<?phpnamespace App\Security;use App\Entity\Kernel\User;use App\Entity\Kernel\SecurityAction;use App\Entity\Kernel\UserLog;use App\Entity\Manufacturing\WorkCenter;use Doctrine\ORM\EntityManagerInterface;use LogicException;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;use Symfony\Component\Security\Core\Authorization\Voter\Voter;use Symfony\Component\HttpKernel\KernelInterface;class AccessVoter extends Voter{ // these strings are just invented: you can use anything const VIEW = 'view'; const EDIT = 'edit'; private $em; private $environment; public function __construct(EntityManagerInterface $em, KernelInterface $kernel) { $this->em = $em; $this->environment = $kernel->getEnvironment(); } protected function supports(string $attribute, $subject) { // if the attribute isn't one we support, return false /*if (!in_array($attribute, [self::VIEW, self::EDIT])) { return false; } // only vote on `Post` objects if (!$subject instanceof Post) { return false; }*/ return true; } protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token) { $user = $token->getUser(); if (!$user instanceof User) { // the user must be logged in; if not, deny access //return false; } $items = explode ( ":" , $attribute); if (isset($items[0]) && isset($items[1])) { $idealaction = null; $actionentity = $this->em->getRepository(SecurityAction::class)->findOneBy(array('entity' => $items[0], 'action' => $items[1], 'state' => 0)); if (!$actionentity) { $entity = new SecurityAction(); $entity->setEntity($items[0]); $entity->setAction($items[1]); $entity->setLogging(1); $entity->setState(0); $this->em->persist($entity); $this->em->flush(); $idealaction = $entity; } else { $idealaction = $actionentity; } if ($idealaction->getLogging() != 0) { if ($this->environment === 'dev') { $log = new UserLog(); $log->setEntity($items[0]); $log->setAction($items[1]); $log->setOrganization($user->getOrganization()); if ($subject != null) { $log->setElement($subject->getId()); } $log->setState(0); $this->em->persist($log); $this->em->flush(); } } return true; $userfunction = $user->getUserfunction(); foreach ($userfunction->getRoles() as $role) { $profile = $role->getProfile(); foreach ($profile->getActionprofiles() as $actionprofiles) { foreach ($actionprofiles->getSecurityactions() as $securityactions) { if($securityactions->getId() == $idealaction->getId()) { if ($items[0] == "Plant") { if ($subject != null) { //$subject->getId() if ($role->getPlantrights()->getName() == "AllOrSelection.Selection") { if (($role->getPlant() != null) && ($role->getPlant()->getId() == $subject->getId())) { return true; } } else { return true; } } else { return true; } } else { if ($items[0] == "WorkCenter") { if ($subject != null) { //If WorkCenterCounter find workcenterID and workcenter //... $workcenterid = $subject->getId(); $workcenter = $this->em->getRepository(WorkCenter::class)->findOneById($workcenterid); if ($role->getWorkcenterrights()->getName() == "AllOrSelection.Selection") { if (($role->getWorkcenter() != null) && ($role->getWorkcenter()->getId() == $workcenterid)) { return true; } } else { if ($role->getPlantrights()->getName() == "AllOrSelection.Selection") { if ($role->getPlant() != null) { if ($workcenter->getPlant()->getId() == $role->getPlant()->getId()) { return true; } } } else { return true; } } } else { return true; } } else { return true; } } } } } } return false; } return true; throw new LogicException('This code should not be reached!'); } private function canView($post, User $user) { // if they can edit, they can view if ($this->canEdit($post, $user)) { return true; } // the Post object could have, for example, a method `isPrivate()` return !$post->isPrivate(); } private function canEdit($post, User $user) { // this assumes that the Post object has a `getOwner()` method return $user === $post->getOwner(); }}