src/Security/Voters/AccountVoter.php line 15

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voters;
  5. use App\Entity\Account;
  6. use App\Entity\Client;
  7. use App\Entity\OA2User;
  8. use App\Repository\ClientAccountRepository;
  9. use App\Repository\ClientRepository;
  10. use App\Repository\Permissions\AccountPermissionSettingRepository;
  11. use App\Repository\Permissions\ClientAccountPermissionRepository;
  12. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  13. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  15. class AccountVoter extends Voter
  16. {
  17.     public const MODE_READ 'read';
  18.     public const MODE_UPDATE 'update';
  19.     public const MODE_DELETE 'delete';
  20.     public const PERMISSION_VIEW_ACCOUNT 'view_account';
  21.     public const PERMISSION_INTERNAL_PAYMENT 'create_internal_payment';
  22.     public const PERMISSION_SIGN_TRANSACTION 'sign_transactions';
  23.     public const PERMISSION_SEPA_PAYMENT 'create_sepa_payment';
  24.     public const PERMISSION_EXCHANGE_CURRENCY 'exchange_currency';
  26.     /**
  27.      * @var ClientRepository
  28.      */
  29.     private $clientRepository;
  31.     /**
  32.      * @var ClientAccountRepository
  33.      */
  34.     private $clientAccountRepository;
  36.     /**
  37.      * @var ClientAccountPermissionRepository
  38.      */
  39.     private $clientAccPermRepository;
  41.     /**
  42.      * @var AccountPermissionSettingRepository
  43.      */
  44.     private $accPermSettingRepository;
  46.     public function __construct(
  47.         ClientRepository $clientRepository,
  48.         AccountPermissionSettingRepository $permissionSettingRepository,
  49.         ClientAccountPermissionRepository $accountPermissionRepository,
  50.         ClientAccountRepository $clientAccountRepository
  51.     ) {
  52.         $this->clientRepository $clientRepository;
  53.         $this->accPermSettingRepository $permissionSettingRepository;
  54.         $this->clientAccPermRepository $accountPermissionRepository;
  55.         $this->clientAccountRepository $clientAccountRepository;
  56.     }
  58.     protected function supports($attribute$subject)
  59.     {
  60.         if (!in_array($attribute$this->getSupportedPermissions())) {
  61.             return false;
  62.         }
  64.         return !(!$subject instanceof Account)
  66.          ;
  67.     }
  69.     protected function voteOnAttribute($attribute$subjectTokenInterface $token)
  70.     {
  71.         if (!in_array($attribute$this->getSupportedPermissions())) {
  72.             return false;
  73.         }
  74.         /** @var Account $account */
  75.         $account $subject;
  76.         $currentClient $this->getCurrentClient($token);
  77.         if (!$currentClient) {
  78.             return false;
  79.         }
  81.         if ($account->getClient()->getId() === $currentClient->getId()) {
  82.             return true;
  83.         }
  85.         switch ($attribute) {
  86.             case self::PERMISSION_VIEW_ACCOUNT:
  87.                 return $this->canViewAccount($account$currentClient);
  88.                 break;
  89.             case self::PERMISSION_INTERNAL_PAYMENT:
  90.                 return $this->canInternalPayment($account$currentClient);
  91.                 break;
  92.             case self::PERMISSION_SIGN_TRANSACTION:
  93.                 return $this->canSignTransactio($account$currentClient);
  94.                 break;
  95.             case self::PERMISSION_SEPA_PAYMENT:
  96.                 return $this->canSepaPayment($account$currentClient);
  97.                 break;
  98.             case self::PERMISSION_EXCHANGE_CURRENCY:
  99.                 return $this->canExchangeCurrency($account$currentClient);
  100.                 break;
  101.             default:
  102.                 break;
  103.         }
  105.         // TODO: check owner rules!
  106.         $relationAccount $this->clientAccountRepository->findOneByPersonalAccount($currentClient$account);
  108.         return (bool) ($relationAccount)
  110.          ;
  111.     }
  113.     private function canViewAccount(Account $accountClient $currentClient): bool
  114.     {
  115.         $permissionId $this->accPermSettingRepository->getIdByHardvalue(self::PERMISSION_VIEW_ACCOUNT);
  116.         $permission $this->clientAccPermRepository->findOneByPermission($account$currentClient$permissionId);
  118.         return $permission true false;
  119.     }
  121.     private function canInternalPayment(Account $accountClient $currentClient): bool
  122.     {
  123.         $permissionId $this->accPermSettingRepository->getIdByHardvalue(self::PERMISSION_INTERNAL_PAYMENT);
  124.         $permission $this->clientAccPermRepository->findOneByPermission($account$currentClient$permissionId);
  126.         return $permission true false;
  127.     }
  129.     private function canSignTransactio(Account $accountClient $currentClient): bool
  130.     {
  131.         $permissionId $this->accPermSettingRepository->getIdByHardvalue(self::PERMISSION_SIGN_TRANSACTION);
  132.         $permission $this->clientAccPermRepository->findOneByPermission($account$currentClient$permissionId);
  134.         return $permission true false;
  135.     }
  137.     private function canSepaPayment(Account $accountClient $currentClient): bool
  138.     {
  139.         $permissionId $this->accPermSettingRepository->getIdByHardvalue(self::PERMISSION_SEPA_PAYMENT);
  140.         $permission $this->clientAccPermRepository->findOneByPermission($account$currentClient$permissionId);
  142.         return $permission true false;
  143.     }
  145.     private function canExchangeCurrency(Account $accountClient $currentClient): bool
  146.     {
  147.         $permissionId $this->accPermSettingRepository->getIdByHardvalue(self::PERMISSION_EXCHANGE_CURRENCY);
  148.         $permission $this->clientAccPermRepository->findOneByPermission($account$currentClient$permissionId);
  150.         return $permission true false;
  151.     }
  153.     private function getSupportedPermissions(): array
  154.     {
  155.         return [
  156.             self::MODE_READself::MODE_UPDATEself::MODE_DELETE,
  157.             self::PERMISSION_VIEW_ACCOUNT,
  158.             self::PERMISSION_INTERNAL_PAYMENT,
  159.             self::PERMISSION_SIGN_TRANSACTION,
  160.             self::PERMISSION_SEPA_PAYMENT,
  161.             self::PERMISSION_EXCHANGE_CURRENCY,
  162.         ];
  163.     }
  165.     private function getCurrentClient(TokenInterface $token): ?Client
  166.     {
  167.         /** @var OA2User $oa2User */
  168.         $oa2User $token->getUser();
  169.         if (!$oa2User instanceof OA2User || $oa2User->isBankUser()) {
  170.             return null// Client user only
  171.         }
  173.         return $this->clientRepository->findOneByOa2User($oa2User);
  174.     }
  175. }