src/Security/AccessVoter.php line 16

Open in your IDE?
  1. <?php
  3. namespace App\Security;
  5. use App\Entity\Kernel\User;
  6. use App\Entity\Kernel\SecurityAction;
  7. use App\Entity\Kernel\UserLog;
  8. use App\Entity\Manufacturing\WorkCenter;
  9. use Doctrine\ORM\EntityManagerInterface;
  10. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  11. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  12. use Symfony\Component\HttpKernel\KernelInterface;
  13. use Symfony\Component\DependencyInjection\ParameterBag\ContainerBagInterface;
  16. class AccessVoter extends Voter
  17. {
  18.     // these strings are just invented: you can use anything
  19.     const VIEW 'view';
  20.     const EDIT 'edit';
  21.     private $em;
  22.     private $environment;
  23.     private $params;
  24.     
  25.     public function __construct(EntityManagerInterface $emKernelInterface $kernelContainerBagInterface $params)
  26.     {
  27.         $this->em $em;
  28.         $this->environment $kernel->getEnvironment();
  29.         $this->params $params;
  30.     }
  31.     
  33.     protected function supports(string $attribute$subject)
  34.     {
  35.         // if the attribute isn't one we support, return false
  36.         /*if (!in_array($attribute, [self::VIEW, self::EDIT])) {
  37.             return false;
  38.         }
  40.         // only vote on `Post` objects
  41.         if (!$subject instanceof Post) {
  42.             return false;
  43.         }*/
  45.         return true;
  46.     }
  48.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token)
  49.     {
  50.         $user $token->getUser();
  52.         if (!$user instanceof User) {
  53.             // the user must be logged in; if not, deny access
  54.             //return false;
  55.         }
  56.         
  57.         $items explode ":" $attribute);
  58.         
  59.         if (isset($items[0]) && isset($items[1]))
  60.         {
  61.             $idealaction null;
  62.             
  63.             $actionentity $this->em->getRepository(SecurityAction::class)->findOneBy(array('entity' => $items[0], 'action' => $items[1], 'state' => 0));
  64.             if (!$actionentity)
  65.             {
  66.         $entity  = new SecurityAction();
  67.         $entity->setEntity($items[0]);
  68.         $entity->setAction($items[1]);
  69.                 $entity->setLogging(1);
  70.                 $entity->setState(0);
  71.         $this->em->persist($entity);
  72.         $this->em->flush();
  73.         $idealaction $entity;
  74.             }
  75.             else
  76.             {
  77.                 $idealaction $actionentity;
  78.             }
  79.             
  80.             if ($idealaction->getLogging() != 0)
  81.             {
  82.                 if ($this->environment === 'dev') {
  83.                     $log  = new UserLog();
  84.                     $log->setEntity($items[0]);
  85.                     $log->setAction($items[1]);
  86.                     $log->setOrganization($user->getOrganization());
  87.                     if ($subject != null)
  88.                     {
  89.                         $log->setElement($subject->getId());
  90.                     }
  91.                     $log->setState(0);
  92.                     $securityAction $this->em->getRepository(SecurityAction::class)
  93.                         ->findOneBy(array('entity' => $items[0], 'action' => $items[1], 'state' => 0));
  94.                     if($securityAction != null){
  95.                         $securityAction->setExecutionAction($securityAction->getExecutionAction() + 1);
  96.                     }
  97.                     $this->em->persist($log);
  98.                     $this->em->flush();
  99.                 }
  100.             }
  101.             
  103.             if ($this->params->get('app.desactive_security') == 1)
  104.             {
  105.                 return true;
  106.             }
  107.             
  108.             
  109.             //return true;
  110.             
  111.             
  112.                         
  113.             $userfunction $user->getUserfunction();
  114.             
  115.             $query $this->em->createQuery(
  116.             "SELECT e.id as id FROM App\Entity\Kernel\UserFunction  a
  117.                 JOIN a.roles b
  118.                 JOIN b.profile c
  119.                 JOIN c.actionprofiles d
  120.                 JOIN d.securityactions e
  121.                 WHERE (a.id = ?1)");
  122.             $query $query->setParameter(1$userfunction->getId());
  123.             $iterator $query->getResult();
  124.             //return true;
  125.             foreach($iterator as $actionid)
  126.             {
  127.                 if($actionid["id"] == $idealaction->getId())
  128.                 {
  129.                     return true;
  130.                 }
  131.             }
  132.             return false;
  133.             
  134.         /*
  135.             foreach ($userfunction->getRoles() as $role)
  136.             {
  137.                 $profile = $role->getProfile();
  138.                 foreach ($profile->getActionprofiles() as $actionprofiles)
  139.                 {
  140.                     foreach ($actionprofiles->getSecurityactions() as $securityactions)
  141.                     {
  142.                         if($securityactions->getId() == $idealaction->getId())
  143.                         {
  144.                             if ($items[0] == "Plant") {
  145.                                 if ($subject != null)
  146.                                 {
  147.                                     //$subject->getId()
  148.                                     if ($role->getPlantrights()->getName() == "AllOrSelection.Selection")
  149.                                     {
  150.                                         
  151.                                         if (($role->getPlant() != null) && ($role->getPlant()->getId() == $subject->getId()))
  152.                                         {
  153.                                             return true;
  154.                                         }
  155.                                     }
  156.                                     else
  157.                                     {
  158.                                         return true;
  159.                                     }
  160.                                 }
  161.                                 else
  162.                                 {
  163.                                     return true;
  164.                                 }
  165.                             }
  166.                             else
  167.                             {
  168.                                 if ($items[0] == "WorkCenter") {
  169.                                     
  170.                                     if ($subject != null)
  171.                                     {
  172.                                         //If WorkCenterCounter find workcenterID and workcenter
  173.                                         //...
  174.                                         $workcenterid = $subject->getId();
  175.                                         $workcenter = $this->em->getRepository(WorkCenter::class)->findOneById($workcenterid);
  176.                                         if ($role->getWorkcenterrights()->getName() == "AllOrSelection.Selection")
  177.                                         {
  178.                                             if (($role->getWorkcenter() != null) && ($role->getWorkcenter()->getId() == $workcenterid))
  179.                                             {
  180.                                                 return true;
  181.                                             }
  182.                                         }
  183.                                         else
  184.                                         {
  185.                                             if ($role->getPlantrights()->getName() == "AllOrSelection.Selection")
  186.                                             {
  187.                                                 if ($role->getPlant() != null)
  188.                                                 {
  189.                                                     if ($workcenter->getPlant()->getId() == $role->getPlant()->getId())
  190.                                                     {
  191.                                                         return true;
  192.                                                     }
  193.                                                 }
  194.                                             }
  195.                                             else
  196.                                             {
  197.                                                 return true;
  198.                                             }
  199.                                         }
  200.                                     }
  201.                                     else
  202.                                     {
  203.                                         return true;
  204.                                     }
  205.                                 }
  206.                                 else
  207.                                 {
  208.                                     return true;
  209.                                 }
  210.                             }
  211.                         }
  212.                     }
  213.                 }
  214.             }
  215.             return false;
  216.          * * 
  217.          */
  218.         }
  219.          
  220.         
  221.         return true;
  222.         
  224.         throw new \LogicException('This code should not be reached!');
  225.     }
  227.     private function canView($postUser $user)
  228.     {
  229.         // if they can edit, they can view
  230.         if ($this->canEdit($post$user)) {
  231.             return true;
  232.         }
  234.         // the Post object could have, for example, a method `isPrivate()`
  235.         return !$post->isPrivate();
  236.     }
  238.     private function canEdit($postUser $user)
  239.     {
  240.         // this assumes that the Post object has a `getOwner()` method
  241.         return $user === $post->getOwner();
  242.     }
  243. }