src/Security/ConsultationVoter.php line 10
<?phpnamespace App\Security;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;use App\Entity\User;use App\Entity\Consultation;class ConsultationVoter extends Voter{const CAN_VIEW = 'cv_canview';const CAN_EDIT = 'cv_canedit';const CAN_REMOVE = 'cv_canremove';const CAN_RESTORE = 'cv_canrestore';const CAN_INTERVENTION = 'cv_canintervention';const CAN_SHARE = 'cv_canshare';const CAN_CHANGESTATUS = 'cv_canchangestatus';const CAN_ASKREASSIGN = 'cv_canaskreassign';const CAN_REASSIGN = 'cv_canreassign';const CAN_COMPLETE = 'cv_cancomplete';/*** @param Consultation $subject* @param User $user* @return bool*/private function hasAuth(Consultation $subject, User $user){if ($subject->isOwner($user)) {return true;} else {$users = $subject->getUsers();if (!$users->contains($user)) {return false;}$userIndex = $users->indexOf($user);if (is_numeric($userIndex)) {/** @var \App\Entity\ConsultationUser $consultationUser */$consultationUser = $subject->getConsultationUsers()->get($userIndex);/** @var $startDate \DateTime */$startDate = $consultationUser->getStartDate();/** @var $endDate \DateTime */$endDate = $consultationUser->getEndDate();/** @var $now \DateTime */$now = new \DateTime();return $subject->getRemove() === null&& $startDate !== null&& $endDate !== null&& $startDate < $now&& $now < $endDate;}}return false;}/*** Le statut limité ne donne que très peu de droit à une consultation, même* à son propriétaire originel.** @param Consultation $subject* @return bool*/private function isLimited(Consultation $subject){return $subject->getRemove() !== null || $subject->getIsReassignStatus() || $subject->getIsCompleteStatus();}/*** @param string $attribute* @param Consultation $subject* @param TokenInterface $token* @return bool*/protected function voteOnAttribute($attribute, $subject, TokenInterface $token) : bool{$user = $token->getUser();if (!$user instanceof User) {return false;}if ($attribute === self::CAN_VIEW) {// Propriétaire (originel ou non) ou partages.return $this->hasAuth($subject, $user);} else if ($attribute === self::CAN_INTERVENTION) {// Saisie d'intervention.return $this->hasAuth($subject, $user) && !$this->isLimited($subject);} else if ($attribute === self::CAN_EDIT|| $attribute === self::CAN_REMOVE|| $attribute === self::CAN_SHARE|| $attribute === self::CAN_CHANGESTATUS) {// Uniquement le propriétaire originel à condition que la consultation ne se// trouve pas dans un status limitant.return $subject->isRealOwner($user) && !$this->isLimited($subject);} else if ($attribute === self::CAN_ASKREASSIGN || $attribute === self::CAN_COMPLETE) {// Uniquement le propriétaire originel à condition que la consultation// ne soit pas en partage et ne se trouve pas dans un status limitant.return $subject->isRealOwner($user) && $subject->getUsers()->count() === 1 && !$this->isLimited($subject);} else if ($attribute === self::CAN_RESTORE) {return $subject->isRealOwner($user) && $subject->getRemove() !== null;} else if ($attribute === self::CAN_REASSIGN) {// Uniquement propriétaire de type superviseur.return $subject->isOwner($user) && $subject->getIsReassignStatus() && $user->getIsSuperviseur();}return false;}/*** @param string $attribute* @param Consultation $subject* @return bool*/protected function supports($attribute, $subject) : bool{if (!in_array($attribute, [self::CAN_VIEW,self::CAN_EDIT,self::CAN_REMOVE,self::CAN_RESTORE,self::CAN_INTERVENTION,self::CAN_SHARE,self::CAN_CHANGESTATUS,self::CAN_ASKREASSIGN,self::CAN_REASSIGN,self::CAN_COMPLETE])) {return false;}if (!$subject instanceof Consultation) {return false;}return true;}}