src/Security/Voter/RequestDuplication/CategoryCanBeDuplicated.php line 13

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter\RequestDuplication;
  5. use App\Helper\UserRequest\MdmProviderInterface;
  6. use App\Manager\UserRequestManager;
  7. use Psr\Log\LoggerInterface;
  8. use Symfony\Component\PropertyAccess\PropertyAccess;
  9. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  10. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  11. use WebServiceCollectionBundle\Model\AtlasPce\UserRequestRequestModel;
  13. class CategoryCanBeDuplicated extends Voter
  14. {
  15.     public const REQUEST_DUPLICATION_ATTR 'REQUEST_DUPLICATION';
  17.     /**
  18.      * @var LoggerInterface
  19.      */
  20.     protected $logger;
  22.     /**
  23.      * @var MdmProviderInterface
  24.      */
  25.     protected $mdmProvider;
  27.     /**
  28.      * @param LoggerInterface $logger
  29.      * @param MdmProviderInterface $mdmProvider
  30.      */
  31.     public function __construct(
  32.         LoggerInterface $logger,
  33.         MdmProviderInterface $mdmProvider
  34.     ) {
  35.         $this->logger      $logger;
  36.         $this->mdmProvider $mdmProvider;
  37.     }
  39.     /**
  40.      * {@inheritdoc}
  41.      */
  42.     public function supports($attribute$subject)
  43.     {
  44.         $isAttributeCopyCheck = static::REQUEST_DUPLICATION_ATTR === $attribute;
  45.         $isRequestValidObject = !is_null($subject) && (get_class($subject) === UserRequestRequestModel::class);
  47.         return $isAttributeCopyCheck && $isRequestValidObject;
  48.     }
  50.     /**
  51.      * {@inheritdoc}
  52.      */
  53.     public function voteOnAttribute($attribute$subjectTokenInterface $token)
  54.     {
  55.         $accessor   PropertyAccess::createPropertyAccessor();
  56.         $data       $subject->getData();
  57.         $categoryId $accessor->getValue($data'[requestCategory][id]');
  59.         $this->logger->info('[COPY CATEGORY] trying to duplicate request with category {categoryId}', [
  60.             'categoryId' => $categoryId,
  61.         ]);
  63.         // In case category hasn't been set already
  64.         if (!$categoryId) {
  65.             return true;
  66.         }
  68.         $user $token->getUser();
  69.         $userRoles $user->getRoles();
  71.         // if we take only categories, roles are lost.
  72.         $categories $this->mdmProvider->getAll(UserRequestManager::PCE_REQUEST_TYPE)['categories'];
  74.         $this->logger->info('[COPY CATEGORY] User roles {userRoles}', [
  75.             'userRoles' => json_encode($userRoles),
  76.         ]);
  78.         // Keep categories that either have no role restrictions or those what that user has ALL roles required by the category
  79.         $categories array_filter($categories, function(array $category) use ($userRoles) {
  80.             if (empty($category['roles'])) {
  81.                 $this->logger->info('[COPY CATEGORY] Category {categoryLabel} does not require any roles, it may be duplicated by anyone', [
  82.                     'categoryLabel' => $category['label'],
  83.                 ]);
  85.                 return true;
  86.             }
  88.             $this->logger->info('[COPY CATEGORY] Category {categoryLabel} requires roles {roles}', [
  89.                 'categoryLabel' => $category['label'],
  90.                 'roles' => json_encode($category['roles']),
  91.             ]);
  93.             return array_reduce($category['roles'], function($carry$roleInCategory) use ($userRoles) {
  94.                 return $carry && in_array($roleInCategory$userRoles);
  95.             }, true);
  96.         });
  98.         $this->logger->info('[COPY CATEGORY] Categories the user may copy {categories}', [
  99.             'categories' => json_encode($categories),
  100.         ]);
  102.         // Key = category id
  103.         $categoriesIds array_keys($categories);
  105.         $this->logger->info('[COPY CATEGORY] Request category incuded? {theAnswer}', [
  106.             'theAnswer' => in_array($categoryId$categoriesIds),
  107.         ]);
  109.         // Check if user has access to category
  110.         return in_array($categoryId$categoriesIds);
  111.     }
  112. }