src/Security/AccessVoter.php line 17

Open in your IDE?
  1. <?php
  3. namespace App\Security;
  5. use App\Entity\Kernel\User;
  6. use App\Entity\Kernel\SecurityAction;
  7. use App\Entity\Kernel\UserLog;
  8. use App\Entity\Manufacturing\WorkCenter;
  9. use Doctrine\ORM\EntityManagerInterface;
  10. use LogicException;
  11. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  12. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  13. use Symfony\Component\HttpKernel\KernelInterface;
  14. use Symfony\Component\DependencyInjection\ParameterBag\ContainerBagInterface;
  17. class AccessVoter extends Voter
  18. {
  19.     // these strings are just invented: you can use anything
  20.     const VIEW 'view';
  21.     const EDIT 'edit';
  22.     private $em;
  23.     private $environment;
  24.     
  25.     public function __construct(EntityManagerInterface $emKernelInterface $kernelContainerBagInterface $params)
  26.     {
  27.         $this->em $em;
  28.         $this->environment $kernel->getEnvironment();
  29.                 $this->params $params;
  30.     }
  31.     
  33.     protected function supports(string $attribute$subject)
  34.     {
  35.         // if the attribute isn't one we support, return false
  36.         /*if (!in_array($attribute, [self::VIEW, self::EDIT])) {
  37.             return false;
  38.         }
  40.         // only vote on `Post` objects
  41.         if (!$subject instanceof Post) {
  42.             return false;
  43.         }*/
  45.         return true;
  46.     }
  48.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token)
  49.     {
  50.         $user $token->getUser();
  52.         if (!$user instanceof User) {
  53.             // the user must be logged in; if not, deny access
  54.             //return false;
  55.         }
  56.         
  57.         $items explode ":" $attribute);
  58.         
  59.         if (isset($items[0]) && isset($items[1]))
  60.         {
  61.             $idealaction null;
  62.             
  63.             if ($user->getEnabled() != true)
  64.             {
  65.                 return false;
  66.             }
  67.             if ($user->getLocked() == true)
  68.             {
  69.                 return false;
  70.             }
  71.                 
  72.             
  73.             $actionentity $this->em->getRepository(SecurityAction::class)->findOneBy(array('entity' => $items[0], 'action' => $items[1], 'state' => 0));
  74.             if (!$actionentity)
  75.             {
  76.                 $entity = new SecurityAction();
  77.                 $entity->setEntity($items[0]);
  78.                 $entity->setAction($items[1]);
  79.                 $entity->setLogging(1);
  80.                 $entity->setState(0);
  81.                 $this->em->persist($entity);
  82.                 $this->em->flush();
  83.                 $idealaction $entity;
  84.             }
  85.             else
  86.             {
  87.                 $idealaction $actionentity;
  88.             }
  89.             
  90.             if ($idealaction->getLogging() != 0)
  91.             {
  92.                 //if ($this->environment === 'dev') {
  93.                     $log  = new UserLog();
  94.                     $log->setEntity($items[0]);
  95.                     $log->setAction($items[1]);
  96.                     $log->setOrganization($user->getOrganization());
  97.                     if ($subject != null) {
  98.                         $log->setElement($subject->getId());
  99.                     }
  100.                     $log->setState(0);
  101.                     $this->em->persist($log);
  102.                     
  103.                     if($idealaction != null){
  104.                         $idealaction->setExecutionAction($idealaction->getExecutionAction() + 1);
  105.                     }
  106.                     $this->em->persist($idealaction);
  107.                     
  108.                     $this->em->flush();
  109.                 //}
  110.             }
  111.             
  112.             if ($this->params->get('app.desactive_security') == 1)
  113.             {
  114.                 return true;
  115.             }
  116.             
  117.             
  118.             $userfunction $user->getUserfunction();
  119.             foreach ($userfunction->getRoles() as $role) {
  120.                 $profile $role->getProfile();
  121.                 foreach ($profile->getActionprofiles() as $actionprofiles) {
  122.                     foreach ($actionprofiles->getSecurityactions() as $securityactions)
  123.                     {
  124.                         if($securityactions->getId() == $idealaction->getId())
  125.                         {
  126.                             if ($items[0] == "Plant") {
  127.                                 if ($subject != null)
  128.                                 {
  129.                                     //$subject->getId()
  130.                                     if ($role->getPlantrights()->getName() == "AllOrSelection.Selection")
  131.                                     {
  132.                                         
  133.                                         if (($role->getPlant() != null) && ($role->getPlant()->getId() == $subject->getId()))
  134.                                         {
  135.                                             return true;
  136.                                         }
  137.                                     }
  138.                                     else
  139.                                     {
  140.                                         return true;
  141.                                     }
  142.                                 }
  143.                                 else
  144.                                 {
  145.                                     return true;
  146.                                 }
  147.                             }
  148.                             else
  149.                             {
  150.                                 if ($items[0] == "WorkCenter") {
  151.                                     
  152.                                     if ($subject != null)
  153.                                     {
  154.                                         //If WorkCenterCounter find workcenterID and workcenter
  155.                                         //...
  156.                                         $workcenterid $subject->getId();
  157.                                         $workcenter $this->em->getRepository(WorkCenter::class)->findOneById($workcenterid);
  158.                                         if ($role->getWorkcenterrights()->getName() == "AllOrSelection.Selection")
  159.                                         {
  160.                                             if (($role->getWorkcenter() != null) && ($role->getWorkcenter()->getId() == $workcenterid))
  161.                                             {
  162.                                                 return true;
  163.                                             }
  164.                                         }
  165.                                         else
  166.                                         {
  167.                                             if ($role->getPlantrights()->getName() == "AllOrSelection.Selection")
  168.                                             {
  169.                                                 if ($role->getPlant() != null)
  170.                                                 {
  171.                                                     if ($workcenter->getPlant()->getId() == $role->getPlant()->getId())
  172.                                                     {
  173.                                                         return true;
  174.                                                     }
  175.                                                 }
  176.                                             }
  177.                                             else
  178.                                             {
  179.                                                 return true;
  180.                                             }
  181.                                         }
  182.                                     }
  183.                                     else
  184.                                     {
  185.                                         return true;
  186.                                     }
  187.                                 }
  188.                                 else
  189.                                 {
  190.                                     return true;
  191.                                 }
  192.                             }
  193.                         }
  194.                     }
  195.                 }
  196.             }
  197.             return false;
  198.         }
  199.         
  200.         return true;
  203.         throw new LogicException('This code should not be reached!');
  204.     }
  206.     private function canView($postUser $user)
  207.     {
  208.         // if they can edit, they can view
  209.         if ($this->canEdit($post$user)) {
  210.             return true;
  211.         }
  213.         // the Post object could have, for example, a method `isPrivate()`
  214.         return !$post->isPrivate();
  215.     }
  217.     private function canEdit($postUser $user)
  218.     {
  219.         // this assumes that the Post object has a `getOwner()` method
  220.         return $user === $post->getOwner();
  221.     }
  222. }