src/Security/Voter/SatisfactionSurveys/SatisfactionSurveyCustomerResponseSecurityVoter.php line 17

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter\SatisfactionSurveys;
  5. use App\Entity\SatisfactionSurveys\SatisfactionSurveyCustomerResponse;
  6. use App\Entity\User;
  7. use App\Enum\MenuRolesAssociatedEnum;
  8. use App\Enum\MenuRolesManagerEnum;
  9. use App\Enum\UserRolesEnum;
  10. use App\Enum\VotersEnum;
  11. use App\Repository\SatisfactionSurveys\SatisfactionSurveyCustomerResponseRepository;
  12. use LogicException;
  13. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  14. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  15. use Symfony\Component\Security\Core\Security;
  17. final class SatisfactionSurveyCustomerResponseSecurityVoter extends Voter
  18. {
  19.     private Security $security;
  20.     private array $voters;
  21.     private SatisfactionSurveyCustomerResponseRepository $sscrr;
  23.     public function __construct(Security $securitySatisfactionSurveyCustomerResponseRepository $sscrr)
  24.     {
  25.         $this->security $security;
  26.         $this->voters = [
  27.             VotersEnum::LIST_SATISFACTION_SURVEY_CUSTOMER_RESPONSE,
  28.             VotersEnum::LIST_SATISFACTION_SURVEY_CUSTOMER_RESPONSE_ASSOCIATED,
  29.             VotersEnum::READ,
  30.             VotersEnum::OWN,
  31.             VotersEnum::EXPORT_SATISFACTION_SURVEY_CUSTOMER_RESPONSE,
  32.             VotersEnum::EXPORT_SATISFACTION_SURVEY_CUSTOMER_RESPONSE_ASSOCIATED,
  33.         ];
  34.         $this->sscrr $sscrr;
  35.     }
  37.     protected function supports(string $attribute$subject): bool
  38.     {
  39.         // first check the $subject and last if the $attribute is supported,
  40.         // because there are attributes (with subject) used as well by other voters (like UPDATE, ...)
  41.         if ($subject && !$subject instanceof SatisfactionSurveyCustomerResponse) {
  42.             // only vote on these objects
  43.             return false;
  44.         }
  45.         if (in_array($attribute$this->voters)) {
  46.             // if the attribute is one we support
  47.             return true;
  48.         }
  50.         return false;
  51.     }
  53.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  54.     {
  55.         $user $token->getUser();
  56.         if (!$user instanceof User) {
  57.             // the user must be logged in; if not, deny access
  58.             return false;
  59.         }
  60.         switch ($attribute) {
  61.             case VotersEnum::LIST_SATISFACTION_SURVEY_CUSTOMER_RESPONSE:
  62.                 return $this->canList();
  63.             case VotersEnum::LIST_SATISFACTION_SURVEY_CUSTOMER_RESPONSE_ASSOCIATED:
  64.                 return $this->canListAssociated();
  65.             case VotersEnum::READ:
  66.                 return $this->canRead();
  67.             case VotersEnum::OWN:
  68.                 return $this->isOwner($subject$user);
  69.             case VotersEnum::EXPORT_SATISFACTION_SURVEY_CUSTOMER_RESPONSE:
  70.                 return $this->canExport();
  71.             case VotersEnum::EXPORT_SATISFACTION_SURVEY_CUSTOMER_RESPONSE_ASSOCIATED:
  72.                 return $this->canExportAssociated();
  73.         }
  75.         throw new LogicException('This code should not be reached!');
  76.     }
  78.     private function canList(): bool
  79.     {
  80.         return $this->isAdminUser();
  81.     }
  83.     private function canListAssociated(): bool
  84.     {
  85.         return $this->isAssociatedUser();
  86.     }
  88.     private function canRead(): bool
  89.     {
  90.         return $this->isAdminUser() || $this->isAssociatedUser();
  91.     }
  93.     private function isOwner(SatisfactionSurveyCustomerResponse $satisfactionSurveyCustomerResponseUser $user): bool
  94.     {
  95.         if ($this->security->isGranted(UserRolesEnum::ROLE_ADMIN_LONG) || $this->security->isGranted(MenuRolesManagerEnum::ROLE_MENU_SATISFACTION_SURVEYS)) {
  96.             return true;
  97.         } elseif ($this->security->isGranted(UserRolesEnum::ROLE_COORDINATOR_LONG)) {
  98.             $satisfactionSurveyCustomerResponses $this->sscrr->getByProvincesSortedByBegin($user->getWorkProvinces());
  99.             /** @var SatisfactionSurveyCustomerResponse $item */
  100.             foreach ($satisfactionSurveyCustomerResponses as $item) {
  101.                 if ($satisfactionSurveyCustomerResponse->getId() === $item->getId()) {
  102.                     return true;
  103.                 }
  104.             }
  105.         } elseif ($satisfactionSurveyCustomerResponse->getGarage() && $satisfactionSurveyCustomerResponse->getGarage()->getOwner() && $satisfactionSurveyCustomerResponse->getGarage()->getOwner()->getId() === $user->getId()) {
  106.             return true;
  107.         }
  109.         return false;
  110.     }
  112.     private function canExport(): bool
  113.     {
  114.         return $this->isAdminUser();
  115.     }
  117.     private function canExportAssociated(): bool
  118.     {
  119.         return $this->isAssociatedUser();
  120.     }
  122.     private function isAssociatedUser(): bool
  123.     {
  124.         return $this->security->isGranted(MenuRolesAssociatedEnum::ROLE_MENU_SATISFACTION_SURVEYS_ASOCIATED);
  125.     }
  127.     private function isAdminUser(): bool
  128.     {
  129.         return $this->security->isGranted(MenuRolesManagerEnum::ROLE_MENU_SATISFACTION_SURVEYS);
  130.     }
  131. }