src/Bundles/TemplateBundle/Security/Voter/TemplateViewVoter.php line 17

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace App\Bundles\TemplateBundle\Security\Voter;
  7. use App\Bundles\OrganizationBundle\Entity\Organization;
  8. use App\Bundles\OrganizationBundle\Exception\UserOrganizationNotFoundException;
  9. use App\Bundles\OrganizationBundle\Service\UserOrganization\UserOrganizationProvider;
  10. use App\Bundles\TemplateBundle\Entity\Template;
  11. use App\Bundles\UserBundle\Entity\User;
  12. use App\Bundles\UserBundle\Enum\SystemPermissionEnum;
  13. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  14. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  15. use Symfony\Component\Security\Core\Security;
  17. class TemplateViewVoter extends Voter
  18. {
  19.     public function __construct(
  20.         private readonly Security $security,
  21.         private readonly UserOrganizationProvider $userOrganizationProvider,
  22.     ) {
  23.     }
  25.     protected function supports(string $attribute$subject): bool
  26.     {
  27.         return $attribute === SystemPermissionEnum::SINGLE_TEMPLATE_VIEW->value;
  28.     }
  30.     /**
  31.      * @param Template $subject
  32.      * @throws UserOrganizationNotFoundException
  33.      */
  34.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  35.     {
  36.         $user $this->security->getUser();
  38.         if (!$user instanceof User) {
  39.             return false;
  40.         }
  42.         if ($subject->getUser() === $user && $subject->isPersonal()) {
  43.             return true;
  44.         }
  46.         $organizationFromSession $this->resolveOrganization();
  48.         if (
  49.             $subject->isSharedForOrganization() &&
  50.             $this->checkAccessForOrganization($subject$organizationFromSession)
  51.         ) {
  52.             return true;
  53.         }
  55.         if (
  56.             $subject->isSharedForChildOrganization() &&
  57.             $this->checkAccessForChildOrganization($subject$organizationFromSession)
  58.         ) {
  59.             return true;
  60.         }
  62.         return false;
  63.     }
  65.     /**
  66.      * @throws UserOrganizationNotFoundException
  67.      */
  68.     private function resolveOrganization(): Organization
  69.     {
  70.         $userOrganization $this->userOrganizationProvider->provideFromSession();
  72.         return $userOrganization->getOrganization();
  73.     }
  75.     private function checkAccessForOrganization(Template $subjectOrganization $organizationFromSession): bool
  76.     {
  77.         $organization $subject->getOrganization();
  79.         return $organization->getId() === $organizationFromSession->getId();
  80.     }
  82.     private function checkAccessForChildOrganization(Template $subjectOrganization $organizationFromSession): bool
  83.     {
  84.         $parentOrganization $subject->getOrganization();
  86.         return $this->checkAccessForOrganization($subject$organizationFromSession) ||
  87.             in_array($organizationFromSession->getId(), $this->provideOrganizationsIds($parentOrganization));
  88.     }
  90.     private function provideOrganizationsIds(Organization $parentOrganization): array
  91.     {
  92.         return array_map(function (Organization $organization) {
  93.             return $organization->getId();
  94.         }, $parentOrganization->getChildOrganizations()->toArray());
  95.     }
  96. }