src/Platform/SecurityBundle/Security/Voter/NotificationsVoter.php line 42

Open in your IDE?
  1. <?php
  3. namespace Platform\SecurityBundle\Security\Voter;
  5. use App\Entity\System\School;
  6. use Platform\SecurityBundle\Entity\Identity\Account;
  7. use Platform\SecurityBundle\Model\PlatformSubject;
  8. use Platform\SecurityBundle\Security\PlatformVoter;
  9. use Products\NotificationsBundle\Entity\AbstractList;
  10. use Products\NotificationsBundle\Entity\Lists\ConditionList;
  11. use Products\NotificationsBundle\Entity\Lists\DistrictList;
  12. use Products\NotificationsBundle\Entity\Lists\SchoolList;
  13. use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
  15. final class NotificationsVoter extends PlatformVoter
  16. {
  17.     /**
  18.      * {@inheritDoc}
  19.      */
  20.     protected function supports(
  21.         Account $account,
  22.         string $attribute,
  23.         ?PlatformSubject $subject null
  24.     ): bool
  25.     {
  26.         // for this to be a notifications vote, the permission should be prefixed a certain way
  27.         if ( ! $this->sentry->isNotificationsPermission($attribute)) {
  28.             return false;
  29.         }
  31.         // if a context is given, it should be a school or a list
  32.         if ($subject && $subject->getContext() && ! ($subject->getContext() instanceof School || $subject->getContext() instanceof AbstractList)) {
  33.             return false;
  34.         }
  36.         return true;
  37.     }
  39.     /**
  40.      * {@inheritdoc}
  41.      */
  42.     protected function poll(
  43.         Account $account,
  44.         string $permission,
  45.         ?PlatformSubject $subject null
  46.     ): int
  47.     {
  48.         // if the context is a list, first try to obtain the school for it and check against that
  49.         $context $subject $subject->getContext() : null;
  50.         $school null;
  51.         switch (true) {
  52.             case ($context instanceof DistrictList || $context instanceof SchoolList) && $context->getOneRosterId():
  53.                 $school $this->rm->getSchoolResolver()->resolveSchoolBySourcedId($context->getOneRosterId());
  54.                 break;
  55.             case $context instanceof ConditionList:
  56.                 $school $context->getSchool();
  57.                 break;
  58.         }
  60.         if ($school && $this->sentry->check($account$permission$school)) {
  61.             return VoterInterface::ACCESS_GRANTED;
  62.         }
  64.         // fall back to checking the specific list if school check didn't succeed
  65.         return $this->sentry->check($account$permission$subject $subject->getContext() : null)
  66.             ? VoterInterface::ACCESS_GRANTED
  67.             VoterInterface::ACCESS_ABSTAIN;
  68.     }
  70.     /**
  71.      * {@inheritdoc}
  72.      */
  73.     protected function try(
  74.         Account $account,
  75.         string $permission
  76.     ): int
  77.     {
  78.         return $this->sentry->try($account$permission)
  79.             ? VoterInterface::ACCESS_GRANTED
  80.             VoterInterface::ACCESS_ABSTAIN;
  81.     }
  82. }