* * This program is free software: you can redistribute it and/or modify * it under the terms of the GNU Affero General Public License as published by * the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU Affero General Public License for more details. * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see . */ namespace Chill\ActivityBundle\Security\Authorization; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Chill\MainBundle\Security\Authorization\AbstractChillVoter; use Chill\MainBundle\Security\Authorization\AuthorizationHelper; use Chill\MainBundle\Security\ProvideRoleHierarchyInterface; use Chill\MainBundle\Entity\User; use Chill\ActivityBundle\Entity\Activity; use Chill\PersonBundle\Entity\Person; use Symfony\Component\Security\Core\Role\Role; /** * * * @author Julien Fastré */ class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyInterface { const CREATE = 'CHILL_ACTIVITY_CREATE'; const SEE = 'CHILL_ACTIVITY_SEE'; const SEE_DETAILS = 'CHILL_ACTIVITY_SEE_DETAILS'; const UPDATE = 'CHILL_ACTIVITY_UPDATE'; const DELETE = 'CHILL_ACTIVITY_DELETE'; /** * * @var AuthorizationHelper */ protected $helper; public function __construct(AuthorizationHelper $helper) { $this->helper = $helper; } protected function supports($attribute, $subject) { if ($subject instanceof Activity) { return \in_array($attribute, $this->getAttributes()); } elseif ($subject instanceof Person) { return $attribute === self::SEE || $attribute === self::CREATE; } else { return false; } } protected function voteOnAttribute($attribute, $subject, TokenInterface $token) { if (!$token->getUser() instanceof User) { return false; } if ($subject instanceof Person) { $centers = $this->helper->getReachableCenters($token->getUser(), new Role($attribute)); return \in_array($subject->getCenter(), $centers); } /* @var $subject Activity */ return $this->helper->userHasAccess($token->getUser(), $subject, $attribute); } private function getAttributes() { return [ self::CREATE, self::SEE, self::UPDATE, self::DELETE, self::SEE_DETAILS ]; } public function getRoles() { return $this->getAttributes(); } public function getRolesWithoutScope() { return array(); } public function getRolesWithHierarchy() { return [ 'Activity' => $this->getRoles() ]; } }