src/Security/Voters/AccountListVoter.php line 16

Open in your IDE?
  1. <?php
  3. declare(strict_types=1);
  5. namespace App\Security\Voters;
  7. use App\Entity\Client;
  8. use App\Entity\OA2User;
  9. use App\Repository\ClientRepository;
  10. use App\Repository\Permissions\AccountPermissionSettingRepository;
  11. use App\Repository\Permissions\ClientAccountPermissionRepository;
  12. use App\Security\Dto\AccountListDto;
  13. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  14. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  16. class AccountListVoter extends Voter
  17. {
  18.     public const MODE_UPDATE 'update';
  19.     public const MODE_READ 'read';
  21.     private $accPermSettingRepository;
  22.     private $clientAccPermRepository;
  23.     private $clientRepository;
  25.     public function __construct(
  26.         AccountPermissionSettingRepository $accPermSettingRepository,
  27.         ClientAccountPermissionRepository $clientAccPermRepository,
  28.         ClientRepository $clientRepository
  29.     ) {
  30.         $this->accPermSettingRepository $accPermSettingRepository;
  31.         $this->clientAccPermRepository $clientAccPermRepository;
  32.         $this->clientRepository $clientRepository;
  33.     }
  35.     /**
  36.      * @param string $attribute
  37.      * @param mixed  $subject
  38.      *
  39.      * @return bool
  40.      */
  41.     protected function supports($attribute$subject)
  42.     {
  43.         if (!in_array($attribute$this->getSupportedPermissions())) {
  44.             return false;
  45.         }
  47.         return !(!$subject instanceof AccountListDto)
  49.          ;
  50.     }
  52.     /**
  53.      * @param string $attribute
  54.      * @param mixed  $subject
  55.      *
  56.      * @return bool
  57.      */
  58.     protected function voteOnAttribute($attribute$subjectTokenInterface $token)
  59.     {
  60.         /** @var AccountListDto $accountListDto */
  61.         $accountListDto $subject;
  62.         $currentClient $this->getCurrentClient($token);
  63.         if (!$currentClient) {
  64.             return false;
  65.         }
  66.         /** @var int[] $verificationAccountIds */
  67.         $verificationAccountIds $accountListDto->getAccountIds();
  68.         $permissionId $this->accPermSettingRepository->getIdByHardvalue(AccountVoter::PERMISSION_VIEW_ACCOUNT);
  70.         return $this->clientAccPermRepository->verifyAccountsByPermission($verificationAccountIds$currentClient$permissionId);
  71.     }
  73.     private function getSupportedPermissions(): array
  74.     {
  75.         return [
  76.             AccountVoter::MODE_UPDATE,
  77.             AccountVoter::MODE_READ,
  78.         ];
  79.     }
  81.     private function getCurrentClient(TokenInterface $token): ?Client
  82.     {
  83.         /** @var OA2User $oa2User */
  84.         $oa2User $token->getUser();
  85.         if (!$oa2User instanceof OA2User || $oa2User->isBankUser()) {
  86.             return null// Client user only
  87.         }
  89.         return $this->clientRepository->findOneByOa2User($oa2User);
  90.     }
  91. }