src/Security/Voter/DeviceGroupVoter.php line 15

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter;
  5. use App\Entity\DeviceGroup;
  6. use App\Entity\User;
  7. use App\Repository\DeviceGroupRepository;
  8. use App\Utils\Commons;
  9. use LogicException;
  10. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  11. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  12. use Symfony\Component\Security\Core\Security;
  13. use Symfony\Component\Security\Core\User\UserInterface;
  15. class DeviceGroupVoter extends Voter
  16. {
  17.     const DEVICE_GROUP_VIEW 'DEVICE_GROUP_VIEW';
  18.     const DEVICE_GROUP_CREATE 'DEVICE_GROUP_CREATE';
  19.     const DEVICE_GROUP_EDIT 'DEVICE_GROUP_EDIT';
  20.     const DEVICE_GROUP_DELETE 'DEVICE_GROUP_DELETE';
  21.     const DEVICE_GROUP_MULTI_DELETE 'DEVICE_GROUP_MULTI_DELETE';
  22.     const DEVICE_GROUP_SHOW 'DEVICE_GROUP_SHOW';
  24.     /**
  25.      * @var Security
  26.      */
  27.     private $security;
  28.     /**
  29.      * @var Commons
  30.      */
  31.     private $commons;
  32.     /**
  33.      * @var array
  34.      */
  35.     private $permissions;
  37.     /**
  38.      * @var DeviceGroupRepository
  39.      */
  40.     private $deviceGroupRepository;
  42.     /**
  43.      * DeviceGroupVoter constructor.
  44.      * @param Security $security
  45.      * @param Commons $commons
  46.      * @param DeviceGroupRepository $deviceGroupRepository
  47.      */
  48.     public function __construct(Security $securityCommons $commonsDeviceGroupRepository $deviceGroupRepository)
  49.     {
  50.         $this->security $security;
  51.         $this->commons $commons;
  52.         $this->deviceGroupRepository $deviceGroupRepository;
  53.         $this->permissions = [];
  54.     }
  56.     /**
  57.      * @param string $attribute
  58.      * @param mixed $subject
  59.      * @return bool
  60.      */
  61.     protected function supports($attribute$subject): bool
  62.     {
  63.         // if the attribute isn't one we support, return false
  64.         if (!in_array($attribute,
  65.             [self::DEVICE_GROUP_VIEWself::DEVICE_GROUP_MULTI_DELETEself::DEVICE_GROUP_SHOWself::DEVICE_GROUP_EDITself::DEVICE_GROUP_CREATEself::DEVICE_GROUP_DELETE]
  66.         )) {
  67.             return false;
  68.         }
  69.         return true;
  70.     }
  73.     /**
  74.      * @param string $attribute
  75.      * @param mixed $subject
  76.      * @param TokenInterface $token
  77.      * @return bool
  78.      */
  79.     protected function voteOnAttribute($attribute$subjectTokenInterface $token): bool
  80.     {
  81.         /** @var User $user */
  82.         $user $token->getUser();
  83.         // if the user is anonymous, do not grant access
  84.         if (!$user instanceof UserInterface) {
  85.             return false;
  86.         }
  87.         $this->permissions $this->commons->getUserPermissions($user);
  89.         switch ($attribute) {
  90.             case self::DEVICE_GROUP_VIEW:
  91.                 return $this->canView();
  92.             case self::DEVICE_GROUP_CREATE:
  93.                 return $this->canCreate();
  94.             case self::DEVICE_GROUP_EDIT:
  95.                 return ($this->canEdit() && $this->isOwner($user$subject));
  96.             case self::DEVICE_GROUP_SHOW:
  97.                 return ($this->canShow() && $this->isOwner($user$subject));
  98.             case self::DEVICE_GROUP_DELETE:
  99.                 return ($this->canDelete() && $this->isOwner($user$subject));
  100.             case self::DEVICE_GROUP_MULTI_DELETE:
  101.                 return $this->canMultiDelete();
  102.         }
  104.         throw new LogicException('Invalid attribute: ' $attribute);
  105.     }
  107.     /**
  108.      * @param User|null $user
  109.      * @param $subject
  110.      * @return bool
  111.      */
  112.     private function isOwner(User $user$subject): bool
  113.     {
  115.         if (!is_object($subject)) {
  116.             $subject $this->deviceGroupRepository->findOneBy(["id" => intval($subject)]);
  117.         }
  119.         if (!$subject instanceof DeviceGroup) {
  120.             return false;
  121.         }
  123.         return $user->getWorkspace()->getId() === $subject->getWorkspace()->getId();
  124.     }
  126.     /** Return True if have View Permission else return false
  127.      * @return bool
  128.      */
  129.     private function canView(): bool
  130.     {
  131.         if ($this->security->isGranted('ROLE_ADMIN')) {
  132.             return true;
  133.         }
  135.         if (array_key_exists('deviceGroup'$this->permissions)) {
  136.             if (in_array('View'$this->permissions['deviceGroup'])) {
  137.                 return true;
  138.             }
  139.         }
  141.         return false;
  143.     }
  145.     /** Return True if have Edit Permission else return false
  146.      * @return bool
  147.      */
  148.     private function canEdit(): bool
  149.     {
  150.         if ($this->security->isGranted('ROLE_ADMIN')) {
  151.             return true;
  152.         }
  154.         if (array_key_exists('deviceGroup'$this->permissions)) {
  155.             if (in_array('Edit'$this->permissions['deviceGroup'])) {
  156.                 return true;
  157.             }
  158.         }
  160.         return false;
  161.     }
  163.     /** Return True if have Edit Permission else return false
  164.      * @return bool
  165.      */
  166.     private function canShow(): bool
  167.     {
  168.         if ($this->security->isGranted('ROLE_ADMIN')) {
  169.             return true;
  170.         }
  172.         if (array_key_exists('deviceGroup'$this->permissions)) {
  173.             if (in_array('Show'$this->permissions['deviceGroup'])) {
  174.                 return true;
  175.             }
  176.         }
  178.         return false;
  179.     }
  181.     /** Return True if have Create Permission else return false
  182.      * @return bool
  183.      */
  184.     private function canCreate(): bool
  185.     {
  186.         if ($this->security->isGranted('ROLE_ADMIN')) {
  187.             return true;
  188.         }
  189.         if (array_key_exists('deviceGroup'$this->permissions)) {
  190.             if (in_array('Create'$this->permissions['deviceGroup'])) {
  191.                 return true;
  192.             }
  193.         }
  195.         return false;
  196.     }
  198.     /** Return True if have Delete Permission else return false
  199.      * @return bool
  200.      */
  201.     private function canDelete(): bool
  202.     {
  203.         if ($this->security->isGranted('ROLE_ADMIN')) {
  204.             return true;
  205.         }
  206.         if (array_key_exists('deviceGroup'$this->permissions)) {
  207.             if (in_array('Delete'$this->permissions['deviceGroup'])) {
  208.                 return true;
  209.             }
  210.         }
  212.         return false;
  213.     }
  215.     /**
  216.      * @return bool
  217.      */
  218.     private function canMultiDelete(): bool
  219.     {
  220.         if ($this->security->isGranted('ROLE_ADMIN')) {
  221.             return true;
  222.         }
  223.         if (array_key_exists('deviceGroup'$this->permissions)) {
  224.             if (in_array('Delete'$this->permissions['deviceGroup'])) {
  225.                 return true;
  226.             }
  227.         }
  229.         return false;
  230.     }
  231. }