<?php
namespace App\Security\Voter;
use App\Entity\Forum;
use App\Entity\ForumAccess;
use App\Entity\ForumMessage;
use App\Entity\User;
use App\EntityManager\ForumAccessManager;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\Security;
class ForumMessageVoter extends Voter
{
const VIEW = 'view';
const EDIT = 'edit';
const REPLY = 'reply';
const VOTE = 'vote';
const MODERATE = 'moderate';
const REPORT = 'report';
const DELETE = 'delete';
const TRACK = 'track';
const VIEW_LIKES = 'viewLikes';
// 5 minutes
const EDIT_TIME_LIMIT = 3600 * 5;
protected $security;
protected $forumAccessManager;
protected $userForumAccess = null;
protected $forumAccess = null;
public function __construct(Security $security, ForumAccessManager $forumAccessManager)
{
$this->security = $security;
$this->forumAccessManager = $forumAccessManager;
}
protected function supports($attribute, $subject)
{
if (!in_array(
$attribute,
[
self::VIEW,
self::EDIT,
self::REPLY,
self::VOTE,
self::MODERATE,
self::REPORT,
self::DELETE,
self::TRACK,
self::VIEW_LIKES,
]
)) {
return false;
}
if (!$subject instanceof ForumMessage) {
return false;
}
return true;
}
/**
* @param string $attribute
* @param mixed|ForumMessage $subject
* @param TokenInterface $token
* @return bool
*/
protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
{
$user = $token->getUser();
if (!$user instanceof User) {
return false;
}
if (is_null($this->forumAccess)) {
$this->userForumAccess = $this->forumAccessManager->getForumAccessForCurrentUser($subject->getForum());
$this->forumAccess = $this->forumAccessManager->getForumAccess($subject->getForum());
}
if ($this->security->isGranted(User::ROLE_SUPER_ADMIN, $user)) {
return true;
}
switch ($attribute) {
case self::VIEW:
return $this->canView($subject, $user, $token);
case self::EDIT:
return $this->canEdit($subject, $user, $token);
case self::REPLY:
return $this->canReply($subject, $user, $token);
case self::VOTE:
return $this->canVote($subject, $user, $token);
case self::MODERATE:
return $this->canModerate($subject, $user, $token);
case self::REPORT:
return $this->canReport($subject, $user, $token);
case self::DELETE:
return $this->canDelete($subject, $user, $token);
case self::TRACK:
return $this->canTrack($subject, $user, $token);
case self::VIEW_LIKES:
return $this->canViewLikes($subject, $user, $token);
}
throw new \LogicException('This code should not be reached!');
}
private function canView(ForumMessage $message, User $user, TokenInterface $token)
{
return (
($this->forumAccess instanceof ForumAccess && $this->forumAccess->getListMessage()) ||
($this->userForumAccess instanceof ForumAccess && $this->userForumAccess->getListMessage())
);
}
private function canEdit(ForumMessage $message, User $user, TokenInterface $token)
{
return (
(
$message->getCreatedBy() == $user &&
$message->getCreatedAt()->getTimestamp() + self::EDIT_TIME_LIMIT < time()
) ||
($this->userForumAccess instanceof ForumAccess && $this->userForumAccess->getModMessage())
);
}
private function canReply(ForumMessage $message, User $user, TokenInterface $token)
{
$topic = $message->getTopicMessage();
if ($topic->isLocked() && !$this->security->isGranted(User::ROLE_SUPER_ADMIN)) {
return false;
}
return (
($this->forumAccess instanceof ForumAccess && $this->forumAccess->getAddMessage()) ||
($this->userForumAccess instanceof ForumAccess && $this->userForumAccess->getAddMessage())
);
}
private function canModerate(ForumMessage $message, User $user, TokenInterface $token)
{
return $this->userForumAccess instanceof ForumAccess && $this->userForumAccess->getModMessage();
}
private function canReport(ForumMessage $message, User $user, TokenInterface $token)
{
return $this->canReply($message, $user, $token);
}
private function canVote(ForumMessage $message, User $user, TokenInterface $token)
{
return $this->canReply($message, $user, $token);
}
private function canDelete(ForumMessage $message, User $user, TokenInterface $token)
{
return $this->userForumAccess instanceof ForumAccess && $this->userForumAccess->getDeleteMessage();
}
private function canTrack(ForumMessage $message, User $user, TokenInterface $token)
{
return true;
}
private function canViewLikes(ForumMessage $message, User $user, TokenInterface $token)
{
// only super admin can do that, if that code is reached, then the user can't.
return false;
}
}