src/Security/Voter/RealEstateVoter.php line 13

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter;
  5. use App\Entity\Authorization;
  6. use App\Entity\RealEstate;
  7. use App\Entity\User;
  8. use App\Repository\ContractRepository;
  9. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  10. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  11. use Symfony\Component\Security\Core\Security;
  13. class RealEstateVoter extends Voter
  14. {
  15.     public const CREATE 'CAN_CREATE';
  16.     public const READ 'CAN_READ';
  17.     public const EDIT 'CAN_EDIT';
  18.     public const DELETE 'CAN_DELETE';
  20.     private Security $security;
  21.     private ContractRepository $contractRepository;
  23.     public function __construct(Security $securityContractRepository $contractRepository)
  24.     {
  25.         $this->security $security;
  26.         $this->contractRepository $contractRepository;
  27.     }
  29.     protected function supports($attribute$subject): bool
  30.     {
  31.         $supportsAttribute in_array($attribute, [self::CREATEself::DELETEself::EDITself::READ]);
  32.         $supportsSubject $subject instanceof RealEstate;
  34.         return $supportsAttribute && $supportsSubject;
  35.     }
  37.     /**
  38.      * @param mixed $subject
  39.      */
  40.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  41.     {
  42.         $user $this->security->getUser();
  43.         if (!$user) {
  44.             return false;
  45.         }
  47.         switch ($attribute) {
  48.             case self::CREATE:
  49.                 return $this->canCreate($subject$user);
  50.             case self::READ:
  51.                 return $this->canRead($subject$user);
  52.             case self::EDIT:
  53.                 return $this->canEdit($subject$user);
  54.             case self::DELETE:
  55.                 return $this->canDelete($subject$user);
  56.         }
  58.         return false;
  59.     }
  61.     private function canCreate(RealEstate $realEstateUser $user): bool
  62.     {
  63.         if ($this->security->isGranted(Authorization::ROLE_ADMIN)
  64.             || $this->security->isGranted(Authorization::ROLE_OWNER_ADMIN)
  65.         ) {
  66.             return true;
  67.         }
  69.         return false;
  70.     }
  72.     private function canRead(RealEstate $realEstateUser $user): bool
  73.     {
  74.         if ($this->security->isGranted(Authorization::ROLE_ADMIN)) {
  75.             return true;
  76.         }
  78.         // shortcut for all owner
  79.         if ($this->security->isGranted(Authorization::ROLE_OWNER_REQUESTER)
  80.             && $user->getCompany()->getId() === $realEstate->getCompany()->getId()) {
  81.             // as admin of the owner with same company... all is good :-)
  82.             if ($this->security->isGranted(Authorization::ROLE_OWNER_ADMIN)) {
  83.                 return true;
  84.             }
  86.             // others owners role
  87.             foreach ($user->getGroups() as $userGroup) {
  88.                 foreach ($realEstate->getGroups() as $realEstateGroup) {
  89.                     if ($userGroup->getGroup()->getId() === $realEstateGroup->getGroup()->getId()) {
  90.                         return true;
  91.                     }
  92.                 }
  93.             }
  95.             return false;
  96.         }
  98.         // in all other case, we must check if the realEstate is in the list of InterventionRequest
  99.         // TODO: query for checking if realestate is granted
  100.         if ($this->security->isGranted(Authorization::ROLE_SERVICE_PROVIDER)) {
  101.             return $this->contractRepository->isValidForCompanyAndRealEstate($user->getCompany()->getId(), $realEstate->getId());
  102.         }
  104.         return false;
  105.     }
  107.     /**
  108.      * Only owner can edit,
  109.      *  as owner admin, we need the same company
  110.      *  as simple owner, the real estate must be in the list of our realestate.
  111.      */
  112.     private function canEdit(RealEstate $realEstateUser $user): bool
  113.     {
  114.         if ($this->security->isGranted(Authorization::ROLE_ADMIN)) {
  115.             return true;
  116.         }
  118.         // as a owner,we must at least have the same company of the realEstate
  119.         if ($user->getCompany()->getId() !== $realEstate->getCompany()->getId()) {
  120.             return false;
  121.         }
  123.         // as admin of the owner with same company... all is good :-)
  124.         if ($this->security->isGranted(Authorization::ROLE_OWNER_ADMIN)) {
  125.             return true;
  126.         }
  128.         // allow only owners
  129.         if (!$this->security->isGranted(Authorization::ROLE_OWNER)) {
  130.             return false;
  131.         }
  133.         // others owners role
  134.         foreach ($user->getGroups() as $userGroup) {
  135.             foreach ($realEstate->getGroups() as $realEstateGroup) {
  136.                 if ($userGroup->getGroup()->getId() === $realEstateGroup->getGroup()->getId()) {
  137.                     return true;
  138.                 }
  139.             }
  140.         }
  142.         return false;
  143.     }
  145.     private function canDelete(RealEstate $realEstateUser $user): bool
  146.     {
  147.         if ($this->security->isGranted(Authorization::ROLE_ADMIN)) {
  148.             return true;
  149.         }
  151.         return false;
  152.     }
  153. }