src/Security/Voter/CompanyVoter.php line 22

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace App\Security\Voter;
  7. use App\Entity\Admin;
  8. use App\Entity\Area;
  9. use App\Entity\Company;
  10. use App\Entity\Order;
  11. use App\Entity\Page;
  12. use App\Entity\Page\StaticPage;
  13. use App\Entity\PromotionalCode;
  14. use App\Entity\Quotation;
  15. use App\Entity\Reservation\Row;
  16. use App\Entity\Show;
  17. use App\Entity\Sibil\Declaration;
  18. use App\Repository\AreaRepository;
  19. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  20. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  22. class CompanyVoter extends Voter
  23. {
  24.     public function __construct(
  25.         private readonly AreaRepository $areaRepository,
  26.     ) {
  27.     }
  29.     protected function supports(string $attribute$subject): bool
  30.     {
  31.         return ($attribute === 'COMPANY_ACCESS'
  32.             && (
  33.                 $subject instanceof Company
  34.                 || $subject instanceof Show\Theater
  35.                 || $subject instanceof Show\Session
  36.                 || $subject instanceof PromotionalCode
  37.                 || $subject instanceof Show\Session\SittingPlacePrice
  38.                 || $subject instanceof Row
  39.                 || $subject instanceof Page
  40.                 || $subject instanceof Page\Section
  41.                 || $subject instanceof StaticPage
  42.                 || $subject instanceof Order
  43.                 || $subject instanceof Quotation
  44.                 || $subject instanceof Declaration
  45.             )
  46.         );
  47.     }
  49.     /**
  50.      * @param string $attribute
  51.      * @param Show $subject
  52.      * @param TokenInterface $token
  53.      * @return bool
  54.      */
  55.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  56.     {
  57.         $user $token->getUser();
  58.         if (!$user instanceof Admin || !$user->getCompany()) {
  59.             return true;
  60.         }
  62.         /** @var Company $company */
  63.         $company $user->getCompany();
  64.         try {
  65.             if ($subject instanceof Company) {
  66.                 return $company->getId() === $subject->getId();
  67.             }
  69.             if ($subject instanceof Show\Theater || $subject instanceof PromotionalCode || $subject instanceof Order || $subject instanceof Quotation) {
  70.                 return $company->getId() === $subject->getCompany()->getId();
  71.             }
  73.             if ($subject instanceof Show\Session) {
  74.                 return $company->getId() === $subject->getTheater()->getCompany()->getId();
  75.             }
  77.             if ($subject instanceof Show\Session\SittingPlacePrice || $subject instanceof Declaration || $subject instanceof Row) {
  78.                 return $company->getId() === $subject->getSession()->getTheater()->getCompany()->getId();
  79.             }
  81.             if ($subject instanceof Page || $subject instanceof Page\Section || $subject instanceof StaticPage) {
  82.                 $areas $this->areaRepository->getAreasByCompany((string)$company->getId());
  84.                 if (empty($areas)) {
  85.                     return false;
  86.                 }
  88.                 if ($subject instanceof Page || $subject instanceof StaticPage) {
  89.                     $areaId $subject->getArea()->getId();
  90.                 } elseif ($subject instanceof Page\Section) {
  91.                     $areaId $subject->getPage()->getArea()->getId();
  92.                 }
  94.                 $found array_filter($areas, static function (Area $area) use ($areaId) {
  95.                     return $areaId === $area->getId();
  96.                 });
  98.                 return count($found) > 0;
  99.             }
  100.         } catch (\Exception $e) {
  101.         }
  103.         return false;
  104.     }
  105. }