src/Security/Voter/PlanPricingVoter.php line 16

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter;
  5. use App\Entity\DeviceGroup;
  6. use App\Entity\Plan;
  7. use App\Entity\User;
  8. use App\Entity\Workspace;
  9. use App\Repository\DeviceGroupRepository;
  10. use App\Repository\UserRepository;
  11. use App\Utils\Commons;
  12. use Symfony\Component\Security\Core\Security;
  13. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  14. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  16. class PlanPricingVoter extends Voter
  17. {
  18.     /**
  19.      * @var UserRepository
  20.      */
  21.     private $userRepository;
  23.     /**
  24.      * @var DeviceGroupRepository
  25.      */
  26.     private $deviceGroupRepository;
  28.     /**
  29.      * @var Commons
  30.      */
  31.     private $commons;
  33.     /**
  34.      * @var array
  35.      */
  36.     private $permissions;
  38.     private $security;
  40.     /**
  41.      * Constructor.
  42.      * @param UserRepository $userRepository
  43.      * @param Security $security
  44.      */
  45.     public function __construct(
  46.         Commons $commons,
  47.         UserRepository $userRepository,
  48.         DeviceGroupRepository $deviceGroupRepository,
  49.         Security $security
  50.     )
  51.     {
  52.         $this->permissions = [];
  53.         $this->commons $commons;
  54.         $this->security $security;
  55.         $this->userRepository $userRepository;
  56.         $this->deviceGroupRepository $deviceGroupRepository;
  57.     }
  59.     // these strings are just invented: you can use anything
  60.     const VIEW_PLAN_USER_GROUP 'VIEW_PLAN_USER_GROUP';
  61.     const VIEW_PLAN_SANDBOX_MODE 'VIEW_PLAN_SANDBOX_MODE';
  62.     const VIEW_PLAN_DATA_EXPORT 'VIEW_PLAN_DATA_EXPORT';
  63.     const VIEW_PLAN_2FA_AUTH 'VIEW_PLAN_2FA_AUTH';
  64.     const VIEW_PLAN_INDIVIDUAL_DEVICE_FIELDS 'VIEW_PLAN_INDIVIDUAL_DEVICE_FIELDS';
  65.     const VIEW_PLAN_SCHEDULED_ROLLOUTS 'VIEW_PLAN_SCHEDULED_ROLLOUTS';
  66.     const VIEW_PLAN_BLOCKCHAIN_DEVICE_LOG 'VIEW_PLAN_BLOCKCHAIN_DEVICE_LOG';
  67.     const VIEW_PLAN_NAMED_USERS 'VIEW_PLAN_NAMED_USERS';
  68.     const VIEW_PLAN_MAPBOX 'VIEW_PLAN_MAPBOX';
  70.     protected function supports($attribute$subject)
  71.     {
  72.         // if the attribute isn't one we support, return false
  73.         if (!in_array($attribute, [
  74.                 self::VIEW_PLAN_USER_GROUP,
  75.                 self::VIEW_PLAN_SANDBOX_MODE,
  76.                 self::VIEW_PLAN_DATA_EXPORT,
  77.                 self::VIEW_PLAN_2FA_AUTH,
  78.                 self::VIEW_PLAN_INDIVIDUAL_DEVICE_FIELDS,
  79.                 self::VIEW_PLAN_SCHEDULED_ROLLOUTS,
  80.                 self::VIEW_PLAN_BLOCKCHAIN_DEVICE_LOG,
  81.                 self::VIEW_PLAN_NAMED_USERS,
  82.                 self::VIEW_PLAN_MAPBOX,
  83.         ])) {
  84.             return false;
  85.         }
  87.         // only vote on `User` objects
  88. //        if (!$subject instanceof User) {
  89. //            return false;
  90. //        }
  92.         return true;
  93.     }
  95.     protected function voteOnAttribute($attribute$subjectTokenInterface $token)
  96.     {
  97.         if ($this->security->isGranted('ROLE_BACKEND_USER')) {
  98.             return true;
  99.         }
  101.         $user $token->getUser();
  102.         $this->permissions $this->commons->getUserPermissions($user);
  104.         if (!$user instanceof User) {
  105.             // the user must be logged in; if not, deny access
  106.             return false;
  107.         }
  109.         $plan $token->getUser()->getWorkSpace()->getPlan();
  111.         switch ($attribute) {
  112.             case self::VIEW_PLAN_USER_GROUP:
  113.                 return $this->canViewUserGroup($plan);
  114.             case self::VIEW_PLAN_SANDBOX_MODE:
  115.                 return $this->canViewSandBoxMode($plan);
  116.             case self::VIEW_PLAN_DATA_EXPORT:
  117.                 return $this->canViewDataExport($plan);
  118.             case self::VIEW_PLAN_2FA_AUTH:
  119.                 return $this->canView2FAAuth($plan);
  120.             case self::VIEW_PLAN_INDIVIDUAL_DEVICE_FIELDS:
  121.                 return $this->canViewIndividualDeviceField($plan);
  122.             case self::VIEW_PLAN_SCHEDULED_ROLLOUTS:
  123.                 return $this->canViewScheduledRollouts($plan);
  124.             case self::VIEW_PLAN_BLOCKCHAIN_DEVICE_LOG:
  125.                 return $this->canViewBlockchainDeviceLog($plan);
  126.             case self::VIEW_PLAN_NAMED_USERS:
  127.                 return $this->canViewNamedUsers($user->getWorkspace(), $user);
  128.             case self::VIEW_PLAN_MAPBOX:
  129.                 return $this->canViewMapbox($plan);
  130. ;
  131.         }
  133.         throw new \LogicException('This code should not be reached!');
  134.     }
  136.     private function canViewUserGroup(Plan $plan)
  137.     {
  138.         return $plan->getUserGroups();
  139.     }
  141.     private function canViewSandBoxMode(Plan $plan)
  142.     {
  143.         return $plan->getSandboxMode();
  144.     }
  146.     private function canViewDataExport(Plan $plan)
  147.     {
  148.         return $plan->getDataExport();
  149.     }
  151.     private function canView2FAAuth(Plan $plan)
  152.     {
  153.         return $plan->getAuth2fa();
  154.     }
  156.     private function canViewIndividualDeviceField(Plan $plan)
  157.     {
  158.         return $plan->getIndividualDeviceFields();
  159.     }
  161.     private function canViewScheduledRollouts(Plan $plan)
  162.     {
  163.         return $plan->getScheduledRollouts();
  164.     }
  166.     private function canViewBlockchainDeviceLog(Plan $plan)
  167.     {
  168.         return $plan->getBlockchainDeviceLog();
  169.     }
  171.     private function canViewNamedUsers(Workspace $workspaceUser $user)
  172.     {
  173.         $users $this->userRepository->findAllUsersByRole($user->getId(), $workspace->getId())->getQuery()->getArrayResult();
  174.         $flag false;
  176.         if(count($users) < $workspace->getPlan()->getNamedUsers()){
  177.             $flag true;
  178.         }
  180.         return $flag;
  181.     }
  183.     private function canViewMapbox(Plan $plan)
  184.     {
  185. //        if (!$plan->getMapBox()) {
  186. //            return false;
  187. //        }
  188. //
  189. //        if ($this->security->isGranted('ROLE_ADMIN')) {
  190. //            return true;
  191. //        }
  192. //
  193. //        if (array_key_exists('deviceGroup', $this->permissions)) {
  194. //            if (in_array('Edit', $this->permissions['deviceGroup'])) {
  195. //                return true;
  196. //            }
  197. //        }
  199.         return $plan->getMapBox();
  200.     }
  202.     /**
  203.      * @param User|null $user
  204.      * @param $subject
  205.      * @return bool
  206.      */
  207.     private function isOwner(User $user$subject): bool
  208.     {
  209.         if (!is_object($subject)) {
  210.             $subject $this->deviceGroupRepository->findOneBy(["id" => intval($subject)]);
  211.         }
  212.         if (!$subject instanceof DeviceGroup) {
  213.             return false;
  214.         }
  216.         return $user->getWorkspace()->getId() === $subject->getWorkspace()->getId();
  217.     }
  219.     /** Return True if have Edit Permission else return false
  220.      * @return bool
  221.      */
  222.     private function canEdit(): bool
  223.     {
  225.     }
  226. }