src/Platform/SecurityBundle/Security/Voter/NotificationsVoter.php line 53

Open in your IDE?
  1. <?php
  2. namespace Platform\SecurityBundle\Security\Voter;
  3. use App\Entity\System\School;
  4. use Platform\SecurityBundle\Entity\Identity\Account;
  5. use Platform\SecurityBundle\Model\PlatformSubject;
  6. use Platform\SecurityBundle\Security\PlatformVoter;
  7. use Products\NotificationsBundle\Entity\AbstractList;
  8. use Products\NotificationsBundle\Entity\Lists\ConditionList;
  9. use Products\NotificationsBundle\Entity\Lists\DistrictList;
  10. use Products\NotificationsBundle\Entity\Lists\SchoolList;
  11. use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
  12. final class NotificationsVoter extends PlatformVoter
  13. {
  14.     /**
  15.      * {@inheritDoc}
  16.      */
  17.     protected function supports(
  18.         Account $account,
  19.         string $attribute,
  20.         ?PlatformSubject $subject null
  21.     ): bool
  22.     {
  23.         // for this to be a notifications vote, the permission should be prefixed a certain way
  24.         if ( ! $this->sentry->isNotificationsPermission($attribute)) {
  25.             return false;
  26.         }
  27.         // if a context is given, it should be a school or a list
  28.         if ($subject && $subject->getContext() && ! ($subject->getContext() instanceof School || $subject->getContext() instanceof AbstractList)) {
  29.             return false;
  30.         }
  31.         return true;
  32.     }
  33.     /**
  34.      * {@inheritdoc}
  35.      */
  36.     protected function poll(
  37.         Account $account,
  38.         string $permission,
  39.         ?PlatformSubject $subject null
  40.     ): int
  41.     {
  42.         // if the context is a list, first try to obtain the school for it and check against that
  43.         $context $subject $subject->getContext() : null;
  44.         $school null;
  45.         switch (true) {
  46.             case ($context instanceof DistrictList || $context instanceof SchoolList) && $context->getOneRosterId():
  47.                 $school $this->rm->getSchoolResolver()->resolveSchoolBySourcedId($context->getOneRosterId());
  48.                 break;
  49.             case $context instanceof ConditionList:
  50.                 $school $context->getSchool();
  51.                 break;
  52.         }
  53.         if ($school && $this->sentry->check($account$permission$school)) {
  54.             return VoterInterface::ACCESS_GRANTED;
  55.         }
  56.         // fall back to checking the specific list if school check didn't succeed
  57.         return $this->sentry->check($account$permission$subject $subject->getContext() : null)
  58.             ? VoterInterface::ACCESS_GRANTED
  59.             VoterInterface::ACCESS_ABSTAIN;
  60.     }
  61.     /**
  62.      * {@inheritdoc}
  63.      */
  64.     protected function try(
  65.         Account $account,
  66.         string $permission
  67.     ): int
  68.     {
  69.         return $this->sentry->try($account$permission)
  70.             ? VoterInterface::ACCESS_GRANTED
  71.             VoterInterface::ACCESS_ABSTAIN;
  72.     }
  73. }