src/Security/Voter/User/MemberVoter.php line 11

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter\User;
  5. use App\Entity\Member;
  6. use App\Security\ApiUser;
  7. use App\Service\User\MemberOperatorService;
  8. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  9. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  11. class MemberVoter extends Voter
  12. {
  13.     public const EDIT 'edit';
  14.     public const READ_COINS 'read_coins';
  15.     public const PERMISSION_READ_SENSITIVE 'read_sensitive';
  16.     public const PERMISSION_WRITE_SENSITIVE 'write_sensitive';
  18.     /**
  19.      * ProfileVisits.
  20.      */
  21.     public const PERMISSION_VISITS_READ 'visits_read';
  22.     public const PERMISSION_VISITS_CREATE 'visits_create';
  24.     public const PERMISSION_GUESTBOOK_MANAGE 'guestbook_manage';
  25.     public const PERMISSION_READ_MESSAGES 'messages_read';
  27.     public const PERMISSION_MESSENGER_CONVERSATION_START 'messenger_conversation_start';
  29.     /**
  30.      * ChatTemplate general access. There is an extra voter for accessing a chattemplate entity.
  31.      */
  32.     public const PERMISSION_MESSENGER_TEMPLATES_READ 'messenger_templates_read';
  33.     public const PERMISSION_MESSENGER_TEMPLATES_CREATE 'messenger_templates_create';
  35.     public const PERMISSION_MESSENGER_NOTICE_READ 'messenger_notice_read';
  36.     public const PERMISSION_MESSENGER_NOTICE_WRITE 'messenger_notice_write';
  38.     protected function supports(string $attribute$subject): bool
  39.     {
  40.         if (!$subject instanceof Member) {
  41.             return false;
  42.         }
  44.         return in_array($attribute, [
  45.             self::EDIT,
  46.             self::READ_COINS,
  47.             self::PERMISSION_READ_SENSITIVE,
  48.             self::PERMISSION_WRITE_SENSITIVE,
  49.             self::PERMISSION_VISITS_READ,
  50.             self::PERMISSION_VISITS_CREATE,
  51.             self::PERMISSION_GUESTBOOK_MANAGE,
  52.             self::PERMISSION_READ_MESSAGES,
  54.             self::PERMISSION_MESSENGER_CONVERSATION_START,
  56.             self::PERMISSION_MESSENGER_TEMPLATES_READ,
  57.             self::PERMISSION_MESSENGER_TEMPLATES_CREATE,
  59.             self::PERMISSION_MESSENGER_NOTICE_READ,
  60.             self::PERMISSION_MESSENGER_NOTICE_WRITE,
  61.         ], true);
  62.     }
  64.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  65.     {
  66.         $user $token->getUser();
  68.         if (!$user instanceof ApiUser) {
  69.             return false;
  70.         }
  72.         /*
  73.          * @var $subject Member
  74.          */
  75.         switch ($attribute) {
  76.             case self::PERMISSION_MESSENGER_CONVERSATION_START:
  77.                 return $this->canStartConversation($subject$user);
  78.             case self::PERMISSION_VISITS_CREATE:
  79.                 return $this->mayCreateProfileVisit($subject$user);
  80.             case self::PERMISSION_MESSENGER_TEMPLATES_READ:
  81.             case self::PERMISSION_MESSENGER_NOTICE_READ:
  82.             case self::PERMISSION_MESSENGER_NOTICE_WRITE:
  83.                 return $this->isSameOrOperatedBy($subject$user);
  84.             case self::READ_COINS:
  85.                 return $this->mayReadCoins($subject$user);
  86.             default:
  87.                 // admin should be able to do anything
  88.                 if ($user->getIsAdmin()) {
  89.                     return true;
  90.                 }
  92.                 return $user->getMember()->getId() === $subject->getId();
  93.         }
  94.     }
  96.     protected function mayReadCoins(Member $memberApiUser $user): bool
  97.     {
  98.         if ($user->getMember()->getId() === $member->getId()) {
  99.             return true;
  100.         }
  101.         if ($user->getIsAdmin()) {
  102.             return true;
  103.         }
  104.         if ($user->getIsOperator() && !$member->getIsAmateur() && $member->getIsActive()) {
  105.             return true;
  106.         }
  108.         return false;
  109.     }
  111.     protected function isSameOrOperatedBy(Member $amateurApiUser $user): bool
  112.     {
  113.         if ($user->getMember()->getId() === $amateur->getId()) {
  114.             return true;
  115.         }
  117.         if ($user->getIsOperator()) {
  118.             return MemberOperatorService::isMemberOperatedByUser($amateur$user);
  119.         }
  121.         return false;
  122.     }
  124.     protected function canStartConversation(Member $partnerApiUser $user): bool
  125.     {
  126.         return $user->getMember()->getId() !== $partner->getId();
  127.     }
  129.     protected function mayCreateProfileVisit(Member $subjectApiUser $user): bool
  130.     {
  131.         if ($user->getIsAdmin()) {
  132.             return true;
  133.         }
  134.         if ($user->getIsOperator()) {
  135.             if ($subject->getId() === $user->getMember()->getId()) {
  136.                 return true;
  137.             }
  139.             return MemberOperatorService::isMemberOperatedByUser($subject$user);
  140.         }
  142.         return $user->getMember()->getId() === $subject->getId();
  143.     }
  144. }