src/LiteDesk/UserBundle/Security/Authorization/UserVoter.php line 21

Open in your IDE?
  1. <?php
  2. namespace LiteDesk\UserBundle\Security\Authorization;
  4. use LiteDesk\OfficeBundle\Entity\Team;
  5. use LiteDesk\UserBundle\Entity\Contract;
  6. use LiteDesk\UserBundle\Entity\User;
  7. use Symfony\Component\DependencyInjection\ContainerInterface;
  8. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  9. use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
  10. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  11. use Symfony\Component\Security\Core\User\AdvancedUserInterface;
  12. use JMS\DiExtraBundle\Annotation\Service;
  13. use JMS\DiExtraBundle\Annotation\Tag;
  14. use JMS\DiExtraBundle\Annotation\Inject;
  15. use JMS\DiExtraBundle\Annotation\InjectParams;
  17. /**
  18.  * @Service
  19.  * @Tag("security.voter")
  20.  */
  21. class UserVoter extends Voter
  22. {
  23.     const CREATE 'CREATE';
  24.     const VIEW 'VIEW';
  25.     const EDIT 'EDIT';
  26.     const PROMOTE 'PROMOTE';
  27.     const DEMOTE 'DEMOTE';
  28.     const DELETE 'DELETE';
  30. //    /**
  31. //     * @var AuthorizationCheckerInterface
  32. //     */
  33. //    protected $authorizationChecker;
  34. //
  35. //    /**
  36. //     * @InjectParams({
  37. //     *     "authorizationChecker" = @Inject("security.authorization_checker")
  38. //     * })
  39. //     */
  40. //    public function setContainer(AuthorizationCheckerInterface $authorizationChecker)
  41. //    {
  42. //        $this->authorizationChecker = $authorizationChecker;
  43. //    }
  45.     protected function supports($attribute$subject)
  46.     {
  47.         if(!($subject instanceof User))
  48.         {
  49.             return false;
  50.         }
  52.         if(!in_array($attribute$this->getSupportedAttributes()))
  53.         {
  54.             return false;
  55.         }
  57.         return true;
  58.     }
  60.     protected function voteOnAttribute($attribute$subjectTokenInterface $token)
  61.     {
  62.         /** @var $user User */
  63.         $user $token->getUser();
  65.         if($user->hasRole('GLOBAL_EMPLOYEE_ADMINISTRATION'))
  66.         {
  67.             return true;
  68.         }
  70.         /** @var $subject User */
  71.         if($user->hasRole('LOCAL_EMPLOYEE_ADMINISTRATION') && $subject && method_exists($subject'getOffice'))
  72.         {
  73.             $visibleUntilDateLast = new \DateTime('-3 year');
  74.             $now = new \DateTime('now');
  76. //          Here below we get the lastContractStartDate to have an identifier to find out if the contract we have is really the last
  77. //          If it is the last contract which is ended, there is the need to see or edit it for three month after ending
  78. //          If it is an other contract than the last it should not be seen anymore after entering an enddate which is in the past
  79. //
  80.             $lastContractStartDate $subject->getLastContract()->getStartDate();
  81.             $contracts $subject->getContracts();
  83.             /** @var $contract Contract */
  84.             foreach ($contracts as $contract)
  85.             {
  86.                     if
  87.                     (   !empty($contract->getOffice()) &&
  88.                         !empty($user->getOffice()) &&
  89.                         $contract->getOffice()->getId() == $user->getOffice()->getId() &&
  90.                             (empty($contract->getExitDate()) ||
  91.                             ($contract->getExitDate() > $now) ||
  92.                             (($lastContractStartDate == $contract->getStartDate()) && $contract->getExitDate()>$visibleUntilDateLast))
  93.                     )
  95.                     {
  96.                         return true;
  97.                     }
  98.             }
  99.         }
  103.         if (!($user instanceof AdvancedUserInterface)) {
  104.             return false;
  105.         }
  107.         if($user->hasRole('LOCAL_EMPLOYEE_ADMINISTRATION') && !$subject)
  108.         {
  109.             return true;
  110.         }
  112.         return false;
  113.     }
  115.     protected function getSupportedAttributes()
  116.     {
  117.         return array(self::CREATEself::VIEWself::EDITself::PROMOTEself::DELETEself::DEMOTE);
  118.     }
  119. }