src/Bidcoz/Bundle/CoreBundle/Security/Authorization/Voter/HiddenCampaignVoter.php line 18

Open in your IDE?
  1. <?php
  3. namespace Bidcoz\Bundle\CoreBundle\Security\Authorization\Voter;
  5. use Bidcoz\Bundle\CoreBundle\Entity\Campaign;
  6. use Bidcoz\Bundle\CoreBundle\Services\OrganizationManager;
  7. use Bidcoz\Bundle\CoreBundle\Services\PermissionManager;
  8. use RS\DiExtraBundle\Annotation as DI;
  9. use Symfony\Component\HttpFoundation\RequestStack;
  10. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  11. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  12. use Symfony\Component\Security\Core\User\UserInterface;
  14. /**
  15.  * @DI\Service
  16.  * @DI\Tag("security.voter")
  17.  */
  18. class HiddenCampaignVoter extends Voter
  19. {
  20.     public const FRONT_END 'FRONT_END';
  22.     protected OrganizationManager $organizationManager;
  23.     protected PermissionManager $permissionManager;
  24.     private RequestStack $requestStack;
  26.     /**
  27.      * @DI\InjectParams({
  28.      *     "organizationManager" = @DI\Inject("organization_manager"),
  29.      *     "permissionManager" = @DI\Inject("permission_manager"),
  30.      *     "requestStack" = @DI\Inject("request_stack")
  31.      * })
  32.      */
  33.     public function __construct(
  34.         OrganizationManager $organizationManager,
  35.         PermissionManager $permissionManager,
  36.         RequestStack $requestStack
  37.     )
  38.     {
  39.         $this->organizationManager $organizationManager;
  40.         $this->permissionManager $permissionManager;
  41.         $this->requestStack $requestStack;
  42.     }
  44.     protected function supports($attribute$subject)
  45.     {
  46.         return $subject instanceof Campaign && self::FRONT_END === $attribute;
  47.     }
  49.     protected function voteOnAttribute($attribute$campaignTokenInterface $token)
  50.     {
  51.         /** @var $campaign Campaign */
  52.         if (!$campaign->isHidden()) {
  53.             return true;
  54.         }
  56.         $route $this->requestStack->getMainRequest() ? $this->requestStack->getMainRequest()->get('_route') : null;
  57.         if ('campaign_register_user' === $route) {
  58.             return true;
  59.         }
  61.         $user $token->getUser();
  63.         // If the user isn't logged in, denied
  64.         if (!$user instanceof UserInterface) {
  65.             return false;
  66.         }
  68.         if ($user->hasRole('ROLE_SUPER_ADMIN')) {
  69.             return true;
  70.         }
  72.         if ($this->organizationManager->isOrganizationAdmin($campaign->getOrganization(), $user)) {
  73.             return true;
  74.         }
  76.         $memberships $this
  77.             ->permissionManager
  78.             ->getUserGroupMembershipForCampaign($campaign$user);
  80.         // allow access to any user that has any permissions
  81.         return count($memberships) > 0;
  82.     }
  83. }