src/Service/Panel/AccessVoters/OrganizationVoter.php line 9

Open in your IDE?
  1. <?php
  3. namespace Harmonizely\Service\Panel\AccessVoters;
  5. use Harmonizely\Model\Member;
  6. use Harmonizely\Model\Organization;
  7. use Harmonizely\Model\UserInterface;
  8. use Harmonizely\Service\Subscription\Voter\SubscriptionVoter;
  10. class OrganizationVoter extends AbstractVoter
  11. {
  13.     /**
  14.      * Resource name
  15.      */
  16.     const RESOURCE_NAME 'organization';
  18.     /**
  19.      * View events
  20.      */
  21.     const ORGANIZATION_REPORT_VIEW 'organization_report_view';
  23.     /**
  24.      * View organization
  25.      */
  26.     const ORGANIZATION_VIEW 'organization_view';
  28.     /**
  29.      * Delete organization
  30.      */
  31.     const ORGANIZATION_DELETE 'organization_delete';
  33.     /**
  34.      * Organization integration
  35.      */
  36.     const ORGANIZATION_INTEGRATION 'organization_integration';
  38.     const ORGANIZATION_EDIT 'organization_edit';
  39.     const ORGANIZATION_BILLING 'organization_billing';
  40.     const ORGANIZATION_MANAGE_USER 'organization_manage_user';
  41.     const ORGANIZATION_MANAGE_OWNER 'organization_manage_owner';
  42.     const ORGANIZATION_MANAGE_ROUND_ROBIN 'organization_manage_round_robin';
  43.     const ORGANIZATION_MANAGE_TRANSLATION 'organization_manage_translation';
  44.     const ORGANIZATION_MANAGE_APPEARANCE 'organization_manage_appearance';
  45.     const ORGANIZATION_MANAGE_WIDGET 'organization_manage_widget';
  46.     const ORGANIZATION_LEAVE 'organization_leave';
  47.     const ORGANIZATION_CALENDAR_SETTINGS 'organization_calendar_settings';
  48.     const ORGANIZATION_MANAGE_ROLE 'organization_manage_role';
  49.     const ORGANIZATION_INTERNAL_EVENT_VIEW 'organization_internal_event_view';
  50.     const ORGANIZATION_ALLOW_LOGIN_AS_USER 'organization_allow_login_as_user';
  52.     public static array $organizationRoleActionMock = [
  53.         Member::ROLE_OWNER => [
  54.             OrganizationVoter::ORGANIZATION_LEAVE => ['fixed' => true'enable' => true],
  55.             OrganizationVoter::ORGANIZATION_VIEW => ['fixed' => true'enable' => true],
  56.             OrganizationVoter::ORGANIZATION_REPORT_VIEW => ['fixed' => true'enable' => true],
  57.             OrganizationVoter::ORGANIZATION_CALENDAR_SETTINGS => ['fixed' => true'enable' => true],
  58.             OrganizationVoter::ORGANIZATION_INTERNAL_EVENT_VIEW => ['fixed' => true'enable' => true],
  59.             OrganizationVoter::ORGANIZATION_MANAGE_ROUND_ROBIN => ['fixed' => true'enable' => true],
  60.             OrganizationVoter::ORGANIZATION_INTEGRATION => ['fixed' => true'enable' => true],
  61.             OrganizationVoter::ORGANIZATION_EDIT => ['fixed' => true'enable' => true],
  62.             OrganizationVoter::ORGANIZATION_MANAGE_USER => ['fixed' => true'enable' => true],
  63.             OrganizationVoter::ORGANIZATION_MANAGE_ROLE => ['fixed' => true'enable' => true],
  64.             OrganizationVoter::ORGANIZATION_MANAGE_TRANSLATION => ['fixed' => true'enable' => true],
  65.             OrganizationVoter::ORGANIZATION_MANAGE_APPEARANCE => ['fixed' => true'enable' => true],
  66.             OrganizationVoter::ORGANIZATION_MANAGE_WIDGET => ['fixed' => true'enable' => true],
  67.             OrganizationVoter::ORGANIZATION_DELETE => ['fixed' => true'enable' => true],
  68.             OrganizationVoter::ORGANIZATION_BILLING => ['fixed' => true'enable' => true],
  69.             OrganizationVoter::ORGANIZATION_MANAGE_OWNER => ['fixed' => true'enable' => true],
  70.             OrganizationVoter::ORGANIZATION_ALLOW_LOGIN_AS_USER => ['fixed' => true'enable' => true],
  71.         ],
  72.         Member::ROLE_MANAGER => [
  73.             OrganizationVoter::ORGANIZATION_LEAVE => ['fixed' => true'enable' => true],
  74.             OrganizationVoter::ORGANIZATION_VIEW => ['fixed' => false'enable' => true],
  75.             OrganizationVoter::ORGANIZATION_REPORT_VIEW => ['fixed' => false'enable' => true],
  76.             OrganizationVoter::ORGANIZATION_CALENDAR_SETTINGS => ['fixed' => false'enable' => true],
  77.             OrganizationVoter::ORGANIZATION_INTERNAL_EVENT_VIEW => ['fixed' => false'enable' => true],
  78.             OrganizationVoter::ORGANIZATION_MANAGE_ROUND_ROBIN => ['fixed' => false'enable' => false],
  79.             OrganizationVoter::ORGANIZATION_INTEGRATION => ['fixed' => false'enable' => false],
  80.             OrganizationVoter::ORGANIZATION_EDIT => ['fixed' => false'enable' => false],
  81.             OrganizationVoter::ORGANIZATION_MANAGE_USER => ['fixed' => false'enable' => true],
  82.             OrganizationVoter::ORGANIZATION_MANAGE_ROLE => ['fixed' => false'enable' => false],
  83.             OrganizationVoter::ORGANIZATION_MANAGE_TRANSLATION => ['fixed' => false'enable' => true],
  84.             OrganizationVoter::ORGANIZATION_MANAGE_APPEARANCE => ['fixed' => false'enable' => true],
  85.             OrganizationVoter::ORGANIZATION_MANAGE_WIDGET => ['fixed' => false'enable' => true],
  86.             OrganizationVoter::ORGANIZATION_DELETE => ['fixed' => true'enable' => false],
  87.             OrganizationVoter::ORGANIZATION_BILLING => ['fixed' => true'enable' => false],
  88.             OrganizationVoter::ORGANIZATION_MANAGE_OWNER => ['fixed' => true'enable' => false],
  89.             OrganizationVoter::ORGANIZATION_ALLOW_LOGIN_AS_USER => ['fixed' => false'enable' => false],
  90.         ],
  91.         Member::ROLE_MEMBER => [
  92.             OrganizationVoter::ORGANIZATION_LEAVE => ['fixed' => true'enable' => true],
  93.             OrganizationVoter::ORGANIZATION_VIEW => ['fixed' => false'enable' => false],
  94.             OrganizationVoter::ORGANIZATION_REPORT_VIEW => ['fixed' => false'enable' => false],
  95.             OrganizationVoter::ORGANIZATION_CALENDAR_SETTINGS => ['fixed' => false'enable' => true],
  96.             OrganizationVoter::ORGANIZATION_INTERNAL_EVENT_VIEW => ['fixed' => false'enable' => false],
  97.             OrganizationVoter::ORGANIZATION_MANAGE_ROUND_ROBIN => ['fixed' => false'enable' => false],
  98.             OrganizationVoter::ORGANIZATION_INTEGRATION => ['fixed' => true'enable' => false],
  99.             OrganizationVoter::ORGANIZATION_EDIT => ['fixed' => true'enable' => false],
  100.             OrganizationVoter::ORGANIZATION_MANAGE_USER => ['fixed' => true'enable' => false],
  101.             OrganizationVoter::ORGANIZATION_MANAGE_ROLE => ['fixed' => true'enable' => false],
  102.             OrganizationVoter::ORGANIZATION_MANAGE_TRANSLATION => ['fixed' => true'enable' => false],
  103.             OrganizationVoter::ORGANIZATION_MANAGE_APPEARANCE => ['fixed' => true'enable' => false],
  104.             OrganizationVoter::ORGANIZATION_MANAGE_WIDGET => ['fixed' => true'enable' => false],
  105.             OrganizationVoter::ORGANIZATION_DELETE => ['fixed' => true'enable' => false],
  106.             OrganizationVoter::ORGANIZATION_BILLING => ['fixed' => true'enable' => false],
  107.             OrganizationVoter::ORGANIZATION_MANAGE_OWNER => ['fixed' => true'enable' => false],
  108.             OrganizationVoter::ORGANIZATION_ALLOW_LOGIN_AS_USER => ['fixed' => true'enable' => false],
  109.         ],
  110.     ];
  112.     /**
  113.      * Return resource name
  114.      *
  115.      * @return string
  116.      */
  117.     function getResourceName(): string
  118.     {
  119.         return self::RESOURCE_NAME;
  120.     }
  122.     /**
  123.      * Return allowed attributes for current user
  124.      *
  125.      * @return array|string[]
  126.      */
  127.     function getResourceAttributes(): array
  128.     {
  129.         return [
  130.             self::ORGANIZATION_LEAVE,
  131.             self::ORGANIZATION_VIEW,
  132.             self::ORGANIZATION_REPORT_VIEW,
  133.             self::ORGANIZATION_CALENDAR_SETTINGS,
  134.             self::ORGANIZATION_INTERNAL_EVENT_VIEW,
  135.             self::ORGANIZATION_MANAGE_ROUND_ROBIN,
  136.             self::ORGANIZATION_INTEGRATION,
  137.             self::ORGANIZATION_EDIT,
  138.             self::ORGANIZATION_MANAGE_USER,
  139.             self::ORGANIZATION_MANAGE_ROLE,
  140.             self::ORGANIZATION_MANAGE_TRANSLATION,
  141.             self::ORGANIZATION_MANAGE_APPEARANCE,
  142.             self::ORGANIZATION_MANAGE_WIDGET,
  143.             self::ORGANIZATION_DELETE,
  144.             self::ORGANIZATION_BILLING,
  145.             self::ORGANIZATION_MANAGE_OWNER,
  146.             self::ORGANIZATION_ALLOW_LOGIN_AS_USER,
  147.         ];
  148.     }
  150.     /**
  151.      * Return allowed attributes for current user
  152.      *
  153.      * @param UserInterface $user
  154.      * @param mixed $subject
  155.      * @return array|string[]
  156.      */
  157.     function getAllowedAttributes(UserInterface $user$subject): array
  158.     {
  159.         $allowedAttributes = [];
  161.         $organization $user->getDefaultOrganization();
  163.         if ($organization instanceof Organization && (!$subject or $subject === $organization)) {
  164.             if (SubscriptionVoter::staticVoteOnAttribute(SubscriptionVoter::ORGANIZATION$user)) {
  165.                 $member $user->getMember();
  166.                 if ($member) {
  167.                     foreach ($organization->getRoles() as $roleEntity) {
  168.                         if ($roleEntity->getName() === $member->getRole()) {
  169.                             foreach ($roleEntity->getPermissions() as $permission) {
  170.                                 if ($permission->isEnable()) {
  171.                                     $allowedAttributes[] = $permission->getPermission()->getAction();
  172.                                 }
  173.                             }
  174.                         }
  175.                     }
  176.                 }
  177.             } else {
  178.                 if ($organization->isOrganizationOwner($user)) {
  179.                     $allowedAttributes = [
  180.                         self::ORGANIZATION_VIEW,
  181.                         self::ORGANIZATION_BILLING,
  182.                         self::ORGANIZATION_MANAGE_USER,
  183.                         self::ORGANIZATION_MANAGE_OWNER,
  184.                         self::ORGANIZATION_CALENDAR_SETTINGS,
  185.                     ];
  186.                 }
  187.             }
  189.             if ($user->isOnlySsoUser()) {
  190.                 $allowedAttributes array_diff($allowedAttributes, [self::ORGANIZATION_LEAVE]);
  191.             }
  192.         }
  194.         return $allowedAttributes;
  195.     }
  197.     /**
  198.      * Determines if the attribute and subject are supported by this voter.
  199.      *
  200.      * @param string $attribute An attribute
  201.      * @param mixed $subject The subject to secure, e.g. an object the user wants to access or any other PHP type
  202.      *
  203.      * @return bool True if the attribute and subject are supported, false otherwise
  204.      */
  205.     protected function supports($attribute$subject): bool
  206.     {
  207.         if ($subject !== null && !($subject instanceof Organization)) {
  208.             return false;
  209.         }
  210.         if (!in_array($attribute$this->getResourceAttributes())) {
  211.             return false;
  212.         }
  214.         return true;
  215.     }
  217.     /**
  218.      * @param string $attribute
  219.      * @param UserInterface $user
  220.      * @return bool
  221.      */
  222.     public static function staticVoteOnAttribute(string $attributeUserInterface $user): bool
  223.     {
  224.         $instance = new self();
  226.         if (!in_array($attribute$instance->getResourceAttributes())) {
  227.             return false;
  228.         }
  230.         return in_array($attribute$instance->getAllowedAttributes($usernull));
  231.     }
  232. }