<?phpnamespace Bidcoz\Bundle\CoreBundle\Security\Authorization\Voter;use Bidcoz\Bundle\CoreBundle\Entity\Campaign;use Bidcoz\Bundle\CoreBundle\Entity\GroupMember;use Bidcoz\Bundle\CoreBundle\Services\OrganizationManager;use Bidcoz\Bundle\CoreBundle\Services\PermissionManager;use RS\DiExtraBundle\Annotation as DI;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;use Symfony\Component\Security\Core\User\UserInterface;/** * @DI\Service * @DI\Tag("security.voter") */class CampaignVoter extends Voter{ const FULL = 'FULL'; const VIEW = 'VIEW'; const MANAGE = 'MANAGE'; const AUCTION = 'AUCTION'; const SHOP = 'SHOP'; const FUND_A_NEED = 'FUND_A_NEED'; const FINANCE = 'FINANCE'; const DONATION = 'DONATION'; const PROCUREMENT = 'PROCUREMENT'; const FUND_DRIVE = 'FUND_DRIVE'; const MEMBERSHIP = 'MEMBERSHIP'; const PADDLE_RISE = 'PADDLE_RISE'; const LEADERBOARD = 'LEADERBOARD'; const SPONSORSHIP = 'SPONSORSHIP'; const TICKET = 'TICKET'; const CONTACTS = 'CONTACTS'; const REGISTRATION = 'REGISTRATION'; const RAFFLE = 'RAFFLE'; const VOLUNTEER = 'VOLUNTEER'; const EMAIL = 'EMAIL'; const API = 'API'; protected static $attributes = [ self::FULL, self::VIEW, self::MANAGE, self::AUCTION, self::SPONSORSHIP, self::FINANCE, self::DONATION, self::PROCUREMENT, self::FUND_DRIVE, self::MEMBERSHIP, self::PADDLE_RISE, self::LEADERBOARD, self::CONTACTS, self::TICKET, self::REGISTRATION, self::RAFFLE, self::VOLUNTEER, self::EMAIL, self::API, self::SHOP, self::FUND_A_NEED, ]; protected $organizationManager; protected $permissionManager; /** * @DI\InjectParams({ * "organizationManager" = @DI\Inject("organization_manager"), * "permissionManager" = @DI\Inject("permission_manager"), * }) */ public function __construct(OrganizationManager $organizationManager, PermissionManager $permissionManager) { $this->organizationManager = $organizationManager; $this->permissionManager = $permissionManager; } protected function supports($attribute, $subject) { return $subject instanceof Campaign && in_array($attribute, self::$attributes); } /** * {@inheritdoc} */ protected function voteOnAttribute($attribute, $campaign, TokenInterface $token): bool { $organization = $campaign->getOrganization(); if (self::VIEW === $attribute && $organization->isActive()) { if (!$campaign->isHidden()) { return true; } } // make sure there is a user object (i.e. that the user is logged in) $user = $token->getUser(); if (!$user instanceof UserInterface) { return false; } if ($user->hasRole('ROLE_SUPER_ADMIN')) { return true; } if ($this->organizationManager->isOrganizationAdmin($organization, $user)) { return true; } if ($memberships = $this->permissionManager->getUserGroupMembershipForCampaign($campaign, $user)) { if ($this->hasPermission($memberships, 'FULL')) { return true; } elseif ($this->hasPermission($memberships, $attribute)) { return true; } } return false; } /** * @param GroupMember[] $memberships * @param $permission * * @return bool */ protected function hasPermission(array $memberships, $permission) { foreach ($memberships as $membership) { $group = $membership->getGroup(); if ($group->hasRole($permission)) { return true; } } return false; }}