src/Security/AbsenceVoter.php line 13

Open in your IDE?
  1. <?php
  2. namespace App\Security;
  4. use App\Entity\Collaborator;
  5. use App\Entity\RH\Absence;
  7. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  8. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  9. use Symfony\Component\Security\Core\Exception\AccessDeniedException;
  10. use Symfony\Component\Security\Core\Security;
  11. use Symfony\Contracts\Translation\TranslatorInterface;
  13. class AbsenceVoter extends Voter
  14. {
  15.     const VIEW          'view';
  16.     const EDIT          'edit';
  17.     const CHANGE_STATUS_PENDING     'changeStatus'.Absence::PENDING;
  18.     const CHANGE_STATUS_VALID       'changeStatus'.Absence::VALID;
  19.     const CHANGE_STATUS_REFUSED     'changeStatus'.Absence::REFUSED;
  20.     const CHANGE_STATUS_CANCELLED   'changeStatus'.Absence::CANCELLED;
  21.     const EDIT_MANAGER_COMMENT      'canEditManagerComment';
  23.     private $security;
  24.     private $translator;
  26.     public function __construct(Security $security,TranslatorInterface $translator)
  27.     {
  28.         $this->security $security;
  29.         $this->translator=$translator;
  30.     }
  32.     protected function supports(string $attribute$subject): bool
  33.     {
  34.         // if the attribute isn't one we support, return false
  35.         if (!in_array($attribute, [self::VIEWself::EDITself::EDIT_MANAGER_COMMENTself::CHANGE_STATUS_PENDING,self::CHANGE_STATUS_REFUSED,self::CHANGE_STATUS_VALID,self::CHANGE_STATUS_CANCELLED])) {
  36.             return false;
  37.         }
  39.         // only vote on `Absence` objects
  40.         if (!$subject instanceof Absence) {
  41.             return false;
  42.         }
  44.         return true;
  45.     }
  47.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  48.     {
  49.         $collaborator $token->getUser()->getCollaborator();
  51.         if (!$collaborator instanceof Collaborator) {
  52.             return false;
  53.         }
  55.         // you know $subject is a Absence object, thanks to `supports()`
  56.         /** @var Absence $absence */
  57.         $absence $subject;
  59.         switch ($attribute) {
  60.             case self::VIEW:
  61.                 return $this->canView($absence$collaborator);
  62.             case self::CHANGE_STATUS_PENDING:
  63.             case self::CHANGE_STATUS_REFUSED:
  64.             case self::CHANGE_STATUS_VALID:
  65.             case self::CHANGE_STATUS_CANCELLED:
  66.                 return $this->canChangeStatus($absence$collaborator,$attribute);
  67.             case self::EDIT:
  68.                 return $this->canEdit($absence$collaborator);
  69.             case self::EDIT_MANAGER_COMMENT:
  70.                 return $this->canEditManagerComment($absence,$collaborator);
  71.         }
  73.         throw new \LogicException('This code should not be reached!');
  74.     }
  76.     private function canView(Absence $absenceCollaborator $collaborator): bool
  77.     {
  78.         if(
  79.             !$this->isGranted('ROLE_ADMIN')
  80.             and !$this->isGranted('ROLE_ASSISTANT_RH')
  81.             and $absence->getCollaborator()!=$collaborator
  82.             and !in_array($absence->getCollaborator(),$collaborator->getAllListNMoins()->toArray())
  83.         ){
  84.             return false;
  85.         }
  86.         return true;
  87.     }
  89.     private function canChangeStatus(Absence $absenceCollaborator $collaborator,$attribute): bool
  90.     {
  91.         if (!$this->canView($absence,$collaborator))return false;
  94.         /*
  95.          si statut existant => PENDING
  96.             =>VALID/REFUSED =>MANAGER ASSISTANT RH OU ADMIN
  97.             =>CANCEL => TOUS
  98.         */
  100.         /*
  101.          si statut existant => VALID
  102.             =>CANCEL => ASSISTANT RH OU ADMIN
  103.         */
  105.         /*
  106.          si statut existant => REFUSED
  107.             =>RIEN
  108.         */
  109.         /*
  110.          si statut existant => CANCELLED
  111.             =>RIEN
  112.         */
  113.         $new_status=str_replace('changeStatus','',$attribute);
  115.         if ($absence->getStatus()==$new_status){
  116.             return false;
  117.         }
  119.         if($absence->getStatus()==Absence::PENDING and in_array($new_status,[Absence::VALID,Absence::REFUSED]) and (!$this->isGranted('ROLE_ASSISTANT_RH') and !in_array$absence->getCollaborator(),$collaborator->getListNMoins1()->toArray()))){
  120.             return false;
  121.         }
  123.         if($absence->getStatus()==Absence::PENDING and $new_status==Absence::CANCELLED and (!$this->isGranted('ROLE_ASSISTANT_RH')) and ( $absence->getCollaborator()!=$collaborator and!$this->isGranted('ROLE_ASSISTANT_RH') and !in_array$absence->getCollaborator(),$collaborator->getListNMoins1()->toArray()))){
  124.             return false;
  125.         }
  127.         if($absence->getStatus()==Absence::VALID and $new_status==Absence::CANCELLED and (!$this->isGranted('ROLE_ASSISTANT_RH'))){
  128.             return false;
  129.         }
  131.         if(in_array($absence->getStatus(),[Absence::CANCELLEDAbsence::REFUSED])){
  132.             return false;
  133.         }
  136.         return true;
  139.     }
  141.     private function canEditManagerComment(Absence $absenceCollaborator $collaborator): bool
  142.     {
  143.         if(
  144.             !$this->isGranted('ROLE_ADMIN')
  145.             and !$this->isGranted('ROLE_ASSISTANT_RH')
  146.             and !$this->isGranted('ROLE_MANAGER_RH')
  147.             //and !in_array($absence->getCollaborator(),$collaborator->getAllListNMoins()->toArray())
  148.         ){
  149.             return false;
  150.         }
  151.         return true;
  152.     }
  154.     private function canEdit(Absence $absenceCollaborator $collaborator): bool
  155.     {
  156.         return false;
  157.     }
  159.     private function isGranted($role)
  160.     {
  161.         return $this->security->isGranted($role);
  162.     }
  163. }