */
  31.     private $roleRepository;
  33.     /** @var AuthenticationService */
  34.     private $authenticationService;
  36.     public function __construct(
  37.         ProfileService $profileService,
  38.         RoleRepository $roleRepository,
  39.         AuthenticationService $authenticationService
  40.     )
  41.     {
  42.         $this->profileService $profileService;
  43.         $this->roleRepository $roleRepository;
  44.         $this->authenticationService $authenticationService;
  45.     }
  47.     protected function supports($attribute$subject)
  48.     {
  49.         return in_array($attribute, [
  50.             self::PROFILE_ACCESS,
  51.             self::PROFILE_OWNER,
  52.             self::PROFILE_ADMIN,
  53.             self::PROFILE_EDITOR,
  54.             self::PROFILE_ANALYTIC,
  55.         ], true) && $subject instanceof Profile;
  56.     }
  58.     protected function voteOnAttribute($attribute$subjectTokenInterface $token)
  59.     {
  60.         if($_ENV['CWR_ENVIROMENT'] === "local"){
  61.             return true;
  62.         }
  64.         /** @var User $user */
  65.         $user $token->getUser();
  67.         // if the user is anonymous, do not grant access
  68.         if (!$user instanceof UserInterface) {
  69.             return false;
  70.         }
  72.         if($this->authenticationService->userIsMmpzServiceAdmin($user)){
  73.             return true;
  74.         }
  76.        switch ($attribute) {
  77.             case self::PROFILE_ACCESS:
  78.                 return $this->profileService->userCanAccessProfile($user$subject);
  80.             case self::PROFILE_OWNER:
  81.                 $ownerRole $this->roleRepository->findOneByName(Constants::PROFILE_ROLE_NAME_OWNER);
  82.                 return
  83.                     $this->profileService->roleSupportedBetweenUserAndProfile($user$subject$ownerRole);
  85.             case self::PROFILE_ADMIN:
  86.                 $adminRole $this->roleRepository->findOneByName(Constants::PROFILE_ROLE_NAME_ADMIN);
  87.                 return
  88.                     $this->profileService->roleSupportedBetweenUserAndProfile($user$subject$adminRole);
  90.             case self::PROFILE_EDITOR:
  91.                 $editorRole $this->roleRepository->findOneByName(Constants::PROFILE_ROLE_NAME_EDITOR);
  92.                 return
  93.                     $this->profileService->checkTheRolByUserInAProfile($subject$user);
  95.             case self::PROFILE_ANALYTIC:
  96.                 $role $this->profileService->checkTheRolByUserInAProfile($subject$user);
  97.                 if($role->getName() !== Constants::PROFILE_ROLE_NAME_EDITOR){
  98.                     return true;
  99.                 }
  100.         }
  102.         return false;
  103.     }
  104. }