<?php
namespace Harmonizely\Service\Panel\AccessVoters;
use Harmonizely\Model\Organization;
use Harmonizely\Model\UserInterface;
use Harmonizely\Service\Subscription\Voter\SubscriptionVoter;
class OrganizationVoter extends AbstractVoter
{
/**
* Resource name
*/
const RESOURCE_NAME = 'organization';
/**
* View events
*/
const ORGANIZATION_REPORT_VIEW = 'organization_report_view';
/**
* View organization
*/
const ORGANIZATION_VIEW = 'organization_view';
/**
* Delete organization
*/
const ORGANIZATION_DELETE = 'organization_delete';
/**
* Organization integration
*/
const ORGANIZATION_INTEGRATION = 'organization_integration';
const ORGANIZATION_EDIT = 'organization_edit';
const ORGANIZATION_BILLING = 'organization_billing';
const ORGANIZATION_MANAGE_USER = 'organization_manage_user';
const ORGANIZATION_MANAGE_OWNER = 'organization_manage_owner';
const ORGANIZATION_MANAGE_ROUND_ROBIN = 'organization_manage_round_robin';
const ORGANIZATION_MANAGE_TRANSLATION = 'organization_manage_translation';
const ORGANIZATION_MANAGE_APPEARANCE = 'organization_manage_appearance';
const ORGANIZATION_MANAGE_WIDGET = 'organization_manage_widget';
const ORGANIZATION_LEAVE = 'organization_leave';
const ORGANIZATION_CALENDAR_SETTINGS = 'organization_calendar_settings';
/**
* Return resource name
*
* @return string
*/
function getResourceName(): string
{
return self::RESOURCE_NAME;
}
/**
* Return allowed attributes for current user
*
* @return array|string[]
*/
function getResourceAttributes(): array
{
return [
self::ORGANIZATION_VIEW,
self::ORGANIZATION_REPORT_VIEW,
self::ORGANIZATION_DELETE,
self::ORGANIZATION_INTEGRATION,
self::ORGANIZATION_EDIT,
self::ORGANIZATION_BILLING,
self::ORGANIZATION_MANAGE_USER,
self::ORGANIZATION_MANAGE_OWNER,
self::ORGANIZATION_MANAGE_ROUND_ROBIN,
self::ORGANIZATION_MANAGE_TRANSLATION,
self::ORGANIZATION_MANAGE_APPEARANCE,
self::ORGANIZATION_MANAGE_WIDGET,
self::ORGANIZATION_LEAVE,
self::ORGANIZATION_CALENDAR_SETTINGS,
];
}
/**
* Return allowed attributes for current user
*
* @param UserInterface $user
* @param mixed $subject
* @return array|string[]
*/
function getAllowedAttributes(UserInterface $user, $subject): array
{
$allowedAttributes = [];
$organization = $user->getDefaultOrganization();
if ($organization instanceof Organization && (!$subject or $subject === $organization)) {
if (SubscriptionVoter::staticVoteOnAttribute(SubscriptionVoter::ORGANIZATION, $user)) {
if ($organization->isOrganizationOwner($user)) {
$allowedAttributes = [
self::ORGANIZATION_VIEW,
self::ORGANIZATION_REPORT_VIEW,
self::ORGANIZATION_DELETE,
self::ORGANIZATION_INTEGRATION,
self::ORGANIZATION_EDIT,
self::ORGANIZATION_BILLING,
self::ORGANIZATION_MANAGE_USER,
self::ORGANIZATION_MANAGE_OWNER,
self::ORGANIZATION_MANAGE_ROUND_ROBIN,
self::ORGANIZATION_MANAGE_TRANSLATION,
self::ORGANIZATION_MANAGE_APPEARANCE,
self::ORGANIZATION_MANAGE_WIDGET,
];
} elseif ($organization->isOrganizationManager($user)) {
$allowedAttributes = [
self::ORGANIZATION_VIEW,
self::ORGANIZATION_REPORT_VIEW,
self::ORGANIZATION_MANAGE_USER,
self::ORGANIZATION_MANAGE_TRANSLATION,
self::ORGANIZATION_MANAGE_APPEARANCE,
self::ORGANIZATION_MANAGE_WIDGET,
];
}
} else {
if ($organization->isOrganizationOwner($user)) {
$allowedAttributes[] = self::ORGANIZATION_BILLING;
}
}
if (!$user->isOnlySsoUser()) {
$allowedAttributes[] = self::ORGANIZATION_LEAVE;
}
$allowedAttributes[] = self::ORGANIZATION_CALENDAR_SETTINGS;
}
return $allowedAttributes;
}
/**
* Determines if the attribute and subject are supported by this voter.
*
* @param string $attribute An attribute
* @param mixed $subject The subject to secure, e.g. an object the user wants to access or any other PHP type
*
* @return bool True if the attribute and subject are supported, false otherwise
*/
protected function supports($attribute, $subject): bool
{
if ($subject !== null && !($subject instanceof Organization)) {
return false;
}
if (!in_array($attribute, $this->getResourceAttributes())) {
return false;
}
return true;
}
/**
* @param string $attribute
* @param UserInterface $user
* @return bool
*/
public static function staticVoteOnAttribute(string $attribute, UserInterface $user): bool
{
$instance = new self();
if (!in_array($attribute, $instance->getResourceAttributes())) {
return false;
}
return in_array($attribute, $instance->getAllowedAttributes($user, null));
}
}