src/Security/Voter/BackendCustomerVoter.php line 13

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter;
  5. use App\Entity\User;
  6. use App\Utils\Commons;
  7. use LogicException;
  8. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  9. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  10. use Symfony\Component\Security\Core\Security;
  11. use Symfony\Component\Security\Core\User\UserInterface;
  13. class BackendCustomerVoter extends Voter
  14. {
  15.     const BACKEND_CUSTOMER_VIEW 'BACKEND_CUSTOMER_VIEW';
  16.     const BACKEND_CUSTOMER_SHOW 'BACKEND_CUSTOMER_SHOW';
  17.     const BACKEND_CUSTOMER_EDIT 'BACKEND_CUSTOMER_EDIT';
  18.     const BACKEND_CUSTOMER_INACTIVE 'BACKEND_CUSTOMER_INACTIVE';
  19.     const BACKEND_CUSTOMER_DELETE 'BACKEND_CUSTOMER_DELETE';
  20.     const BACKEND_CUSTOMER_BILLING_STATUS 'BACKEND_CUSTOMER_BILLING_STATUS';
  22.     const BACKEND_CUSTOMER_USERS_VIEW 'BACKEND_CUSTOMER_USERS_VIEW';
  23.     const BACKEND_CUSTOMER_TEAM_CHANGE 'BACKEND_CUSTOMER_TEAM_CHANGE';
  24.     const BACKEND_CUSTOMER_INVOICES_VIEW 'BACKEND_CUSTOMER_INVOICES_VIEW';
  25.     const BACKEND_CUSTOMER_TRANSACTIONS_VIEW 'BACKEND_CUSTOMER_TRANSACTIONS_VIEW';
  26.     const BACKEND_CUSTOMER_PLAN_CHANGES_VIEW 'BACKEND_CUSTOMER_PLAN_CHANGES_VIEW';
  27.     const BACKEND_CUSTOMER_KEYS_VIEW 'BACKEND_CUSTOMER_KEYS_VIEW';
  29.     const BACKEND_CUSTOMER_TRANSACTION_CHARGE 'BACKEND_CUSTOMER_TRANSACTION_CHARGE';
  30.     const BACKEND_CUSTOMER_TRANSACTION_CANCEL 'BACKEND_CUSTOMER_TRANSACTION_CANCEL';
  31.     const BACKEND_CUSTOMER_TRANSACTION_REMOVE_AUTH 'BACKEND_CUSTOMER_TRANSACTION_REMOVE_AUTH';
  33.     const BACKEND_CUSTOMER_PLAN_CHANGE_EDIT 'BACKEND_CUSTOMER_PLAN_CHANGE_EDIT';
  34.     /**
  35.      * @var Security
  36.      */
  37.     private $security;
  38.     /**
  39.      * @var Commons
  40.      */
  41.     private $commons;
  42.     /**
  43.      * @var array
  44.      */
  45.     private $permissions;
  47.     /**
  48.      * SupportVoter constructor.
  49.      * @param Security $security
  50.      * @param Commons $commons
  51.      */
  52.     public function __construct(Security $securityCommons $commons)
  53.     {
  54.         $this->security $security;
  55.         $this->commons $commons;
  56.         $this->permissions = [];
  57.     }
  59.     /**
  60.      * @param string $attribute
  61.      * @param mixed $subject
  62.      * @return bool
  63.      */
  64.     protected function supports($attribute$subject): bool
  65.     {
  66.         if (!in_array($attribute,
  67.             [
  68.                 self::BACKEND_CUSTOMER_VIEWself::BACKEND_CUSTOMER_SHOWself::BACKEND_CUSTOMER_EDIT,
  69.                 self::BACKEND_CUSTOMER_INACTIVEself::BACKEND_CUSTOMER_DELETEself::BACKEND_CUSTOMER_BILLING_STATUS,
  70.                 self::BACKEND_CUSTOMER_USERS_VIEWself::BACKEND_CUSTOMER_TRANSACTIONS_VIEWself::BACKEND_CUSTOMER_INVOICES_VIEW,
  71.                 self::BACKEND_CUSTOMER_KEYS_VIEWself::BACKEND_CUSTOMER_PLAN_CHANGES_VIEWself::BACKEND_CUSTOMER_TEAM_CHANGE,
  72.                 self::BACKEND_CUSTOMER_TRANSACTION_CANCELself::BACKEND_CUSTOMER_TRANSACTION_CHARGEself::BACKEND_CUSTOMER_TRANSACTION_REMOVE_AUTH,
  73.                 self::BACKEND_CUSTOMER_PLAN_CHANGE_EDIT
  74.             ]
  75.         )) {
  76.             return false;
  77.         }
  78.         return true;
  80.     }
  82.     /**
  83.      * @param string $attribute
  84.      * @param mixed $subject
  85.      * @param TokenInterface $token
  86.      * @return bool
  87.      */
  88.     protected function voteOnAttribute($attribute$subjectTokenInterface $token): bool
  89.     {
  90.         /** @var User $user */
  91.         $user $token->getUser();
  92.         // if the user is anonymous, do not grant access
  93.         if (!$user instanceof UserInterface) {
  94.             return false;
  95.         }
  96.         $this->permissions $this->commons->getBackendPermissions($user);
  98.         if ($this->hasSuperUser() === true) {
  99.             return true;
  100.         }
  102.         switch ($attribute) {
  103.             case self::BACKEND_CUSTOMER_VIEW:
  104.                 return $this->canView();
  105.             case self::BACKEND_CUSTOMER_SHOW:
  106.                 return $this->canShow();
  107.             case self::BACKEND_CUSTOMER_INACTIVE:
  108.                 return $this->canInactive();
  109.             case self::BACKEND_CUSTOMER_EDIT:
  110.                 return $this->canEdit();
  111.             case self::BACKEND_CUSTOMER_DELETE:
  112.                 return $this->canDelete();
  113.             case self::BACKEND_CUSTOMER_TEAM_CHANGE:
  114.                 return $this->canTeamChange();
  115.             case self::BACKEND_CUSTOMER_BILLING_STATUS:
  116.                 return $this->canBillingAllow();
  117.             case self::BACKEND_CUSTOMER_USERS_VIEW:
  118.                 return $this->canViewUsers();
  119.             case self::BACKEND_CUSTOMER_TRANSACTIONS_VIEW:
  120.                 return $this->canViewTransactions();
  121.             case self::BACKEND_CUSTOMER_INVOICES_VIEW:
  122.                 return $this->canViewInvoices();
  123.             case self::BACKEND_CUSTOMER_KEYS_VIEW:
  124.                 return $this->canViewKeys();
  125.             case self::BACKEND_CUSTOMER_PLAN_CHANGES_VIEW:
  126.                 return $this->canViewPlanChanges();
  127.             case self::BACKEND_CUSTOMER_PLAN_CHANGE_EDIT:
  128.                 return $this->canEditPlanChange();
  129.             case self::BACKEND_CUSTOMER_TRANSACTION_CHARGE:
  130.                 return $this->canTransactionCharge();
  131.             case self::BACKEND_CUSTOMER_TRANSACTION_CANCEL:
  132.                 return $this->canTransactionCancel();
  133.             case self::BACKEND_CUSTOMER_TRANSACTION_REMOVE_AUTH:
  134.                 return $this->canRemoveAuth();
  135.         }
  137.         throw new LogicException('Invalid attribute: ' $attribute);
  138.     }
  140.     /**
  141.      * Return True if have Super View Permission else return false
  142.      * @return bool
  143.      */
  144.     private function hasSuperUser(): bool
  145.     {
  146.         if (array_key_exists('superUser'$this->permissions)) {
  147.             if (in_array('Yes'$this->permissions['superUser'])) {
  148.                 return true;
  149.             }
  150.         }
  151.         return false;
  152.     }
  154.     /**
  155.      * Return True if have View Permission else return false
  156.      * @return bool
  157.      */
  158.     private function canView(): bool
  159.     {
  160.         if (array_key_exists('customer'$this->permissions)) {
  161.             if (in_array('View'$this->permissions['customer'])) {
  162.                 return true;
  163.             }
  164.         }
  165.         return false;
  166.     }
  168.     /**
  169.      * Return True if have Show Permission else return false
  170.      * @return bool
  171.      */
  172.     private function canShow(): bool
  173.     {
  174.         if (array_key_exists('customer'$this->permissions)) {
  175.             if (in_array('Show'$this->permissions['customer'])) {
  176.                 return true;
  177.             }
  178.         }
  179.         return false;
  180.     }
  182.     /**
  183.      * Return True if have Edit Permission else return false
  184.      * @return bool
  185.      */
  186.     private function canEdit(): bool
  187.     {
  188.         if (array_key_exists('customer'$this->permissions)) {
  189.             if (in_array('Edit'$this->permissions['customer'])) {
  190.                 return true;
  191.             }
  192.         }
  193.         return false;
  194.     }
  196.     /**
  197.      * Return True if have Change Status Permission else return false
  198.      * @return bool
  199.      */
  200.     private function canInactive(): bool
  201.     {
  202.         if (array_key_exists('customer'$this->permissions)) {
  203.             if (in_array('Inactive'$this->permissions['customer'])) {
  204.                 return true;
  205.             }
  206.         }
  207.         return false;
  208.     }
  210.     /**
  211.      * Return True if have Delete Permission else return false
  212.      * @return bool
  213.      */
  214.     private function canDelete(): bool
  215.     {
  216.         if (array_key_exists('customer'$this->permissions)) {
  217.             if (in_array('Delete'$this->permissions['customer'])) {
  218.                 return true;
  219.             }
  220.         }
  221.         return false;
  222.     }
  225.     /**
  226.      * Return True if have TeamChange Permission else return false
  227.      * @return bool
  228.      */
  229.     private function canTeamChange(): bool
  230.     {
  231.         if (array_key_exists('customer'$this->permissions)) {
  232.             if (in_array('TeamChange'$this->permissions['customer'])) {
  233.                 return true;
  234.             }
  235.         }
  236.         return false;
  237.     }
  239.     /**
  240.      * Return True if have ViewUsers Permission else return false
  241.      * @return bool
  242.      */
  243.     private function canViewUsers(): bool
  244.     {
  245.         if (array_key_exists('customerAbo'$this->permissions)) {
  246.             if (in_array('ViewUsers'$this->permissions['customerAbo'])) {
  247.                 return true;
  248.             }
  249.         }
  250.         return false;
  251.     }
  253.     /**
  254.      * Return True if have ViewTransactions Permission else return false
  255.      * @return bool
  256.      */
  257.     private function canViewTransactions(): bool
  258.     {
  259.         if (array_key_exists('customerAbo'$this->permissions)) {
  260.             if (in_array('ViewTransactions'$this->permissions['customerAbo'])) {
  261.                 return true;
  262.             }
  263.         }
  264.         return false;
  265.     }
  267.     /**
  268.      * Return True if have ViewInvoices Permission else return false
  269.      * @return bool
  270.      */
  271.     private function canViewInvoices(): bool
  272.     {
  273.         if (array_key_exists('customerAbo'$this->permissions)) {
  274.             if (in_array('ViewInvoices'$this->permissions['customerAbo'])) {
  275.                 return true;
  276.             }
  277.         }
  278.         return false;
  279.     }
  281.     /**
  282.      * Return True if have ViewKeys Permission else return false
  283.      * @return bool
  284.      */
  285.     private function canViewKeys(): bool
  286.     {
  287.         if (array_key_exists('customerAbo'$this->permissions)) {
  288.             if (in_array('ViewKeys'$this->permissions['customerAbo'])) {
  289.                 return true;
  290.             }
  291.         }
  292.         return false;
  293.     }
  295.     /**
  296.      * Return True if have ViewPlanChanges Permission else return false
  297.      * @return bool
  298.      */
  299.     private function canViewPlanChanges(): bool
  300.     {
  301.         if (array_key_exists('customerAbo'$this->permissions)) {
  302.             if (in_array('ViewPlanChanges'$this->permissions['customerAbo'])) {
  303.                 return true;
  304.             }
  305.         }
  306.         return false;
  307.     }
  309.     /**
  310.      * Return True if have BillingAllow Permission else return false
  311.      * @return bool
  312.      */
  313.     private function canBillingAllow(): bool
  314.     {
  315.         if (array_key_exists('customerInvoices'$this->permissions)) {
  316.             if (in_array('BillingAllow'$this->permissions['customerInvoices'])) {
  317.                 return true;
  318.             }
  319.         }
  320.         return false;
  321.     }
  323.     /**
  324.      * Return True if have Charge Permission else return false
  325.      * @return bool
  326.      */
  327.     private function canTransactionCharge(): bool
  328.     {
  329.         if (array_key_exists('customerTransactions'$this->permissions)) {
  330.             if (in_array('Charge'$this->permissions['customerTransactions'])) {
  331.                 return true;
  332.             }
  333.         }
  334.         return false;
  335.     }
  337.     /**
  338.      * Return True if have Cancellation Permission else return false
  339.      * @return bool
  340.      */
  341.     private function canTransactionCancel(): bool
  342.     {
  343.         if (array_key_exists('customerTransactions'$this->permissions)) {
  344.             if (in_array('Cancellation'$this->permissions['customerTransactions'])) {
  345.                 return true;
  346.             }
  347.         }
  348.         return false;
  349.     }
  351.     /**
  352.      * Return True if have RemoveAuth Permission else return false
  353.      * @return bool
  354.      */
  355.     private function canRemoveAuth(): bool
  356.     {
  357.         if (array_key_exists('customerTransactions'$this->permissions)) {
  358.             if (in_array('RemoveAuth'$this->permissions['customerTransactions'])) {
  359.                 return true;
  360.             }
  361.         }
  362.         return false;
  363.     }
  365.     /**
  366.      * Return True if have Edit Permission else return false
  367.      * @return bool
  368.      */
  369.     private function canEditPlanChange(): bool
  370.     {
  371.         if (array_key_exists('customerPlanChanges'$this->permissions)) {
  372.             if (in_array('Edit'$this->permissions['customerPlanChanges'])) {
  373.                 return true;
  374.             }
  375.         }
  376.         return false;
  377.     }
  380. }