src/Security/Voter/InvoiceVoter.php line 26

Open in your IDE?
  1. <?php
  3. /*
  4.  * To change this license header, choose License Headers in Project Properties.
  5.  * To change this template file, choose Tools | Templates
  6.  * and open the template in the editor.
  7.  */
  9. namespace App\Security\Voter;
  11. use App\Entity\JIT\Charge;
  12. use App\Entity\JIT\Incident;
  13. use App\Entity\JIT\Invoice;
  14. use App\Entity\JIT\Tenancy;
  15. use App\Entity\Security\User;
  16. use LogicException;
  17. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  18. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  19. use Symfony\Component\Security\Core\Security;
  21. /**
  22.  * Description of InvoiceVoter
  23.  *
  24.  * @author NOUTCHEU Blaise
  25.  */
  26. class InvoiceVoter extends Voter {
  28.     // these strings are just invented: you can use anything
  29. //    const LIST = 'ROLE_JIT_INVOICE_INDEX';
  30.     const LIST = 'ROLE_JIT_INVOICE_INDEX';
  31.     const ALL 'ROLE_JIT_INVOICE_ALL';
  32.     const LUNPAY 'ROLE_JIT_INVOICE_LUNPAY';
  33.     const LVALIDATE 'ROLE_JIT_INVOICE_LVALIDATE';
  34.     const LPAY 'ROLE_JIT_INVOICE_LPAY';
  35.     const ADD 'ROLE_JIT_INVOICE_ADD';
  36.     const ADDBI 'ROLE_JIT_INVOICE_ADDBI';
  37.     const VIEW 'ROLE_JIT_INVOICE_VIEW';
  38.     const CLONE = 'ROLE_JIT_INVOICE_CLONE';
  39.     const EDIT 'ROLE_JIT_INVOICE_EDIT';
  40.     const DELETE 'ROLE_JIT_INVOICE_DELETE';
  41.     const PAY 'ROLE_JIT_INVOICE_PAY';
  42.     const VALIDATE 'ROLE_JIT_INVOICE_VALIDATE';
  43.     const GENERATE 'ROLE_JIT_INVOICE_GENERATE';
  44.     const GENERATE2 'ROLE_JIT_INVOICE_GENERATE2';
  46.     private $security;
  48.     public function __construct(Security $security) {
  49.         $this->security $security;
  50.     }
  52.     protected function supports(string $attribute$subject) {
  53.         // only a teacher can add invoice on his subject
  54.         if (in_array($attribute, [
  55.                     self::LIST,
  56.                     self::ALL,
  57.                     self::LUNPAY,
  58.                     self::LVALIDATE,
  59.                     self::LPAY,
  60.                     self::ADD,
  61.                     self::ADDBI,
  62.                     self::VIEW,
  63.                     self::CLONE,
  64.                     self::EDIT,
  65.                     self::PAY,
  66.                     self::VALIDATE,
  67.                     self::GENERATE,
  68.                     self::GENERATE2,
  69.                     self::DELETE,
  70.                 ])) {
  71.             return true;
  72.         }
  74.         if (!in_array($attribute, [
  75. //                    self::VIEW,
  76.                 ])) {
  77.             return false;
  78.         }
  80.         // only vote on `Invoice` objects
  81.         if (!$subject instanceof Invoice) {
  82.             return false;
  83.         }
  85.         return true;
  86.     }
  88.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token) {
  89.         $user $token->getUser();
  91.         if (!$user instanceof User) {
  92.             // the user must be logged in; if not, deny access
  93.             return false;
  94.         }
  96.         // ROLE_JIT_INVOICE_MANAGE can do anything on invoice! The power!
  97.         if ($this->security->isGranted('ROLE_MANAGER')) {
  98.             return true;
  99.         }
  102.         switch ($attribute) {
  103.             case self::ALL:
  104.             case self::LIST:
  105.             case self::LUNPAY:
  106.                 return true;
  107.             case self::LVALIDATE:
  108.             case self::LPAY:
  109.                 return $this->canList($user);
  110.             case self::ADD:
  111.                 return $this->canAdd($user);
  112.             case self::ADDBI:
  113.                 return $this->canAddBI($subject$user);
  114.             case self::VIEW:
  115.                 return $this->canView($subject$user);
  116.             case self::CLONE:
  117.                 return $this->canClone($subject$user);
  118.             case self::EDIT:
  119.                 return $this->canEdit($subject$user);
  120.             case self::DELETE:
  121.                 return $this->canDelete($subject$user);
  122.             case self::PAY:
  123.                 return $this->canPay($subject$user);
  124.             case self::VALIDATE:
  125.                 return $this->canValidate($subject$user);
  126.             case self::GENERATE:
  127.                 return $this->canGenerate($subject$user);
  128.             case self::GENERATE2:
  129.                 return $this->canGenerate2($subject$user);
  130.         }
  132.         throw new LogicException('This code should not be reached!');
  133.     }
  135.     private function canList(User $user) {
  136.         return true;
  137.     }
  139.     private function canAdd(User $user) {
  140.         return true;
  141.     }
  143.     private function canAddBI(Incident $incidentUser $user) {
  144.         return true;
  145.     }
  147.     private function canView(Invoice $invoiceUser $user) {
  148.         return true;
  149.     }
  151.     private function canClone(Invoice $invoiceUser $user) {
  152.         return $this->canAdd($user) && $this->canView($invoice$user);
  153.     }
  155.     private function canEdit(Invoice $invoiceUser $user) {
  156.         //Uniquement le chef d'agence peut modifier une invoicene
  157. //        if ($user->getMyAgencies()->contains($invoice->getInvoice())) {
  158. //            return true;
  159. //        }
  161.         return $this->canView($invoice$user);
  162.     }
  164.     private function canDelete(Invoice $invoiceUser $user) {
  165.         //Uniquement le chef d'agence peut modifier une invoicene
  166. //        if ($user->getMyAgencies()->contains($invoice->getInvoice())) {
  167. //            return true;
  168. //        }
  170.         return $this->canView($invoice$user);
  171.     }
  173.     private function canPay(Invoice $invoiceUser $user) {
  174.         return $this->canView($invoice$user);
  175.     }
  177.     private function canValidate(Invoice $invoiceUser $user) {
  178.         return $this->canView($invoice$user);
  179.     }
  181.     private function canGenerate(Tenancy $tenancyUser $user) {
  182. //        return $this->canView($tenancy, $user);
  183.         return true;
  184.     }
  186.     private function canGenerate2(Charge $chargeUser $user) {
  187. //        return $this->canView($invoice, $user);
  188.         return true;
  189.     }
  191. }