src/Security/Placement/PaymentPlan/PaymentPlanVoter.php line 25

Open in your IDE?
  1. <?php
  3. namespace App\Security\Placement\PaymentPlan;
  5. use ApiPlatform\Core\Api\IriConverterInterface;
  6. use App\Entity\Formula;
  7. use App\Entity\Placement\Pdf\PaymentPlan\Config\Config;
  8. use App\Entity\Placement\Pdf\PaymentPlan\Config\Group\Group;
  9. use App\Entity\Placement\Pdf\PaymentPlan\Config\Group\Payment\AdvancedSumPayment;
  10. use App\Entity\Placement\Pdf\PaymentPlan\Config\Group\Payment\Formula\AdvancedFormula;
  11. use App\Entity\Placement\Pdf\PaymentPlan\Config\Group\Payment\OneLinePayment;
  12. use App\Entity\Placement\Pdf\PaymentPlan\PaymentPlan;
  13. use App\Entity\Placement\Pdf\PaymentPlan\UnitInfo\SystemValueInfo;
  14. use App\Entity\Placement\Pdf\PaymentPlan\UnitInfo\UnitInfo;
  15. use App\Entity\PlacementProperty;
  16. use App\Security\EntityVoters\EntityVoter;
  17. use Symfony\Component\HttpFoundation\RequestStack;
  18. use Symfony\Component\Routing\RouterInterface;
  19. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  20. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  21. use Doctrine\Common\Collections\Collection;
  22. use Symfony\Component\Security\Core\Exception\AccessDeniedException;
  23. use Symfony\Component\Security\Core\User\UserInterface;
  25. class PaymentPlanVoter extends EntityVoter
  26. {
  27.     private IriConverterInterface $iriConverter;
  28.     private UserInterface $user;
  29.     public function __construct(IriConverterInterface $iriConverterRouterInterface $routerRequestStack $requestStack)
  30.     {
  31.         $this->iriConverter $iriConverter;
  32.         parent::__construct($router,$requestStack);
  33.     }
  35.     /**
  36.      * @param string $attribute
  37.      * @param $subject PaymentPlan
  38.      * @param TokenInterface $token
  39.      * @return bool
  40.      */
  41.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  42.     {
  43.         $this->user $token->getUser();
  44.         if (!$this->user)
  45.             return false;
  47.         if ($this->user && $this->user->getRole()->getName() === 'ROLE_SUPER_ADMIN')
  48.             return true;
  51.         switch ($attribute)
  52.         {
  53.             case 'GET_COLLECTION':
  54.                 print_r("GET_ALL\n");
  55.                 return true;
  56.                 break;
  57.             case 'GET' :
  58.                 print_r("GET_ONE DELETE\n");
  59.                 if (!$subject->getComplex()->isUserHasAccess($this->user))
  60.                     return false;
  61.                 break;
  62.             case 'PATCH':
  63.                 print_r("PATCH PUT\n");
  64.                 if (!$subject->getComplex()->isUserHasAccess($this->user))
  65.                     return false;
  66.                 break;
  67.             case 'PUT':
  68.                 break;
  69.             case 'DELETE':
  70.                 break;
  71.             case 'POST':
  72.                 print_r("POST\n");
  73.                 break;
  74.             case 'POST_DENORMALIZE':
  75.                 return $this->checkPost($subject);
  76.                 break;
  77.         }
  78.         return false;
  79.     }
  81.     private function checkPost(PaymentPlan $paymentPlan): bool {
  82.         if ($paymentPlan->getComplex() && !$paymentPlan->getComplex()->isUserHasAccess($this->user))
  83.             throw new AccessDeniedException("U have no access to set given complex with id: {$paymentPlan->getComplex()->getId()}"null);
  86.         $this->checkLinkedPlacements($paymentPlan);
  87.         $this->checkLinkedUnitInfos($paymentPlan->getUnitInfos());
  88.         $this->checkLinkedConfig($paymentPlan->getConfig());
  91.         return true;
  92.     }
  94.     /**
  95.      * @param PaymentPlan $paymentPlan
  96.      * @return void
  97.      */
  98.     private function checkLinkedPlacements(PaymentPlan $paymentPlan): void {
  99.         if (($placements $paymentPlan->getPlacements()) && $placements->count() > 0) {
  100.             foreach ($placements as $placement) {
  101.                 if (!$placement->getComplex()->isUserHasAccess($this->user)) {
  102.                     throw new AccessDeniedException("U have no access to add given placement with id: {$placement->getId()}");
  103.                 } else if ($paymentPlan->getComplex()->getId() !== $placement->getComplex()->getId())
  104.                     throw new AccessDeniedException("U have no access to add given placement with id: {$placement->getId()} because it belongs to another complex.");
  106.             }
  107.         }
  108.     }
  110.     /**
  111.      * @param Collection<int, UnitInfo>|null $unitInfos
  112.      * @return void
  113.      */
  114.     private function checkLinkedUnitInfos(?Collection $unitInfos): void {
  115.         if ($unitInfos && $unitInfos->count() > 0) {
  116.             foreach ($unitInfos as $unitInfo) {
  117.                 if ($unitInfo instanceof SystemValueInfo && $unitInfo->getPlacementProperty()) {
  118.                     if (!$unitInfo->getPlacementProperty()->getComplex()->isUserHasAccess($this->user))
  119.                         throw new AccessDeniedException("U have no access to add to unitInfos given placement property with id: {$unitInfo->getPlacementProperty()->getId()} ");
  120.                 }
  121.             }
  122.         }
  123.     }
  125.     /**
  126.      * @param Config|null $config
  127.      * @return void
  128.      */
  129.     private function checkLinkedConfig(?Config $config): void {
  130.         if ($config && ($groups $config->getGroups()) && $groups->count() > 0) {
  131.             $this->checkLinkedGroups($config->getGroups());
  132.         }
  133.     }
  135.     /**
  136.      * @param Collection<int, Group>|null $groups
  137.      * @return void
  138.      */
  139.     private function checkLinkedGroups(?Collection $groups) {
  140.         if ($groups && $groups->count() > 0)
  141.         foreach ($groups as $group) {
  142.             $this->checkLinkedPayments($group->getPayments());
  144.         }
  145.     }
  147.     private function checkLinkedPayments(?Collection $payments) {
  148.         if ($payments && $payments->count() > 0) {
  149.             foreach ($payments as $payment) {
  150.                 if ($payment instanceof OneLinePayment) {
  151.                     $this->checkLinkedFormula($payment->getFormula());
  152.                 } else if ($payment instanceof AdvancedSumPayment) {
  153.                     $this->checkAdvancedFormulas($payment->getAdvancedFormulas());
  154.                 }
  155.             }
  156.         }
  157.     }
  159.     private function checkLinkedFormula(?Formula $formula) {
  160.         if ($formula && ($formulaMembers $formula->getFormulaMembers())) {
  161.             foreach ($formulaMembers as $formulaMember) {
  162.                 if (strpos($formulaMember'/api/') !== false) {
  163.                     $resource $this->iriConverter->getItemFromIri($formulaMember);
  164.                     if ($resource instanceof PlacementProperty) {
  165.                         if (!$resource->getComplex()->isUserHasAccess($this->user)) {
  166.                             throw new AccessDeniedException("U have no access to add to oneLinePayment given placement property with id: {$resource->getId()} ");
  167.                         }
  168.                     }
  169.                 }
  170.             }
  171.         }
  172.     }
  174.     /**
  175.      * @param Collection<int, AdvancedFormula>|null $advancedFormulas
  176.      * @return void
  177.      */
  179.     private function checkAdvancedFormulas(?Collection $advancedFormulas) {
  180.         if ($advancedFormulas && $advancedFormulas->count() > 0) {
  181.             foreach ($advancedFormulas as $advancedFormula) {
  182.                 $this->checkLinkedFormula($advancedFormula->getFormula());
  183.             }
  184.         }
  185.     }
  187.     private function isAllowedPost($userPaymentPlan $subject): bool {
  188.         if (!$user)
  189.             return false;
  190.         if ($subject->getComplex()->isUserHasAccess($user))
  191.             return true;
  192.         return false;
  193.     }
  195.     protected function getVoteEntityClass(): string
  196.     {
  197.         return PaymentPlan::class;
  198.     }
  199. }