src/Security/ItineraryVoter.php line 12

Open in your IDE?
  1. <?php
  3. namespace App\Security;
  5. use App\Entity\Itinerary;
  6. use App\Entity\Permission;
  7. use App\Entity\User;
  8. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  9. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  10. use Symfony\Component\Security\Core\Security;
  12. class ItineraryVoter extends Voter
  13. {
  14.     const CREATE_ITINERARY 'createItinerary';
  15.     const EDIT_ITINERARY 'editItinerary';
  16.     const PUBLISH_LIVE_ITINERARY 'publishLiveItinerary';
  17.     const PUBLISH_BETA_ITINERARY 'publishBetaItinerary';
  18.     const PUBLISH_PGOH_ITINERARY 'publishPGOHItinerary';
  20.     const LIST_PLAYER 'listPlayer';
  21.     const CREATE_PLAYER 'createPlayer';
  22.     const EDIT_PLAYER 'editPlayer';
  24.     const LIST_SOUND 'listSound';
  25.     const CREATE_SOUND 'createSound';
  26.     const EDIT_SOUND 'editSound';
  28.     const LIST_CODE 'listCode';
  29.     const CREATE_CODE 'createCode';
  30.     const EDIT_CODE 'editCode';
  32.     private Security $security;
  34.     public function __construct(Security $security)
  35.     {
  36.         $this->security $security;
  37.     }
  39.     protected function supports($attribute$subject): bool
  40.     {
  41.         if (!in_array($attribute, [
  42.             self::CREATE_ITINERARY,
  43.             self::EDIT_ITINERARY,
  44.             self::PUBLISH_LIVE_ITINERARY,
  45.             self::PUBLISH_BETA_ITINERARY,
  46.             self::PUBLISH_PGOH_ITINERARY,
  47.             self::LIST_PLAYER,
  48.             self::CREATE_PLAYER,
  49.             self::EDIT_PLAYER,
  50.             self::LIST_SOUND,
  51.             self::CREATE_SOUND,
  52.             self::EDIT_SOUND,
  53.             self::LIST_CODE,
  54.             self::CREATE_CODE,
  55.             self::EDIT_CODE,
  56.         ])) {
  57.             return false;
  58.         }
  60.         if($subject === null && $attribute === self::CREATE_ITINERARY) {
  61.             return true;
  62.         }
  64.         if (!$subject instanceof Itinerary) {
  65.             return false;
  66.         }
  68.         return true;
  69.     }
  71.     /**
  72.      * @param $attribute
  73.      * @param Itinerary $subject
  74.      * @param TokenInterface $token
  75.      * @return bool
  76.      */
  77.     protected function voteOnAttribute($attribute$subjectTokenInterface $token): bool
  78.     {
  79.         $user $token->getUser();
  81.         if (!$user instanceof User) {
  82.             return false;
  83.         }
  85.         if ($this->security->isGranted('ROLE_ADMINISTRATOR')) {
  86.             return true;
  87.         }
  90.         if($attribute === self::CREATE_ITINERARY) {
  91.             return $user->getPermissions()->exists(function(int $indexPermission $permission) {
  92.                 return $permission->getRole() === Permission::ROLE_ADMIN;
  93.             });
  94.         }
  96.         $itinerary $subject;
  97.         $organization $itinerary->getOrganization();
  98.         foreach ($user->getPermissions() as $permission) {
  99.             if ($permission->getOrganization()->getId() === $organization->getId()) {
  100.                 switch ($attribute) {
  101.                     case self::CREATE_ITINERARY:
  102.                         return in_array($permission->getRole(), [Permission::ROLE_ADMINPermission::ROLE_PEDAGOH]);
  103.                     case self::EDIT_ITINERARY:
  104.                         return in_array($permission->getRole(), [Permission::ROLE_ADMINPermission::ROLE_EDITORPermission::ROLE_ARTISTPermission::ROLE_COMMUNICATIONPermission::ROLE_PEDAGOH]);
  105.                     case self::PUBLISH_LIVE_ITINERARY:
  106.                         return in_array($permission->getRole(), [Permission::ROLE_ADMINPermission::ROLE_EDITORPermission::ROLE_COMMUNICATIONPermission::ROLE_PEDAGOH]);
  107.                     case self::PUBLISH_BETA_ITINERARY:
  108.                         return in_array($permission->getRole(), [Permission::ROLE_ADMINPermission::ROLE_EDITORPermission::ROLE_COMMUNICATIONPermission::ROLE_ARTIST]);
  109.                     case self::PUBLISH_PGOH_ITINERARY:
  110.                         return in_array($permission->getRole(), [Permission::ROLE_ADMINPermission::ROLE_PEDAGOH]) && $itinerary->getIsPedagoh();
  111.                     case self::LIST_PLAYER:
  112.                         return in_array($permission->getRole(), [Permission::ROLE_ADMINPermission::ROLE_EDITORPermission::ROLE_ARTISTPermission::ROLE_PEDAGOH]);
  113.                     case self::CREATE_PLAYER:
  114.                         return in_array($permission->getRole(), [Permission::ROLE_ADMINPermission::ROLE_EDITORPermission::ROLE_ARTISTPermission::ROLE_PEDAGOH]);
  115.                     case self::EDIT_PLAYER:
  116.                         return in_array($permission->getRole(), [Permission::ROLE_ADMINPermission::ROLE_EDITORPermission::ROLE_ARTISTPermission::ROLE_PEDAGOH]);
  117.                     case self::LIST_SOUND:
  118.                         return in_array($permission->getRole(), [Permission::ROLE_ADMINPermission::ROLE_EDITORPermission::ROLE_ARTISTPermission::ROLE_PEDAGOH]);
  119.                     case self::CREATE_SOUND:
  120.                         return in_array($permission->getRole(), [Permission::ROLE_ADMINPermission::ROLE_EDITORPermission::ROLE_ARTISTPermission::ROLE_PEDAGOH]);
  121.                     case self::EDIT_SOUND:
  122.                         return in_array($permission->getRole(), [Permission::ROLE_ADMINPermission::ROLE_EDITORPermission::ROLE_ARTISTPermission::ROLE_PEDAGOH]);
  123.                     case self::LIST_CODE:
  124.                         return in_array($permission->getRole(), [Permission::ROLE_ADMINPermission::ROLE_EDITORPermission::ROLE_ARTIST]);
  125.                     case self::CREATE_CODE:
  126.                         return in_array($permission->getRole(), [Permission::ROLE_ADMINPermission::ROLE_EDITORPermission::ROLE_ARTIST]);
  127.                     case self::EDIT_CODE:
  128.                         return in_array($permission->getRole(), [Permission::ROLE_ADMINPermission::ROLE_EDITORPermission::ROLE_ARTIST]);
  129.                 }
  130.             }
  131.         }
  133.         return false;
  134.     }
  135. }