Opentalent
/
ap2i


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384
							<?php
declare(strict_types=1);

namespace App\Security;

use ApiPlatform\Core\Metadata\Resource\Factory\ResourceMetadataFactoryInterface;
use App\Entity\Access\Access;
use App\Entity\Organization\Organization;
use App\Service\Security\Module;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use ApiPlatform\Core\Util\RequestAttributesExtractor;

/**
 * Class ModuleVoter : permet d'assurer que la resource appelée est comprise dans l'un des modules de la structure
 * @package App\Security
 */
class ModuleVoter extends Voter
{
    const HAVING_MODULE = 'IS_HAVING_MODULE';

    private ResourceMetadataFactoryInterface $resourceMetadataFactory;
    private Module $module;

    public function __construct(Module $module, ResourceMetadataFactoryInterface $resourceMetadataFactory)
    {
        $this->module = $module;
        $this->resourceMetadataFactory = $resourceMetadataFactory;
    }

    /**
     * @inheritDoc
     */
    protected function supports(string $attribute, $subject)
    {
        if (!in_array($attribute, [self::HAVING_MODULE])) {
            return false;
        }
        return true;
    }

    /**
     * @param string $attribute
     * @param mixed $subject
     * @param TokenInterface $token
     * @return bool
     * @throws \ApiPlatform\Core\Exception\ResourceClassNotFoundException
     */
    protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
    {
        if (!$subject->attributes->get('_api_resource_class') || !$resourceMetadata = $this->resourceMetadataFactory->create($subject->attributes->get('_api_resource_class'))) {
            throw new AccessDeniedHttpException(sprintf('Missing resource class'));
        }

        $module = $this->module->getModuleByResourceName($resourceMetadata->getShortName());

        //Check if there is a module for this entity : eq configuration problem
        if (null === $module) {
            throw new AccessDeniedHttpException(sprintf('There no module for the entity (%s) !', $resourceMetadata->getShortName()));
        }

        /** @var Access $currentAccess */
        $currentAccess = $token->getUser();
        /** @var Organization $organization */
        $organization = $currentAccess->getOrganization();

        return $this->isOrganizationHaveThisModule($organization, $module);
    }

    /**
     * Test si l'organisation possède le module parmis les modules possédés via le produit souscrit, les options souscrites
     * ou les modules possédées via des conditions particulières (isCmf par exemple)
     *
     * @param Organization $organization
     * @param string $module
     * @return bool
     */
    private function isOrganizationHaveThisModule(Organization $organization, string $module): bool{
        $organizationModules = $this->module->getOrganizationModules($organization);
        return in_array($module, $organizationModules);
    }
}