src/Security/ProjectVoter.php line 16

Open in your IDE?
  1. <?php
  2. namespace App\Security;
  4. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  5. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  6. use Symfony\Component\Security\Core\Security;
  7. use Doctrine\ORM\EntityManagerInterface;
  8. use App\Entity\Project;
  9. use App\Entity\User;
  10. use App\Util\SecurityUtil;
  12. /**
  13.  *
  14.  * @author wendell.zheng <wxzheng@ustc.edu.cn>
  15.  */
  16. class ProjectVoter extends Voter
  17. {
  19.     const APPLICANT_VIEW 'applicant_view';
  21.     const APPLICANT_EDIT 'applicant_edit';
  23.     const APPLICANT_DELETE 'applicant_delete';
  25.     const COLLEGE_VIEW 'college_view';
  27.     const COLLEGE_ACTION 'college_action';
  29.     const COLLEGE_SORT 'college_sort';
  31.     protected $security;
  33.     protected $em;
  35.     public function __construct(Security $securityEntityManagerInterface $em)
  36.     {
  37.         $this->security $security;
  38.         $this->em $em;
  39.     }
  41.     protected function supports($attribute$subject): bool
  42.     {
  43.         if (! in_array($attribute, [
  44.             self::APPLICANT_VIEW,
  45.             self::APPLICANT_EDIT,
  46.             self::APPLICANT_DELETE,
  47.             self::COLLEGE_VIEW,
  48.             self::COLLEGE_ACTION,
  49.             self::COLLEGE_SORT
  50.         ])) {
  51.             return false;
  52.         }
  54.         if (! $subject instanceof Project) {
  55.             return false;
  56.         }
  58.         return true;
  59.     }
  61.     protected function voteOnAttribute($attribute$subjectTokenInterface $token): bool
  62.     {
  63.         $user $token->getUser();
  65.         if (! $user instanceof User) {
  66.             return false;
  67.         }
  68.         if ($user->getUserIdentifier() == 'P0336') {
  69.             return true;
  70.         }
  72.         /** @var Project $project */
  73.         $project $subject;
  75.         switch ($attribute) {
  76.             case self::APPLICANT_VIEW:
  77.                 return $this->canApplicantView($project$user);
  78.             case self::APPLICANT_EDIT:
  79.                 return $this->canApplicantEdit($project$user);
  80.             case self::APPLICANT_DELETE:
  81.                 return $this->canApplicantDelete($project$user);
  82.             case self::COLLEGE_VIEW:
  83.                 return $this->canCollegeView($project$user);
  84.             case self::COLLEGE_ACTION:
  85.                 return $this->canCollegeAction($project$user);
  86.             case self::COLLEGE_SORT:
  87.                 return $this->canCollegeSort($project$user);
  88.         }
  90.         throw new \LogicException('This code should not be reached!');
  91.     }
  93.     protected function canApplicantView(Project $projectUser $user): bool
  94.     {
  95.         return $user == $project->getUser();
  96.     }
  98.     protected function canApplicantEdit(Project $projectUser $user): bool
  99.     {
  100.         if (! $this->canApplicantView($project$user)) {
  101.             return false;
  102.         }
  103.         if (! $this->security->isGranted(BatchVoter::APPLICANT_ACTION$project->getBatch())) {
  104.             return false;
  105.         }
  106.         return in_array($project->getStatus(), [
  107.             Project::STATUS_NEW,
  108.             Project::STATUS_SCHOOL_RECOMMEND
  109.         ]);
  110.     }
  112.     protected function canApplicantDelete(Project $projectUser $user): bool
  113.     {
  114.         if (! $this->canApplicantView($project$user)) {
  115.             return false;
  116.         }
  117.         if (! $this->security->isGranted(BatchVoter::APPLICANT_ACTION$project->getBatch())) {
  118.             return false;
  119.         }
  120.         return $project->isNew();
  121.     }
  123.     protected function canCollegeView(Project $projectUser $user): bool
  124.     {
  125.         return $this->security->isGranted('ROLE_ADMIN') && $user->getAdminCollege() == $project->getCollege();
  126.     }
  128.     protected function canCollegeAction(Project $projectUser $user): bool
  129.     {
  130.         $batch $project->getBatch();
  131.         if (! $this->security->isGranted(BatchVoter::COLLEGE_ACTION$batch)) {
  132.             return false;
  133.         }
  134.         if (! $this->canCollegeView($project$user)) {
  135.             return false;
  136.         }
  137.         return in_array($project->getStatus(), [
  138.             Project::STATUS_NEW,
  139.             Project::STATUS_COLLEGE_RECOMMEND
  140.         ]);
  141.     }
  143.     protected function canCollegeSort(Project $projectUser $user): bool
  144.     {
  145.         if (! $this->canCollegeAction($project$user)) {
  146.             return false;
  147.         }
  148.         return $project->getStatus() == Project::STATUS_COLLEGE_RECOMMEND;
  149.     }
  150. }