chill-bundles/src/Bundle/ChillDocStoreBundle/Security/Authorization/AccompanyingCourseDocumentVoter.php

118 lines
3.7 KiB
PHP

<?php
/**
* Chill is a software for social workers
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
declare(strict_types=1);
namespace Chill\DocStoreBundle\Security\Authorization;
use Chill\DocStoreBundle\Entity\AccompanyingCourseDocument;
use Chill\MainBundle\Entity\User;
use Chill\MainBundle\Security\Authorization\AbstractChillVoter;
use Chill\MainBundle\Security\Authorization\VoterHelperFactoryInterface;
use Chill\MainBundle\Security\Authorization\VoterHelperInterface;
use Chill\MainBundle\Security\ProvideRoleHierarchyInterface;
use Chill\PersonBundle\Entity\AccompanyingPeriod;
use Chill\PersonBundle\Security\Authorization\AccompanyingPeriodVoter;
use Psr\Log\LoggerInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Security;
use function in_array;
class AccompanyingCourseDocumentVoter extends AbstractChillVoter implements ProvideRoleHierarchyInterface
{
public const CREATE = 'CHILL_ACCOMPANYING_COURSE_DOCUMENT_CREATE';
public const DELETE = 'CHILL_ACCOMPANYING_COURSE_DOCUMENT_DELETE';
public const SEE = 'CHILL_ACCOMPANYING_COURSE_DOCUMENT_SEE';
public const SEE_DETAILS = 'CHILL_ACCOMPANYING_COURSE_DOCUMENT_SEE_DETAILS';
public const UPDATE = 'CHILL_ACCOMPANYING_COURSE_DOCUMENT_UPDATE';
protected LoggerInterface $logger;
protected Security $security;
protected VoterHelperInterface $voterHelper;
public function __construct(
LoggerInterface $logger,
Security $security,
VoterHelperFactoryInterface $voterHelperFactory
) {
$this->logger = $logger;
$this->security = $security;
$this->voterHelper = $voterHelperFactory
->generate(self::class)
->addCheckFor(AccompanyingCourseDocument::class, $this->getRoles())
->addCheckFor(AccompanyingPeriod::class, [self::SEE, self::CREATE])
->build();
}
public function getRoles(): array
{
return [
self::CREATE,
self::SEE,
self::SEE_DETAILS,
self::UPDATE,
self::DELETE,
];
}
public function getRolesWithHierarchy(): array
{
return ['accompanyingCourseDocument' => $this->getRoles()];
}
public function getRolesWithoutScope(): array
{
return [];
}
protected function supports($attribute, $subject)
{
return $this->voterHelper->supports($attribute, $subject);
}
protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
{
if (!$token->getUser() instanceof User) {
return false;
}
if ($subject instanceof AccompanyingPeriod) {
if (AccompanyingPeriod::STEP_CLOSED === $subject->getStep()) {
if (self::CREATE === $attribute) {
return false;
}
}
} elseif ($subject instanceof AccompanyingCourseDocument) {
if (!$this->security->isGranted(AccompanyingPeriodVoter::SEE, $subject->getCourse())) {
return false;
}
if (
AccompanyingPeriod::STEP_CLOSED === $subject->getCourse()->getStep()
&& in_array($attribute, [self::CREATE, self::DELETE, self::UPDATE], true)
) {
return false;
}
if (self::CREATE === $attribute && null !== $subject->getCourse()) {
return $this->voterHelper->voteOnAttribute($attribute, $subject->getCourse(), $token);
}
}
return $this->voterHelper->voteOnAttribute($attribute, $subject, $token);
}
}