<?php
namespace LiteDesk\UserBundle\Security\Authorization;
use LiteDesk\OfficeBundle\Entity\Team;
use LiteDesk\UserBundle\Entity\Contract;
use LiteDesk\UserBundle\Entity\User;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\User\AdvancedUserInterface;
use JMS\DiExtraBundle\Annotation\Service;
use JMS\DiExtraBundle\Annotation\Tag;
use JMS\DiExtraBundle\Annotation\Inject;
use JMS\DiExtraBundle\Annotation\InjectParams;
/**
* @Service
* @Tag("security.voter")
*/
class UserVoter extends Voter
{
const CREATE = 'CREATE';
const VIEW = 'VIEW';
const EDIT = 'EDIT';
const PROMOTE = 'PROMOTE';
const DEMOTE = 'DEMOTE';
const DELETE = 'DELETE';
// /**
// * @var AuthorizationCheckerInterface
// */
// protected $authorizationChecker;
//
// /**
// * @InjectParams({
// * "authorizationChecker" = @Inject("security.authorization_checker")
// * })
// */
// public function setContainer(AuthorizationCheckerInterface $authorizationChecker)
// {
// $this->authorizationChecker = $authorizationChecker;
// }
protected function supports($attribute, $subject)
{
if(!($subject instanceof User))
{
return false;
}
if(!in_array($attribute, $this->getSupportedAttributes()))
{
return false;
}
return true;
}
protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
{
/** @var $user User */
$user = $token->getUser();
if($user->hasRole('GLOBAL_EMPLOYEE_ADMINISTRATION'))
{
return true;
}
/** @var $subject User */
if($user->hasRole('LOCAL_EMPLOYEE_ADMINISTRATION') && $subject && method_exists($subject, 'getOffice'))
{
$visibleUntilDateLast = new \DateTime('-3 year');
$now = new \DateTime('now');
// Here below we get the lastContractStartDate to have an identifier to find out if the contract we have is really the last
// If it is the last contract which is ended, there is the need to see or edit it for three month after ending
// If it is an other contract than the last it should not be seen anymore after entering an enddate which is in the past
//
$lastContractStartDate = $subject->getLastContract()->getStartDate();
$contracts = $subject->getContracts();
/** @var $contract Contract */
foreach ($contracts as $contract)
{
if
( !empty($contract->getOffice()) &&
!empty($user->getOffice()) &&
$contract->getOffice()->getId() == $user->getOffice()->getId() &&
(empty($contract->getExitDate()) ||
($contract->getExitDate() > $now) ||
(($lastContractStartDate == $contract->getStartDate()) && $contract->getExitDate()>$visibleUntilDateLast))
)
{
return true;
}
}
}
if (!($user instanceof AdvancedUserInterface)) {
return false;
}
if($user->hasRole('LOCAL_EMPLOYEE_ADMINISTRATION') && !$subject)
{
return true;
}
return false;
}
protected function getSupportedAttributes()
{
return array(self::CREATE, self::VIEW, self::EDIT, self::PROMOTE, self::DELETE, self::DEMOTE);
}
}