src/MentalSchool/AppBundle/Security/Authorization/Voter/GeneralVoter.php line 14

Open in your IDE?
  1. <?php
  2. // src/Security/Authorization/Voter/UserAclVoter.php
  4. namespace MentalSchool\AppBundle\Security\Authorization\Voter;
  6. use MentalSchool\AppBundle\Entity\User;
  7. use MentalSchool\AppBundle\Security\AppRoles;
  8. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  9. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  10. use Symfony\Component\DependencyInjection\{
  11.     ContainerInterfaceContainerAwareInterface
  12. };
  14. class GeneralVoter extends Voter implements ContainerAwareInterface
  15. {
  16.     /**
  17.      * @var null|ContainerInterface A ContainerInterface instance.
  18.      */
  19.     protected $container null;
  21.     /**
  22.      * Set container.
  23.      *
  24.      * @param ContainerInterface $container A ContainerInterface instance.
  25.      */
  26.     public function setContainer(ContainerInterface $container null): void
  27.     {
  28.         if (null === $this->container) {
  29.             $this->container $container;
  30.         }
  31.     }
  33.       protected function supports($attribute$subject)
  34.     {
  35.         if(!defined('MentalSchool\AppBundle\Security\AppRoles::'$attribute)){
  36.                 return false;
  37.         }
  39.         $permission constant('MentalSchool\AppBundle\Security\AppRoles::'$attribute);
  41.         // if the attribute isn't one we support, return false
  42.         if (!in_array($permission, [
  43.             AppRoles::ROLE_GENERAL_SHOW_NEWS_LIST,
  44.             AppRoles::ROLE_GENERAL_ADD_NEW_PLACE,
  45.             AppRoles::ROLE_SHOW_INFORMATION_PAGE,
  46.         ])) {
  47.             return false;
  48.         }
  50.         return true;
  51.     }
  53.     protected function voteOnAttribute($attribute$subjectTokenInterface $token)
  54.     {
  56.         $user $token->getUser();
  57.         if (!$user instanceof User) {
  58.             return false;
  59.         }
  60.         if (count(array_intersect(array('ROLE_SUPER_ADMIN'), $user->getRoles()))) {
  61.             return true;
  62.         }
  64.         $attribute constant('MentalSchool\AppBundle\Security\AppRoles::'$attribute);
  65.         switch ($attribute) {
  66.             case AppRoles::ROLE_GENERAL_SHOW_NEWS_LIST:
  67.                 return $this->canSeeNewsList($user);
  68.             case AppRoles::ROLE_GENERAL_ADD_NEW_PLACE:
  69.                 return $this->canAddNewPlace($user$subject);
  70.             case AppRoles::ROLE_SHOW_INFORMATION_PAGE:
  71.                 return $this->canShowInformationPage($user);
  72.         }
  73.         return false;
  74.     }
  76.     /**
  77.      * Checks whether user is granted to see news .
  78.      *
  79.      * @param User $loggedUser An User instance.
  80.      *
  81.      * @return boolean
  82.      */
  83.     private function canSeeNewsList(User $loggedUser): bool
  84.     {
  85.         if (count(array_intersect(array('ROLE_DIRECTOR'), $loggedUser->getRoles()))) {
  86.             return true;
  87.         }
  88.         if (count(array_intersect(array('ROLE_TEACHER'), $loggedUser->getRoles()))) {
  89.             return $loggedUser->hasPermissionOnAction(AppRoles::ROLE_GENERAL_SHOW_NEWS_LIST);
  90.         }
  91.         return false;
  92.     }
  94.     /**
  95.      * Checks whether user is granted to add palace
  96.      *
  97.      * @param User $loggedUser An User instance.
  98.      *
  99.      * @return boolean
  100.      */
  101.     private function canAddNewPlace(User $loggedUser): bool
  102.     {
  103.         if (count(array_intersect(array('ROLE_DIRECTOR'), $loggedUser->getRoles()))) {
  104.             return true;
  105.         }
  106.         if (count(array_intersect(array('ROLE_TEACHER'), $loggedUser->getRoles()))) {
  107.             return $loggedUser->hasPermissionOnAction(AppRoles::ROLE_GENERAL_ADD_NEW_PLACE);
  108.         }
  109.         return false;
  110.     }
  112.     /**
  113.      * Checks whether user is granted to show information page
  114.      *
  115.      * @param User $loggedUser An User instance.
  116.      *
  117.      * @return boolean
  118.      */
  119.     private function canShowInformationPage(User $loggedUser): bool
  120.     {
  121.         $em $this->container->get('doctrine')->getManager();
  122.         if ($em->getRepository('AppBundle:InformationPage')->hasAccessToInformationPage($loggedUser->getSchool()->getId())){
  123.             if (count(array_intersect(array('ROLE_DIRECTOR'), $loggedUser->getRoles()))) {
  124.                 return true;
  125.             }
  126.             if (count(array_intersect(array('ROLE_TEACHER'), $loggedUser->getRoles()))) {
  127.                 return $loggedUser->hasPermissionOnAction(AppRoles::ROLE_SHOW_INFORMATION_PAGE);
  128.             }
  129.         }
  130.         return false;
  131.     }
  132. }