src/Security/Voter/UserVoter.php line 15

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter;
  5. use App\DBAL\Types\RoleEnumType;
  6. use App\DTO\UserRatingDTO;
  7. use App\Entity\User;
  8. use App\Service\CuratorService;
  9. use App\Service\DutyService;
  10. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  11. use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
  12. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  13. use Symfony\Component\Security\Core\User\UserInterface;
  15. class UserVoter extends Voter
  16. {
  17.     const SHOW_PHONE 'show_phone';
  18.     const SHOW_EMAIL 'show_email';
  19.     const SHOW_FOLLOW_ME 'show_follow_me';
  20.     const SHOW_RESUME 'show_resume';
  21.     const EDIT_PROFILE 'edit_profile';
  22.     const SHOW_DETAIL_RATING 'show_detail_rating';
  23.     const SHOW_FULLY_STUDENT 'show_fully_student';
  24.     const SEND_HOMEWORK 'send_homework';
  25.     const NEUROCHAT_ACCESS 'neurochat_access';
  26.     const NEUROSUPPORT_ACCESS 'neurosupport_access';
  27.     const COORDINATOR_MESSAGE_SEND 'coordinator_message_send';
  28.     const RESUME_ACCESS 'resume_access';
  30.     private AuthorizationCheckerInterface $authorizationChecker;
  31.     private CuratorService $curatorService;
  32.     private DutyService $dutyService;
  34.     public function __construct(
  35.         AuthorizationCheckerInterface $authorizationChecker,
  36.         CuratorService $curatorService,
  37.         DutyService $dutyService
  38.     ) {
  39.         $this->authorizationChecker $authorizationChecker;
  40.         $this->curatorService $curatorService;
  41.         $this->dutyService $dutyService;
  42.     }
  44.     protected function supports($attribute$subject)
  45.     {
  46.         return in_array($attribute, [
  47.             self::SHOW_PHONEself::SHOW_EMAILself::SHOW_FOLLOW_MEself::SHOW_RESUMEself::EDIT_PROFILE,
  48.             self::SHOW_DETAIL_RATINGself::SHOW_FULLY_STUDENTself::SEND_HOMEWORK,
  49.             self::NEUROCHAT_ACCESSself::NEUROSUPPORT_ACCESSself::COORDINATOR_MESSAGE_SENDself::RESUME_ACCESS,
  50.         ]);
  51.     }
  53.     /**
  54.      * @param string                   $attribute
  55.      * @param User|UserRatingDTO|mixed $subject
  56.      *
  57.      * @return bool
  58.      */
  59.     protected function voteOnAttribute($attribute$subjectTokenInterface $token)
  60.     {
  61.         /** @var User $user */
  62.         $user $token->getUser();
  63.         // if the user is anonymous, do not grant access
  64.         if (!$user instanceof UserInterface) {
  65.             return false;
  66.         }
  68.         // ... (check conditions and return true to grant permission) ...
  69.         switch ($attribute) {
  70.             case self::SHOW_PHONE:
  71.                 return $subject->getIsShowPhone() && ((bool) trim($subject->getPhone()));
  72.                 break;
  73.             case self::SHOW_EMAIL:
  74.                 return $subject->getIsShowEmail();
  75.                 break;
  76.             case self::SHOW_FOLLOW_ME:
  77.                 return $subject->getIsShowFollowMe() && ((bool) $subject->getFollowMeLinks()->count());
  78.                 break;
  79.             case self::SHOW_RESUME:
  80.                 return $subject->getIsShowResume() && ((bool) trim($subject->getResume()));
  81.                 break;
  82.             case self::EDIT_PROFILE:
  83.                 return $subject->getId() == $user->getId();
  84.                 break;
  85.             case self::SHOW_DETAIL_RATING:
  86.                 return $user == $subject
  87.                     || $user->hasRole(RoleEnumType::ROLE_CURATOR)
  88.                     || $user->hasRole(RoleEnumType::ROLE_MODERATOR)
  89.                     || $user->hasRole(RoleEnumType::ROLE_SUPER_ADMIN)
  90.                 ;
  91.             case self::SHOW_FULLY_STUDENT:
  92.                 $user $subject ?? $user;
  93.                 $isStudent = (bool) ($user->hasRole(RoleEnumType::ROLE_STUDENT) || $user->hasRole(RoleEnumType::ROLE_VIP_STUDENT) || $user->hasRole(RoleEnumType::ROLE_VIP_VIDEO_STUDENT));
  95.                 return (bool) ($isStudent && !$this->isDemo($user));
  96.                 break;
  97.             case self::NEUROCHAT_ACCESS:
  98.                 $user $subject ?? $user;
  99.                 return $user->hasProgramWithSupport()
  100.                     && (
  101.                         (
  102.                             $this->isDemo($user)
  103.                             && $user->hasRole(RoleEnumType::ROLE_NEUROCHAT_DEMO)
  104.                         )
  105.                         || (
  106.                             !$this->isDemo($user)
  107.                             && $this->authorizationChecker->isGranted('ROLE_NEUROCHAT_ACCESS'$user)
  108.                         )
  109.                     )
  110.                 ;
  111.             case self::NEUROSUPPORT_ACCESS:
  112.                 $user $subject ?? $user;
  113.                 return (
  114.                     $this->isDemo($user)
  115.                     && $user->hasRole(RoleEnumType::ROLE_NEUROSUPPORT_DEMO)
  116.                 )
  117.                 || (
  118.                     !$this->isDemo($user)
  119.                     && $this->authorizationChecker->isGranted('ROLE_NEUROSUPPORT_ACCESS'$user)
  120.                 );
  121.             case self::SEND_HOMEWORK:
  122.                 $user $subject ?? $user;
  124.                 return !$user->hasRole(RoleEnumType::ROLE_DEMO) || $user->hasRole(RoleEnumType::ROLE_DEMO_INTENSIVE);
  125.             case self::COORDINATOR_MESSAGE_SEND:
  126.                 $user $subject ?? $user;
  128.                 return $this->dutyService->issetDutyCoordinators();
  129.             case self::RESUME_ACCESS:
  130.                 return $user->hasRole(RoleEnumType::ROLE_RESUME_ACCESS)
  131.                     || $user->hasRole(RoleEnumType::ROLE_HR);
  132.         }
  134.         return false;
  135.     }
  137.     private function isDemo(User $user)
  138.     {
  139.         return $user->hasRole(RoleEnumType::ROLE_DEMO)
  140.             || $user->hasRole(RoleEnumType::ROLE_INTRO_STUDENT)
  141.             || $user->hasRole(RoleEnumType::ROLE_LIMITED_ACCESS)
  142.             || $user->hasRole(RoleEnumType::ROLE_DEMO_INTENSIVE)
  143.         ;
  144.     }
  145. }