AgreementVoter::voteOnAttribute() - Code Metrics - iesoretania/atica-fct - Measure and Improve Code Quality continuously with Scrutinizer

AgreementVoter::voteOnAttribute() C
last analyzed 2018-12-05 08:49 UTC

↳ Parent: AgreementVoter

Complexity

Conditions	12
Paths	11

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	43
rs	6.9666
c	0
b	0
f	0
cc	12
nc	11
nop	3

How to fix Complexity

<?php
/*
  ÁTICA - Aplicación web para la gestión documental de centros educativos

  Copyright (C) 2015-2016: Luis Ramón López López

  This program is free software: you can redistribute it and/or modify
  it under the terms of the GNU Affero General Public License as published by
  the Free Software Foundation, either version 3 of the License, or
  (at your option) any later version.

  This program is distributed in the hope that it will be useful,
  but WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  GNU Affero General Public License for more details.

  You should have received a copy of the GNU Affero General Public License
  along with this program.  If not, see [http://www.gnu.org/licenses/].
*/

namespace AppBundle\Security;

use AppBundle\Entity\Agreement;
use AppBundle\Entity\User;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\AccessDecisionManager;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;

class AgreementVoter extends Voter
{
    const MANAGE = 'AGREEMENT_MANAGE';
    const LOCK = 'AGREEMENT_LOCK';
    const UNLOCK = 'AGREEMENT_UNLOCK';
    const ACCESS = 'AGREEMENT_ACCESS';
    const FILL = 'AGREEMENT_FILL';
    const REPORT = 'AGREEMENT_REPORT';

    private $decisionManager;

    public function __construct(AccessDecisionManager $decisionManager) {
        $this->decisionManager = $decisionManager;
    }

    /**
     * {@inheritdoc}
     */
    protected function supports($attribute, $subject)
    {

        if (!$subject instanceof Agreement) {
            return false;
        }

        if (!in_array($attribute, [self::MANAGE, self::LOCK, self::UNLOCK, self::ACCESS, self::FILL, self::REPORT], true)) {
            return false;
        }

        return true;
    }

    /**
     * {@inheritdoc}
     */
    protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
    {
        if (!$subject instanceof Agreement) {
            return false;
        }

        // los administradores globales siempre tienen permiso
        if ($this->decisionManager->decide($token, ['ROLE_ADMIN'])) {
            return true;
        }

        /** @var User $user */
        $user = $token->getUser();

        if (!$user instanceof User) {
            // si el usuario no ha entrado, denegar
            return false;
        }

        // Si es el jefe de departamento, permitir siempre
        if ($user->getDirects()->contains($subject->getStudent()->getStudentGroup()->getTraining()->getDepartment())) {
            return true;
        }

        // Si es el tutor de grupo o tutor docente, permitir cualquier cosa salvo gestión
        if ($user->getTutorizedGroups()->contains($subject->getStudent()->getStudentGroup())
                || $subject->getEducationalTutor() === $user) {
            return $attribute !== self::MANAGE;
        }

        // Si es el tutor laboral, permitir acceso al calendario y al informe
        if ($subject->getWorkTutor() === $user) {
            return  $attribute !== self::FILL && ($attribute === self::ACCESS || $attribute === self::REPORT);
        }

        // Si es propio usuario, denegar permitir sólo acceso
        if ($subject->getStudent() === $user) {
            return $attribute === self::ACCESS || $attribute === self::FILL;
        }

        // denegamos en cualquier otro caso
        return false;
    }
}


1			<?php
2			/*
3			ÁTICA - Aplicación web para la gestión documental de centros educativos
4
5			Copyright (C) 2015-2016: Luis Ramón López López
6
7			This program is free software: you can redistribute it and/or modify
8			it under the terms of the GNU Affero General Public License as published by
9			the Free Software Foundation, either version 3 of the License, or
10			(at your option) any later version.
11
12			This program is distributed in the hope that it will be useful,
13			but WITHOUT ANY WARRANTY; without even the implied warranty of
14			MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15			GNU Affero General Public License for more details.
16
17			You should have received a copy of the GNU Affero General Public License
18			along with this program. If not, see [http://www.gnu.org/licenses/].
19			*/
20
21			namespace AppBundle\Security;
22
23			use AppBundle\Entity\Agreement;
24			use AppBundle\Entity\User;
25			use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
26			use Symfony\Component\Security\Core\Authorization\AccessDecisionManager;
27			use Symfony\Component\Security\Core\Authorization\Voter\Voter;
28
29			class AgreementVoter extends Voter
30			{
31			const MANAGE = 'AGREEMENT_MANAGE';
32			const LOCK = 'AGREEMENT_LOCK';
33			const UNLOCK = 'AGREEMENT_UNLOCK';
34			const ACCESS = 'AGREEMENT_ACCESS';
35			const FILL = 'AGREEMENT_FILL';
36			const REPORT = 'AGREEMENT_REPORT';
37
38			private $decisionManager;
39
40			public function __construct(AccessDecisionManager $decisionManager) {
41			$this->decisionManager = $decisionManager;
42			}
43
44			/**
45			* {@inheritdoc}
46			*/
47			protected function supports($attribute, $subject)
48			{
49
50			if (!$subject instanceof Agreement) {
51			return false;
52			}
53
54			if (!in_array($attribute, [self::MANAGE, self::LOCK, self::UNLOCK, self::ACCESS, self::FILL, self::REPORT], true)) {
55			return false;
56			}
57
58			return true;
59			}
60
61			/**
62			* {@inheritdoc}
63			*/
64			protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
65			{
66			if (!$subject instanceof Agreement) {
67			return false;
68			}
69
70			// los administradores globales siempre tienen permiso
71			if ($this->decisionManager->decide($token, ['ROLE_ADMIN'])) {
72			return true;
73			}
74
75			/** @var User $user */
76			$user = $token->getUser();
77
78			if (!$user instanceof User) {
79			// si el usuario no ha entrado, denegar
80			return false;
81			}
82
83			// Si es el jefe de departamento, permitir siempre
84			if ($user->getDirects()->contains($subject->getStudent()->getStudentGroup()->getTraining()->getDepartment())) {
85			return true;
86			}
87
88			// Si es el tutor de grupo o tutor docente, permitir cualquier cosa salvo gestión
89			if ($user->getTutorizedGroups()->contains($subject->getStudent()->getStudentGroup())
90			\|\| $subject->getEducationalTutor() === $user) {
91			return $attribute !== self::MANAGE;
92			}
93
94			// Si es el tutor laboral, permitir acceso al calendario y al informe
95			if ($subject->getWorkTutor() === $user) {
96			return $attribute !== self::FILL && ($attribute === self::ACCESS \|\| $attribute === self::REPORT);
97			}
98
99			// Si es propio usuario, denegar permitir sólo acceso
100			if ($subject->getStudent() === $user) {
101			return $attribute === self::ACCESS \|\| $attribute === self::FILL;
102			}
103
104			// denegamos en cualquier otro caso
105			return false;
106			}
107			}
108

GitHub Access Token became invalid

AgreementVoter::voteOnAttribute() C
last analyzed 2018-12-05 08:49 UTC

Complexity

Size

Duplication

Importance

How to fix Complexity

Long Method

iesoretania / atica-fct

GitHub Access Token became invalid

AgreementVoter::voteOnAttribute() C last analyzed 2018-12-05 08:49 UTC

Complexity

Size

Duplication

Importance

How to fix Complexity

Long Method

Duplication Side-by-Side

Filter issues like

AgreementVoter::voteOnAttribute() C
last analyzed 2018-12-05 08:49 UTC