src/Security/Voter/ProjectVoter.php line 15

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voter;
  5. use App\Entity\AppelAProjet;
  6. use App\Entity\Project;
  7. use App\Entity\QuestionnaireResponse;
  8. use App\Repository\UserProjectRepository;
  9. use DateTime;
  10. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  11. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  12. use Symfony\Component\Security\Core\Security;
  13. use Symfony\Component\Security\Core\User\UserInterface;
  15. class ProjectVoter extends Voter
  16. {
  17.     private Security $security;
  19.     private UserProjectRepository|null $userProjectRepository;
  21.     public function __construct(Security $security)
  22.     {
  23.         $this->security $security;
  24.     }
  26.     /**
  27.      * @required
  28.      *
  29.      * @param UserProjectRepository $userProjectRepository
  30.      */
  31.     public function setUserProjectRepository(UserProjectRepository $userProjectRepository)
  32.     {
  33.         $this->userProjectRepository $userProjectRepository;
  34.     }
  36.     protected function supports(string $attribute$subject): bool
  37.     {
  38.         return in_array($attribute, ['EDIT''VIEW''ADD_FILES''SUBMIT''PRE_EVAL''COORDO''THEMA''CLONE_LI''ADD_DC''DC_SUBMIT''EXPERT''RAPPORT''EXPERT_3'])
  39.             && $subject instanceof Project;
  40.     }
  42.     protected function voteOnAttribute(string $attribute$subjectTokenInterface $token): bool
  43.     {
  44.         /** @var Project $subject */
  45.         $user $token->getUser();
  46.         // if the user is anonymous, do not grant access
  47.         if (!$user instanceof UserInterface) {
  48.             return false;
  49.         }
  51.         // ... (check conditions and return true to grant permission) ...
  52.         switch ($attribute) {
  53.             case 'EDIT':
  54.                 if ($this->security->isGranted('ROLE_ADMIN_GIRCI')) {
  55.                     return true;
  56.                 }
  57.                 break;
  58.             case 'VIEW':
  59.                 if ($this->security->isGranted('ROLE_PORTEUR')) {
  60.                     // si il est l'auteur et si il appartient toujours à la même drci
  61.                     if ($subject->getAuthor() === $user) {
  62.                         if ($subject->getDrci() === $user->getDrci()) {
  63.                             return true;
  64.                         }
  65.                     }
  66.                 }
  67.                 if ($this->security->isGranted('ROLE_DRCI')) {
  68.                     if ($subject->getDrci() === $user->getDrci()) {
  69.                         return true;
  70.                     }
  71.                 }
  72.                 if ($this->security->isGranted('ROLE_ADMIN_GIRCI') || $this->security->isGranted('ROLE_COORDONNATEUR') || $this->security->isGranted('ROLE_METHODO')) {
  73.                     return true;
  74.                 }
  75.                 if ($this->security->isGranted('ROLE_PRE_EVAL')
  76.                     || $this->security->isGranted('ROLE_RAPPORT'))
  77.                 {
  78.                     if ($subject->getAppelAProjet()->getOuvert() === true) {
  79.                         return true;
  80.                     } else {
  81.                         $up $this->userProjectRepository->findBy(['user' => $this->security->getUser(), 'project' => $subject]);
  82.                         if (count($up) > 0) {
  83.                             return true;
  84.                         }
  85.                     }
  86.                 }
  87.                 if ($this->security->isGranted('ROLE_THEMA')
  88.                     || $this->security->isGranted('ROLE_EXPERT')
  89.                     || $this->security->isGranted('ROLE_EXPERT_3'))
  90.                 {
  91.                     $up $this->userProjectRepository->findBy(['user' => $this->security->getUser(), 'project' => $subject]);
  92.                     if (count($up) > 0) {
  93.                         return true;
  94.                     }
  95.                 }
  96.                 if ($this->security->isGranted('ROLE_GIRCI_PARTENAIRE')) {
  97.                     $up $this->userProjectRepository->findBy(['project' => $subject'girci' => $this->security->getUser()->getGirci()]);
  98.                     if (count($up) > 0) {
  99.                         return true;
  100.                     }
  101.                 }
  102.                 return false;
  103.             case 'ADD_FILES':
  104.                 if ($this->security->isGranted('ROLE_PORTEUR')) {
  105.                     // si il est l'auteur et si il appartient toujours à la même drci
  106.                     if ($subject->getAuthor() !== $user) {
  107.                         return false;
  108.                     }
  109.                     if ($subject->getDrci() !== $user->getDrci()) {
  110.                         return false;
  111.                     }
  112.                     $aap $subject->getAppelAProjet();
  113.                     if ($aap->getStatus() !== AppelAProjet::AAP_STATUS_LI) {
  114.                         return false;
  115.                     }
  116.                     if ($subject->getStatus() !== Project::PROJECT_STATUS_BROUILLON) {
  117.                         return false;
  118.                     }
  119.                     return true;
  120.                 }
  121.                 break;
  122.             case 'SUBMIT':
  123.                 if ($this->security->isGranted('ROLE_PORTEUR')) {
  124.                     // si il est l'auteur et si il appartient toujours à la même drci
  125.                     if ($subject->getAuthor() !== $user) {
  126.                         return false;
  127.                     }
  128.                     if ($subject->getDrci() !== $user->getDrci()) {
  129.                         return false;
  130.                     }
  131.                     $aap $subject->getAppelAProjet();
  132.                     if ($aap->getStatus() !== AppelAProjet::AAP_STATUS_LI) {
  133.                         return false;
  134.                     }
  135.                     if ($subject->getStatus() !== Project::PROJECT_STATUS_BROUILLON) {
  136.                         return false;
  137.                     }
  138.                     return true;
  139.                 }
  140.                 if ($this->security->isGranted('ROLE_DRCI')) {
  141.                     if ($subject->getAuthor() !== $user && $subject->getDrci() !== $user->getDrci()) {
  142.                         return false;
  143.                     }
  144.                     $aap $subject->getAppelAProjet();
  145.                     if ($aap->getQuestionnaireLi()) {
  146.                         return false;
  147.                     }
  148.                     if ($aap->getStatus() !== AppelAProjet::AAP_STATUS_DC) {
  149.                         return false;
  150.                     }
  151.                     if ($subject->getStatus() !== Project::PROJECT_STATUS_BROUILLON) {
  152.                         return false;
  153.                     }
  154.                     return true;
  155.                 }
  156.                 break;
  157.             case 'PRE_EVAL':
  158.                 if (!$this->security->isGranted('ROLE_PRE_EVAL')) {
  159.                     return false;
  160.                 }
  161.                 if ($subject->getStatus() != Project::PROJECT_STATUS_ELIGIBLE) {
  162.                     return false;
  163.                 }
  164.                 // est-ce que l'utilisateur est associé au projet en tant que pré-évaluateur ?
  165.                 $up $this->userProjectRepository->findOneBy(['user' => $this->security->getUser(), 'project' => $subject'type' => QuestionnaireResponse::QR_TYPE_PREEVAL]);
  166.                 if (!$up) {
  167.                     return false;
  168.                 }
  169.                 $aap $subject->getAppelAProjet();
  170.                 if ($aap->getDateOpenPreeval() && $aap->getDateOpenPreeval() < new DateTime()) {
  171.                     // la date de fin n'est pas bloquante
  172.                     return true;
  173.                 }
  174.                 break;
  175.             case 'THEMA':
  176.                 if (!$this->security->isGranted('ROLE_THEMA')) {
  177.                     return false;
  178.                 }
  179.                 if ($subject->getStatus() != Project::PROJECT_STATUS_ELIGIBLE) {
  180.                     return false;
  181.                 }
  182.                 // est-ce que l'utilisateur est associé au projet en tant que évaluateur thématique ?
  183.                 $up $this->userProjectRepository->findOneBy(['user' => $this->security->getUser(), 'project' => $subject'type' => QuestionnaireResponse::QR_TYPE_EVAL_THEMA]);
  184.                 if (!$up) {
  185.                     return false;
  186.                 }
  187.                 $aap $subject->getAppelAProjet();
  188.                 if ($aap->getDateOpenPreeval() && $aap->getDateOpenPreeval() < new DateTime()) {
  189.                     // la date de fin n'est pas bloquante
  190.                     return true;
  191.                 }
  192.                 break;
  193.             case 'COORDO':
  194.                 if (!$this->security->isGranted('ROLE_COORDONNATEUR')) {
  195.                     return false;
  196.                 }
  197.                 if ($subject->getStatus() != Project::PROJECT_STATUS_ELIGIBLE) {
  198.                     return false;
  199.                 }
  200.                 $aap $subject->getAppelAProjet();
  202.                 if ($aap->getDateOpenPreeval() && $aap->getDateOpenPreeval() < new DateTime()) {
  203.                     // la date de fin n'est pas bloquante
  204.                     // et il faut un questionnaire coordo (il n'y en a pas forcément)
  205.                     if ($aap->getQuestionnaireEvalCoordo() !== null) {
  206.                         return true;
  207.                     }
  208.                 }
  209.                 break;
  210.             case 'CLONE_LI':
  211.                 if (!$this->security->isGranted('ROLE_DRCI')) {
  212.                     return false;
  213.                 }
  214.                 if ($subject->getDrci() !== $user->getDrci()) {
  215.                     return false;
  216.                 }
  217.                 if ($subject->getStatus() != Project::PROJECT_STATUS_PRE_SELECTIONNE) {
  218.                     return false;
  219.                 }
  220.                 $aap $subject->getAppelAProjet();
  221.                 if (!$aap->getQuestionnaireLi()) {
  222.                     return false;
  223.                 }
  224.                 $now = new DateTime();
  225.                 if ($aap->getDateOpenDc() < $now && $now $aap->getDateCloseDc()) {
  226.                     return true;
  227.                 }
  228.                 break;
  229.             case 'ADD_DC':
  230.             case 'DC_SUBMIT':
  231.                 if (!$this->security->isGranted('ROLE_DRCI')) {
  232.                     return false;
  233.                 }
  234.                 if ($subject->getDrci() !== $user->getDrci()) {
  235.                     return false;
  236.                 }
  237.                 // comme ça, pas de problème pour les aap en 1 étape
  238.                 if ($subject->getStatus() != Project::PROJECT_STATUS_PRE_SELECTIONNE) {
  239.                     return false;
  240.                 }
  241.                 $now = new DateTime();
  242.                 $aap $subject->getAppelAProjet();
  243.                 if ($aap->getDateOpenDc() < $now && $now $aap->getDateCloseDc()) {
  244.                     return true;
  245.                 }
  246.                 break;
  247.             case 'EXPERT':
  248.                 if (!$this->security->isGranted('ROLE_EXPERT')) {
  249.                     return false;
  250.                 }
  251.                 if ($subject->getStatus() != Project::PROJECT_STATUS_COMPLET) {
  252.                     return false;
  253.                 }
  254.                 // est-ce que l'utilisateur est associé au projet en tant que expert ?
  255.                 $up $this->userProjectRepository->findOneBy(['user' => $this->security->getUser(), 'project' => $subject'type' => QuestionnaireResponse::QR_TYPE_EXPERT]);
  256.                 if (!$up) {
  257.                     return false;
  258.                 }
  259.                 $aap $subject->getAppelAProjet();
  260.                 if ($aap->getDateOpenExpert() && $aap->getDateOpenExpert() < new DateTime()) {
  261.                     // la date de fin n'est pas bloquante
  262.                     return true;
  263.                 }
  264.                 break;
  265.             case 'RAPPORT':
  266.                 if (!$this->security->isGranted('ROLE_RAPPORT')) {
  267.                     return false;
  268.                 }
  269.                 $aap $subject->getAppelAProjet();
  270.                 if ($aap->getQuestionnaireExpert()) {
  271.                     if ($subject->getStatus() != Project::PROJECT_STATUS_EXPERTISE) {
  272.                         return false;
  273.                     }
  274.                 } else {
  275.                     if ($subject->getStatus() != Project::PROJECT_STATUS_COMPLET) {
  276.                         return false;
  277.                     }
  278.                 }
  279.                 // est-ce que l'utilisateur est associé au projet en tant que rapporteur ?
  280.                 $up $this->userProjectRepository->findOneBy(['user' => $this->security->getUser(), 'project' => $subject'type' => QuestionnaireResponse::QR_TYPE_RAPPORT]);
  281.                 if (!$up) {
  282.                     return false;
  283.                 }
  284.                 if ($aap->getDateOpenRapport() && $aap->getDateOpenRapport() < new DateTime()) {
  285.                     // la date de fin n'est pas bloquante
  286.                     return true;
  287.                 }
  288.                 break;
  289.             case 'EXPERT_3':
  290.                 if (!$this->security->isGranted('ROLE_EXPERT_3')) {
  291.                     return false;
  292.                 }
  293.                 if ($subject->getStatus() != Project::PROJECT_STATUS_RAPPORTE) {
  294.                     return false;
  295.                 }
  296.                 // est-ce que l'utilisateur est associé au projet en tant que expert 3 ?
  297.                 $up $this->userProjectRepository->findOneBy(['user' => $this->security->getUser(), 'project' => $subject'type' => QuestionnaireResponse::QR_TYPE_EXPERT_3]);
  298.                 if (!$up) {
  299.                     return false;
  300.                 }
  301.                 $aap $subject->getAppelAProjet();
  302.                 if ($aap->getDateOpenExpert3() && $aap->getDateOpenExpert3() < new DateTime()) {
  303.                     // la date de fin n'est pas bloquante
  304.                     return true;
  305.                 }
  306.                 break;
  307.         }
  309.         return false;
  310.     }
  311. }