src/Security/Voter/UserProjectVoter.php line 20

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter;
  5. use App\Entity\Common\RoleInterface;
  6. use App\Entity\Common\StateInterface;
  7. use App\Entity\Project;
  8. use App\Entity\User;
  9. use App\Entity\UserProject;
  10. use App\Entity\UserWorkroom;
  11. use App\Entity\Workroom;
  12. use Doctrine\ORM\EntityManagerInterface;
  13. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  14. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  15. use Symfony\Component\Security\Core\User\UserInterface;
  17. /**
  18.  * Class UserProjectVoter.
  19.  */
  20. class UserProjectVoter extends Voter
  21. {
  22.     // Permissions.
  23.     const PROJECT_MANAGE_VIEW_CDP 'project_manage_view_cdp';
  24.     const PROJECT_MANAGE_VIEW_CDP_AND_WL 'project_manage_view_cdp_and_wl';
  26.     // Full list.
  27.     const PERMISSIONS = [
  28.         self::PROJECT_MANAGE_VIEW_CDP,
  29.         self::PROJECT_MANAGE_VIEW_CDP_AND_WL,
  30.     ];
  32.     private EntityManagerInterface $em;
  34.     public function __construct(EntityManagerInterface $em)
  35.     {
  36.         $this->em $em;
  37.     }
  39.     /**
  40.      * {@inheritdoc}
  41.      */
  42.     protected function supports($attribute$subject): bool
  43.     {
  44.         return in_array($attributeself::PERMISSIONS) && ($subject instanceof Project);
  45.     }
  47.     /**
  48.      * {@inheritdoc}
  49.      */
  50.     protected function voteOnAttribute($attribute$subjectTokenInterface $token): bool
  51.     {
  52.         /** @var User $user */
  53.         $user $token->getUser();
  55.         // If the user is anonymous, do not grant access.
  56.         if (!$user instanceof UserInterface) {
  57.             return false;
  58.         }
  60.         // Check conditions and provide access bases on it.
  61.         switch ($attribute) {
  62.             case self::PROJECT_MANAGE_VIEW_CDP:
  63.                 return $this->canViewCdp($subject$user);
  64.             case self::PROJECT_MANAGE_VIEW_CDP_AND_WL:
  65.                 return $this->canViewCdpAndWl($subject$user);
  67.             default:
  68.                 break;
  69.         }
  71.         return false;
  72.     }
  74.     /**
  75.      * Check that the user can view the workroom
  76.      * If the user has UserWorkroom entity we provide access, otherwise - not !!!
  77.      */
  78.     public function canViewCdp(Project $projectUser $user): bool
  79.     {
  80.         if ($project->getState() == StateInterface::STATE_ARCHIVED_INT) return false;
  82.         $userProject $this->em->getRepository(UserProject::class)->findOneBy([
  83.             'user' => $user,
  84.             'project' => $project
  85.         ]);
  87.         return ($userProject->getRole() == RoleInterface::ROLE_PROJECT_MANAGER_INT) ? true false;
  88.     }
  90.     /**
  91.      * Check that the user can view the workroom
  92.      * If the user has UserWorkroom entity we provide access, otherwise - not !!!
  93.      */
  94.     public function canViewCdpAndWl(Project $projectUser $user): bool
  95.     {
  96.         if ($project->getState() == StateInterface::STATE_ARCHIVED_INT) return false;
  98.         $userProject $this->em->getRepository(UserProject::class)->findOneBy([
  99.             'user' => $user,
  100.             'project' => $project
  101.         ]);
  103.         if ($userProject->getRole() == RoleInterface::ROLE_PROJECT_MANAGER_INT) return true;
  105.         $workroomsOfProject $project->getWorkroomsIds();
  106.         $workroomsOfUser $user->getUserWorkrooms();
  108.         foreach ($workroomsOfUser as $workroomUser) {
  109.             if (in_array($workroomUser->getWorkroom()->getId(), $workroomsOfProject)) {
  110.                 if ($workroomUser->getRole() == RoleInterface::ROLE_LEADER_WORKROOM_INT) {
  111.                     return true;
  112.                 }
  113.             }
  114.         }
  116.         return false;
  117.     }
  118. }