VoterSecurityHandler.php 2.78 KB
Newer Older
Julien Jorry committed
1 2 3 4 5
<?php

namespace App\Security\Handler;

use App\Entity\GlobalParameter;
6
use App\Entity\User;
Julien Jorry committed
7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
use Doctrine\ORM\EntityManagerInterface;
use Sonata\AdminBundle\Admin\AdminInterface;
use Sonata\AdminBundle\Security\Handler\RoleSecurityHandler;
use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException;

class VoterSecurityHandler extends RoleSecurityHandler
{
    protected $manager;

    /**
     * {@inheritdoc}
     */
    public function isGranted(AdminInterface $admin, $attributes, $object = null)
    {
        if (!\is_array($attributes)) {
            $attributes = [$attributes];
        }

        foreach ($attributes as $pos => $attribute) {
            $attributes[$pos] = sprintf($this->getBaseRole($admin), $attribute);
        }

        $allRole = sprintf($this->getBaseRole($admin), 'ALL');

        /* Si on utilise le front Wordpress, on ne fait pas apparaitre la gestion du front (faq, page, document, menu, news...) */
32
        $isWordpress = 'false' != $this->manager->getRepository(GlobalParameter::class)->val(GlobalParameter::USE_WORDPRESS);
Julien Jorry committed
33 34
        if ($isWordpress) {
            foreach ($attributes as $attribute) {
35 36 37 38 39
                if (false !== strpos($attribute, 'ROLE_ADMIN_FAQ')
                    || false !== strpos($attribute, 'ROLE_ADMIN_PAGE')
                    || false !== strpos($attribute, 'ROLE_ADMIN_DOCUMENT')
                    || false !== strpos($attribute, 'ROLE_PRODIGIOUS_SONATA_MENU')
                    || false !== strpos($attribute, 'ROLE_ADMIN_NEWS')) {
Julien Jorry committed
40 41 42 43 44 45 46
                    return false;
                }
            }
        }
        try {
            return $this->isAnyGranted($this->superAdminRoles)
                || $this->isAnyGranted($attributes, $object)
47
                || $this->isAnyGranted([$allRole], $object)
48
                || $this->allowToModifyAdherentPersonalData($object);
Julien Jorry committed
49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68
        } catch (AuthenticationCredentialsNotFoundException $e) {
            return false;
        }
    }

    public function setManager(EntityManagerInterface $manager)
    {
        $this->manager = $manager;
    }

    private function isAnyGranted(array $attributes, $subject = null): bool
    {
        foreach ($attributes as $attribute) {
            if ($this->authorizationChecker->isGranted($attribute, $subject)) {
                return true;
            }
        }

        return false;
    }
69

70
    private function allowToModifyAdherentPersonalData($object): bool
71
    {
72 73 74 75 76 77 78 79
        return $_ENV['TAV_ENV']
            && $object instanceof User && $object->getAdherent()
            && $this->authorizationChecker->isGranted('ROLE_CHANGE_ADHERENT_PERSONAL_DATA');
    }

    public function grantChangeAdherentPasswordToNonSuperAdmin($str): bool
    {
        return $_ENV['TAV_ENV'] && ($str === 'ROLE_CHANGE_ADHERENT_PERSONAL_DATA');
80
    }
Julien Jorry committed
81
}