src/Bundles/ReportBundle/Security/ReportTemplateViewVoter.php line 19

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace App\Bundles\ReportBundle\Security;
  7. use App\Bundles\LocationBundle\Enum\LocationTypeEnum;
  8. use App\Bundles\OrganizationBundle\Enum\UserOrganizationResponsibleLevelEnum;
  9. use App\Bundles\OrganizationBundle\Exception\UserOrganizationNotFoundException;
  10. use App\Bundles\OrganizationBundle\Service\UserOrganization\UserOrganizationProvider;
  11. use App\Bundles\OrganizationBundle\Service\UserOrganization\UserOrganizationResponsibleLevelResolver;
  12. use App\Bundles\ReportBundle\Entity\ReportTemplate;
  13. use App\Bundles\UserBundle\Entity\User;
  14. use App\Bundles\UserBundle\Enum\SystemPermissionEnum;
  15. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  16. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  17. use Symfony\Component\Security\Core\Security;
  19. class ReportTemplateViewVoter extends Voter
  20. {
  21.     public function __construct(
  22.         private readonly Security $security,
  23.         private readonly UserOrganizationProvider $organizationProvider,
  24.         private readonly UserOrganizationProvider $userOrganizationProvider,
  25.         private readonly UserOrganizationResponsibleLevelResolver $levelResolver,
  26.     ) {
  27.     }
  29.     protected function supports(string $attribute$subject): bool
  30.     {
  31.         return $attribute === SystemPermissionEnum::SINGLE_REPORT_TEMPLATE_VIEW->value;
  32.     }
  34.     /** @param ReportTemplate $subject
  35.      * @throws UserOrganizationNotFoundException
  36.      */
  37.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  38.     {
  39.         $user $this->security->getUser();
  41.         if (!$user instanceof User) {
  42.             return false;
  43.         }
  45.         if ($subject->getUser() === $user) {
  46.             return true;
  47.         }
  49.         $organization $this->userOrganizationProvider->provideFromSession()->getOrganization();
  51.         if ($organization === $subject->getOrganization() and $subject->isShared()) {
  52.             return true;
  53.         }
  55.         if (!$subject->isSent()) {
  56.             return false;
  57.         }
  59.         $userLevel $this->levelResolver->resolve(
  60.             $this->organizationProvider->provideFromSession()
  61.         );
  63.         $location $subject->getLocation();
  65.         if (in_array($location->getType(), LocationTypeEnum::getRegionalTypes())) {
  66.             if ($userLevel === UserOrganizationResponsibleLevelEnum::NATIONAL_LEVEL->value) {
  67.                 return true;
  68.             }
  69.         }
  71.         if (in_array($location->getType(), LocationTypeEnum::getDistrictTypes())) {
  72.             if ($userLevel === UserOrganizationResponsibleLevelEnum::REGIONAL_LEVEL->value) {
  73.                 return true;
  74.             }
  75.         }
  77.         return false;
  78.     }
  79. }