src/Service/Panel/AccessVoters/OrganizationVoter.php line 9

Open in your IDE?
  1. <?php
  2. namespace Harmonizely\Service\Panel\AccessVoters;
  3. use Harmonizely\Model\Organization;
  4. use Harmonizely\Model\UserInterface;
  5. use Harmonizely\Service\Subscription\Voter\SubscriptionVoter;
  6. class OrganizationVoter extends AbstractVoter
  7. {
  8.     /**
  9.      * Resource name
  10.      */
  11.     const RESOURCE_NAME 'organization';
  12.     /**
  13.      * View events
  14.      */
  15.     const ORGANIZATION_REPORT_VIEW 'organization_report_view';
  16.     /**
  17.      * View organization
  18.      */
  19.     const ORGANIZATION_VIEW 'organization_view';
  20.     /**
  21.      * Delete organization
  22.      */
  23.     const ORGANIZATION_DELETE 'organization_delete';
  24.     /**
  25.      * Organization integration
  26.      */
  27.     const ORGANIZATION_INTEGRATION 'organization_integration';
  28.     const ORGANIZATION_EDIT 'organization_edit';
  29.     const ORGANIZATION_BILLING 'organization_billing';
  30.     const ORGANIZATION_MANAGE_USER 'organization_manage_user';
  31.     const ORGANIZATION_MANAGE_OWNER 'organization_manage_owner';
  32.     const ORGANIZATION_MANAGE_ROUND_ROBIN 'organization_manage_round_robin';
  33.     const ORGANIZATION_MANAGE_TRANSLATION 'organization_manage_translation';
  34.     const ORGANIZATION_MANAGE_APPEARANCE 'organization_manage_appearance';
  35.     const ORGANIZATION_MANAGE_WIDGET 'organization_manage_widget';
  36.     const ORGANIZATION_LEAVE 'organization_leave';
  37.     const ORGANIZATION_CALENDAR_SETTINGS 'organization_calendar_settings';
  38.     /**
  39.      * Return resource name
  40.      *
  41.      * @return string
  42.      */
  43.     function getResourceName(): string
  44.     {
  45.         return self::RESOURCE_NAME;
  46.     }
  47.     /**
  48.      * Return allowed attributes for current user
  49.      *
  50.      * @return array|string[]
  51.      */
  52.     function getResourceAttributes(): array
  53.     {
  54.         return [
  55.             self::ORGANIZATION_VIEW,
  56.             self::ORGANIZATION_REPORT_VIEW,
  57.             self::ORGANIZATION_DELETE,
  58.             self::ORGANIZATION_INTEGRATION,
  59.             self::ORGANIZATION_EDIT,
  60.             self::ORGANIZATION_BILLING,
  61.             self::ORGANIZATION_MANAGE_USER,
  62.             self::ORGANIZATION_MANAGE_OWNER,
  63.             self::ORGANIZATION_MANAGE_ROUND_ROBIN,
  64.             self::ORGANIZATION_MANAGE_TRANSLATION,
  65.             self::ORGANIZATION_MANAGE_APPEARANCE,
  66.             self::ORGANIZATION_MANAGE_WIDGET,
  67.             self::ORGANIZATION_LEAVE,
  68.             self::ORGANIZATION_CALENDAR_SETTINGS,
  69.         ];
  70.     }
  71.     /**
  72.      * Return allowed attributes for current user
  73.      *
  74.      * @param UserInterface $user
  75.      * @param mixed $subject
  76.      * @return array|string[]
  77.      */
  78.     function getAllowedAttributes(UserInterface $user$subject): array
  79.     {
  80.         $allowedAttributes = [];
  81.         $organization $user->getDefaultOrganization();
  82.         if ($organization instanceof Organization && (!$subject or $subject === $organization)) {
  83.             if (SubscriptionVoter::staticVoteOnAttribute(SubscriptionVoter::ORGANIZATION$user)) {
  84.                 if ($organization->isOrganizationOwner($user)) {
  85.                     $allowedAttributes = [
  86.                         self::ORGANIZATION_VIEW,
  87.                         self::ORGANIZATION_REPORT_VIEW,
  88.                         self::ORGANIZATION_DELETE,
  89.                         self::ORGANIZATION_INTEGRATION,
  90.                         self::ORGANIZATION_EDIT,
  91.                         self::ORGANIZATION_BILLING,
  92.                         self::ORGANIZATION_MANAGE_USER,
  93.                         self::ORGANIZATION_MANAGE_OWNER,
  94.                         self::ORGANIZATION_MANAGE_ROUND_ROBIN,
  95.                         self::ORGANIZATION_MANAGE_TRANSLATION,
  96.                         self::ORGANIZATION_MANAGE_APPEARANCE,
  97.                         self::ORGANIZATION_MANAGE_WIDGET,
  98.                     ];
  99.                 } elseif ($organization->isOrganizationManager($user)) {
  100.                     $allowedAttributes = [
  101.                         self::ORGANIZATION_VIEW,
  102.                         self::ORGANIZATION_REPORT_VIEW,
  103.                         self::ORGANIZATION_MANAGE_USER,
  104.                         self::ORGANIZATION_MANAGE_TRANSLATION,
  105.                         self::ORGANIZATION_MANAGE_APPEARANCE,
  106.                         self::ORGANIZATION_MANAGE_WIDGET,
  107.                     ];
  108.                 }
  109.             } else {
  110.                 if ($organization->isOrganizationOwner($user)) {
  111.                     $allowedAttributes[] = self::ORGANIZATION_BILLING;
  112.                 }
  113.             }
  114.             if (!$user->isOnlySsoUser()) {
  115.                 $allowedAttributes[] = self::ORGANIZATION_LEAVE;
  116.             }
  117.             $allowedAttributes[] = self::ORGANIZATION_CALENDAR_SETTINGS;
  118.         }
  119.         return $allowedAttributes;
  120.     }
  121.     /**
  122.      * Determines if the attribute and subject are supported by this voter.
  123.      *
  124.      * @param string $attribute An attribute
  125.      * @param mixed $subject The subject to secure, e.g. an object the user wants to access or any other PHP type
  126.      *
  127.      * @return bool True if the attribute and subject are supported, false otherwise
  128.      */
  129.     protected function supports($attribute$subject): bool
  130.     {
  131.         if ($subject !== null && !($subject instanceof Organization)) {
  132.             return false;
  133.         }
  134.         if (!in_array($attribute$this->getResourceAttributes())) {
  135.             return false;
  136.         }
  137.         return true;
  138.     }
  139.     /**
  140.      * @param string $attribute
  141.      * @param UserInterface $user
  142.      * @return bool
  143.      */
  144.     public static function staticVoteOnAttribute(string $attributeUserInterface $user): bool
  145.     {
  146.         $instance = new self();
  147.         if (!in_array($attribute$instance->getResourceAttributes())) {
  148.             return false;
  149.         }
  150.         return in_array($attribute$instance->getAllowedAttributes($usernull));
  151.     }
  152. }