src/Voters/OrderVoter.php line 33

1. <?php
2. /**
3.  *
4.  * (c) BonBonSlick
5.  *
6.  */
8. declare(strict_types=1);
10. /*
11.  * Created by BonBonSlick
12.  * Contacts: google it
13.  * Date: 9/14/18
14.  * Time: 12:00 AM
15.  */
17. namespace App\Voters;
20. use App\Entity\Order\Order;
21. use App\Entity\Role\Role;
22. use App\Entity\User\User;
23. use function get_class;
24. use function in_array;
25. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
26. use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
27. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
28. use Symfony\Component\Security\Core\User\UserInterface;
30. /**
31.  * Class self
32.  */
33. final class OrderVoter extends Voter
34. {
35.     public const ADMIN_VIEW_SINGLE = 1;
36.     public const ADMIN_VIEW_PAID_LIST = 3;
37.     public const ADMIN_VIEW_UNPAID_LIST = 7;
38.     public const ADMIN_EDIT = 5;
40.     /**
41.      * string[]
42.      */
43.     public const ADMIN_PERMS = [
44.         self::ADMIN_VIEW_SINGLE => 'admin.view.single',
45.         self::ADMIN_VIEW_PAID_LIST => 'admin.view.paid.list',
46.         self::ADMIN_VIEW_UNPAID_LIST => 'admin.view.un.paid.list',
47.         self::ADMIN_EDIT => 'admin.edit',
48.     ];
50.     /**
51.      * @var AccessDecisionManagerInterface
52.      */
53.     private $decisionManager;
55.     /**
56.      * self constructor.
57.      * 
58.      * @param AccessDecisionManagerInterface $decisionManager
59.      */
60.     public function __construct(AccessDecisionManagerInterface $decisionManager)
61.     {
62.         $this->decisionManager = $decisionManager;
63.     }
65.     /**
66.      * {@inheritdoc}
67.      */
68.     protected function supports($attribute, $subject): bool
69.     {
70.         // if the attribute isn't one we support, return false
71.         if (false === in_array($attribute, self::ADMIN_PERMS, true)) {
72.             return false;
73.         }
74.         // only vote on Post objects inside this voter
75.         if (get_class($subject) === Order::class) {
76.             return true;
77.         }
79.         return false;
80.     }
82.     /**
83.      * {@inheritdoc}
84.      */
85.     protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
86.     {
87.         /** @var User $user */
88.         $user = $token->getUser();
89.         $response = false;
91.         $isGranted = false === $user instanceof UserInterface ||
92.             $this->decisionManager->decide($token, [
93.                 User::ROLE_ADMIN,
94.                 User::ROLE_WRITER,
95.                 User::ROLE_PREMIUM_WRITER,
96.                 User::ROLE_EXPRESS_WRITER,
97.             ]);
98.         if (false === $isGranted) {
99.             return $response;
100.         }
102.         switch ($attribute) {
103.             case self::ADMIN_PERMS[self::ADMIN_VIEW_SINGLE]:
104.                 $response = $this->isAdminCanViewSingle($user);
105.                 break;
106.             case self::ADMIN_PERMS[self::ADMIN_VIEW_PAID_LIST]:
107.                 $response = $this->adminViewPaidOrderList($user);
108.                 break;
109.             case self::ADMIN_PERMS[self::ADMIN_VIEW_UNPAID_LIST]:
110.                 $response = $this->isAdminCanViewUnPadiOrderList($user);
111.                 break;
112.             case self::ADMIN_PERMS[self::ADMIN_EDIT]:
113.                 $response = $this->isAdminCanEdit($user);
114.                 break;
115.             default:
116.                 return $response;
117.         }
119.         return $response;
120.     }
122.     /**
123.      * @param User $user
124.      *
125.      * @return bool
126.      */
127.     private function isAdminCanViewSingle(User $user): bool
128.     {
129.         // if they can edit, they can view
130.         if ($this->isAdminCanEdit($user)) {
131.             return true;
132.         }
134.         if ($this->isUserInRole($user, [
135.             User::ROLE_ADMIN,
136.             User::ROLE_WRITER,
137.             User::ROLE_PREMIUM_WRITER,
138.             User::ROLE_EXPRESS_WRITER,
139.         ])) {
140.             return true;
141.         }
143.         return false;
144.     }
146.     /**
147.      * @param User $user
148.      *
149.      * @return bool
150.      */
151.     private function adminViewPaidOrderList(User $user): bool
152.     {
153.         // if they can edit, they can view
154.         if ($this->isAdminCanViewUnPadiOrderList($user)) {
155.             return true;
156.         }
158.         if ($this->isUserInRole($user, [
159.             User::ROLE_WRITER,
160.             User::ROLE_PREMIUM_WRITER,
161.             User::ROLE_EXPRESS_WRITER
162.         ])) {
163.             return true;
164.         }
166.         return false;
167.     }
169.     /**
170.      * @param User $user
171.      *
172.      * @return bool
173.      */
174.     private function isAdminCanViewUnPadiOrderList(User $user): bool
175.     {
176.         if ($this->isUserInRole($user, [
177.             User::ROLE_ADMIN,
178.         ])) {
179.             return true;
180.         }
183.         return false;
184.     }
186.     /**
187.      * @param User $user
188.      *
189.      * @return bool
190.      */
191.     private function isAdminCanEdit(User $user): bool
192.     {
193.         if ($this->isUserInRole($user, [
194.             User::ROLE_ADMIN,
195.             User::ROLE_WRITER,
196.             User::ROLE_PREMIUM_WRITER,
197.             User::ROLE_EXPRESS_WRITER,
198.         ])) {
199.             return true;
200.         }
203.         return false;
204.     }
206.     /**
207.      * @param User     $user
208.      *
209.      * @param string[] $roles
210.      *
211.      * @return bool
212.      */
213.     private function isUserInRole(User $user, array $roles): bool
214.     {
215.         /** @var Role $item */
216.         foreach ($user->rolesCollection() as $item) {
217.             if (in_array($item->constantKey(), $roles, true)) {
218.                 return true;
219.             }
220.         }
222.         return false;
223.     }
224. }