Commit 55ac0ec1 authored by hlarget's avatar hlarget 👹
Browse files

Merge branch 'hotfix/3.0.1'

parents 057c1b5b 4e828d77
......@@ -30,6 +30,20 @@ class AntarClient
}
public function hasLevel($companyUid, $level, $strict = false): bool
{
$company = $this()->companies->get($companyUid);
if ($strict) {
return $company->getLevel() === $level;
}
$rolesHierarchy = [
Company::SECURITY_LEVEL_ADMIN => 100,
Company::SECURITY_LEVEL_CLIENT => 10,
Company::SECURITY_LEVEL_READ_ONLY => 0,
];
return $rolesHierarchy[$company->getLevel()] >= $rolesHierarchy[$level];
}
public function getFeature($companyUid, $featureName): ?Feature
{
//$this() for the invoke method.
......
......@@ -3,6 +3,7 @@
namespace Aboutgoods\KonnectBundle\Security;
use AboutGoods\Antar\Models\Company;
use AboutGoods\Antar\Models\Feature;
use Aboutgoods\KonnectBundle\AntarClient;
use Aboutgoods\KonnectBundle\Model\User;
......@@ -11,14 +12,18 @@ use Symfony\Component\Security\Core\Authorization\Voter\Voter;
class AntarVoter extends Voter
{
private $features_available = [
private $featuresAvailable = [
Feature::FEATURE_CSV_EXPORT,
Feature::FEATURE_QUALITY_CHECK,
Feature::FEATURE_PROMOTIONS,
Feature::FEATURE_RECEIPT,
Feature::FEATURE_SHERLOCK,
];
private $companyLevelAvailable = [
Company::SECURITY_LEVEL_ADMIN,
Company::SECURITY_LEVEL_CLIENT,
Company::SECURITY_LEVEL_READ_ONLY,
];
/**
* @var AntarClient
......@@ -36,11 +41,12 @@ class AntarVoter extends Voter
protected function supports($attribute, $subject)
{
// allow FEATURE_NAME and FEATURE_NAME.QUOTA with this arraymap
return in_array($attribute, $this->features_available)
// allow COMPANY_LEVEL and FEATURE_NAME and FEATURE_NAME.QUOTA with this arraymap
return in_array($attribute, $this->companyLevelAvailable)
|| in_array($attribute, $this->featuresAvailable)
|| in_array($attribute, array_map(function ($tag) {
return $tag . ".QUOTA";
}, $this->features_available));
}, $this->featuresAvailable));
}
/*
......@@ -50,10 +56,14 @@ class AntarVoter extends Voter
*/
protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
{
$user = $token->getUser();
if (!($user instanceof User)) {
return false;
}
if (in_array($attribute, $this->companyLevelAvailable)) {
return $this->antarClient->hasLevel($user->getCompanyId(), $attribute);
}
$keys = explode(".", $attribute);
if (isset($keys[1]) && $keys[1] === "QUOTA") {
return $this->antarClient->isGrantedAndHasEnoughQuota($user->getCompanyId(), $keys[0]);
......
......@@ -150,6 +150,13 @@ RECEIPT.QUOTA
SHERLOCK.QUOTA
```
You can also filter by level :
```
ADMIN (role for aboutgoods)
CLIENT (common client role)
READ_ONLY (role for client who failed to pay)
```
For example, before calling campaigns list, you can add at the top of the controller:
```php
$this->denyUnlessGranted("PROMOTION");
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment