src/Bundles/TemplateBundle/Security/Voter/TemplateViewVoter.php line 18

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace App\Bundles\TemplateBundle\Security\Voter;
  7. use App\Bundles\OrganizationBundle\Entity\Organization;
  8. use App\Bundles\OrganizationBundle\Exception\UserOrganizationNotFoundException;
  9. use App\Bundles\OrganizationBundle\Service\Organization\OrganizationProvider;
  10. use App\Bundles\OrganizationBundle\Service\UserOrganization\UserOrganizationProvider;
  11. use App\Bundles\TemplateBundle\Entity\Template;
  12. use App\Bundles\UserBundle\Entity\User;
  13. use App\Bundles\UserBundle\Enum\SystemPermissionEnum;
  14. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  15. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  16. use Symfony\Component\Security\Core\Security;
  18. class TemplateViewVoter extends Voter
  19. {
  20.     public function __construct(
  21.         private readonly Security $security,
  22.         private readonly UserOrganizationProvider $userOrganizationProvider,
  23.         private readonly OrganizationProvider $organizationProvider,
  24.     ) {
  25.     }
  27.     protected function supports(string $attribute$subject): bool
  28.     {
  29.         return $attribute === SystemPermissionEnum::SINGLE_TEMPLATE_VIEW->value;
  30.     }
  32.     /**
  33.      * @param Template $subject
  34.      * @throws UserOrganizationNotFoundException
  35.      */
  36.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  37.     {
  38.         $user $this->security->getUser();
  40.         if (!$user instanceof User) {
  41.             return false;
  42.         }
  44.         if ($subject->getUser() === $user && $subject->isPersonal()) {
  45.             return true;
  46.         }
  48.         $organizationFromSession $this->resolveOrganization();
  50.         if (
  51.             $subject->isSharedForOrganization() &&
  52.             $this->checkAccessForOrganization($subject$organizationFromSession)
  53.         ) {
  54.             return true;
  55.         }
  57.         if (
  58.             $subject->isSharedForChildOrganization() &&
  59.             $this->checkAccessForChildOrganization($subject$organizationFromSession)
  60.         ) {
  61.             return true;
  62.         }
  64.         return false;
  65.     }
  67.     /**
  68.      * @throws UserOrganizationNotFoundException
  69.      */
  70.     private function resolveOrganization(): Organization
  71.     {
  72.         $userOrganization $this->userOrganizationProvider->provideFromSession();
  74.         return $userOrganization->getOrganization();
  75.     }
  77.     private function checkAccessForOrganization(Template $subjectOrganization $organizationFromSession): bool
  78.     {
  79.         $organization $subject->getOrganization();
  81.         return $organization->getId() === $organizationFromSession->getId();
  82.     }
  84.     private function checkAccessForChildOrganization(Template $subjectOrganization $organizationFromSession): bool
  85.     {
  86.         $parentOrganization $subject->getOrganization();
  88.         return $this->checkAccessForOrganization($subject$organizationFromSession) ||
  89.             in_array($organizationFromSession->getId(), $this->provideOrganizationsIds($parentOrganization));
  90.     }
  92.     private function provideOrganizationsIds(Organization $parentOrganization): array
  93.     {
  94.         $organizations $this->organizationProvider->provideByParentOrganization($parentOrganization);
  96.         return array_map(function (Organization $organization) {
  97.             return $organization->getId();
  98.         }, $organizations);
  99.     }
  100. }