src/OnlineConsultation/Application/Security/OnlineConsultationVoter.php line 37

Open in your IDE?
  1. <?php
  2. /**
  3.  * This file is part of the educat package.
  4.  *
  5.  * (c) Solvee
  6.  *
  7.  * For the full copyright and license information, please view the LICENSE
  8.  * file that was distributed with this source code.
  9.  */
  11. declare(strict_types=1);
  13. namespace App\OnlineConsultation\Application\Security;
  15. use App\Common\Model\Calendar\CalendarInterface;
  16. use App\Common\Model\Core\AccountInterface;
  17. use App\Common\Model\Core\UserInterface;
  18. use App\Common\Model\OnlineConsultation\OnlineConsultationInterface;
  19. use App\Common\Model\Payment\FreePaymentTokenInterface;
  20. use App\Common\Model\Service\ServiceInstanceInterface;
  21. use App\Common\Repository\OnlineConsultation\OnlineConsultationRepositoryInterface;
  22. use App\Common\Repository\Payment\FreePaymentTokenRepositoryInterface;
  23. use App\Common\Security\AccountRole;
  24. use Carbon\Carbon;
  25. use LogicException;
  26. use Symfony\Component\HttpFoundation\Request;
  27. use Symfony\Component\HttpFoundation\RequestStack;
  28. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  29. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  30. use Symfony\Component\Security\Core\Security;
  32. /**
  33.  * Class OnlineConsultationVoter
  34.  *
  35.  * @author  Mateusz Korkosz <korkosz.mateusz@gmail.com>
  36.  */
  37. class OnlineConsultationVoter extends Voter
  38. {
  39.     public const REGISTER_ONLINE_CONSULTATION 'register_online_consultation';
  41.     public const GET_CONSULTATION_DATA 'get_consultation_data';
  43.     public const CANCEL_ONLINE_CONSULTATION 'cancel_online_consultation';
  45.     public const START_ONLINE_CONSULTATION 'start_online_consultation';
  47.     public const FINISH_ONLINE_CONSULTATION 'finish_online_consultation';
  49.     public const RESCHEDULE_ONLINE_CONSULTATION 'reschedule_online_consultation';
  51.     public const UPDATE_ONLINE_CONSULTATION 'update_online_consultation';
  53.     public const ASSIGN_ONLINE_CONSULTATION 'assign_online_consultation';
  55.     public const VIEW_ONLINE_CONSULTATION 'view_online_consultation';
  57.     public const SEND_ONLINE_CONSULTATION_NOTIFICATION 'send_online_consultation_notification';
  59.     public const REGISTER_FREE_ONLINE_CONSULTATION 'register_free_online_consultation';
  61.     /** @var Security */
  62.     private Security $security;
  64.     /** @var RequestStack */
  65.     private RequestStack $requestStack;
  67.     /** @var FreePaymentTokenRepositoryInterface */
  68.     private FreePaymentTokenRepositoryInterface $freePaymentTokenRepository;
  70.     /**
  71.      * OnlineConsultationVoter constructor.
  72.      *
  73.      * @param Security                            $security
  74.      * @param RequestStack                        $requestStack
  75.      * @param FreePaymentTokenRepositoryInterface $freePaymentTokenRepository
  76.      */
  77.     public function __construct(Security $securityRequestStack $requestStackFreePaymentTokenRepositoryInterface $freePaymentTokenRepository)
  78.     {
  79.         $this->security $security;
  80.         $this->requestStack $requestStack;
  81.         $this->freePaymentTokenRepository $freePaymentTokenRepository;
  82.     }
  84.     /**
  85.      * @param string $attribute
  86.      * @param mixed  $subject
  87.      *
  88.      * @return bool
  89.      */
  90.     protected function supports($attribute$subject): bool
  91.     {
  92.         if (!$subject && (self::REGISTER_ONLINE_CONSULTATION === $attribute)) {
  93.             return true;
  94.         }
  95.         if (!in_array(
  96.             $attribute,
  97.             [
  98.                 self::REGISTER_ONLINE_CONSULTATION,
  99.                 self::GET_CONSULTATION_DATA,
  100.                 self::REGISTER_FREE_ONLINE_CONSULTATION,
  101.                 self::CANCEL_ONLINE_CONSULTATION,
  102.                 self::START_ONLINE_CONSULTATION,
  103.                 self::FINISH_ONLINE_CONSULTATION,
  104.                 self::RESCHEDULE_ONLINE_CONSULTATION,
  105.                 self::UPDATE_ONLINE_CONSULTATION,
  106.                 self::VIEW_ONLINE_CONSULTATION,
  107.                 self::ASSIGN_ONLINE_CONSULTATION,
  108.             ],
  109.         )) {
  110.             return false;
  111.         }
  113.         return $subject instanceof OnlineConsultationInterface || $subject instanceof ServiceInstanceInterface;
  114.     }
  116.     /**
  117.      * @inheritDoc
  118.      */
  119.     protected function voteOnAttribute(mixed $attributemixed $subjectTokenInterface $token): bool
  120.     {
  121.         $user   $token->getUser();
  122.         $isAnon false;
  123.         if (!$user instanceof UserInterface) {
  124.             $isAnon true;
  125.             $user   null;
  126.         }
  128.         switch ($attribute) {
  129.             case self::REGISTER_ONLINE_CONSULTATION:
  130.                 return $this->canRegisterOnlineConsultation($subject$user);
  131.             case self::REGISTER_FREE_ONLINE_CONSULTATION:
  132.                 return $this->canRegisterFreeOnlineConsultation($subject);
  133.             case self::GET_CONSULTATION_DATA:
  134.                 return $this->canGetConsultationData($subject$user);
  135.             case self::CANCEL_ONLINE_CONSULTATION:
  136.                 return $this->canCancelOnlineConsultation($subject$user);
  137.             case self::START_ONLINE_CONSULTATION:
  138.                 return $this->canStartOnlineConsultation($subject$user);
  139.             case self::FINISH_ONLINE_CONSULTATION:
  140.                 return $this->canFinishOnlineConsultation($subject$isAnon);
  141.             case self::RESCHEDULE_ONLINE_CONSULTATION:
  142.                 return $this->canRescheduleOnlineConsultation($subject$user);
  143.             case self::UPDATE_ONLINE_CONSULTATION:
  144.                 return $this->canUpdateOnlineConsultation($subject$user$isAnon);
  145.             case self::ASSIGN_ONLINE_CONSULTATION:
  146.                 return $this->canAssignOnlineConsultation($subject);
  147.             case self::VIEW_ONLINE_CONSULTATION:
  148.                 return $this->canViewOnlineConsultation($subject$user);
  149.             default:
  150.                 throw new LogicException('This code should not be reached!');
  151.         }
  152.     }
  154.     /**
  155.      * @param OnlineConsultationInterface $onlineConsultation
  156.      *
  157.      * @return bool
  158.      */
  159.     private function canRegisterFreeOnlineConsultation(OnlineConsultationInterface $onlineConsultation): bool
  160.     {
  161.         if ($this->security->isGranted(AccountRole::ADMIN)) {
  162.             return true;
  163.         }
  164.         $calendar $onlineConsultation->getCalendar();
  165.         if (!$calendar instanceof CalendarInterface) {
  166.             return false;
  167.         }
  168.         $requestStack $this->requestStack->getMainRequest();
  169.         if (!$requestStack instanceof Request) {
  170.             return false;
  171.         }
  172.         $tokenId $requestStack->headers->get('X-Payment-Token');
  173.         if (!$tokenId) {
  174.             return false;
  175.         }
  176.         $token $this->freePaymentTokenRepository->find($tokenId);
  177.         if (!$token instanceof FreePaymentTokenInterface) {
  178.             return false;
  179.         }
  181.         if ($calendar->getId()->equals($token->getSubjectId())) {
  182.             return true;
  183.         }
  185.         return false;
  186.     }
  188.     /**
  189.      * @param ServiceInstanceInterface $serviceInstance
  190.      * @param UserInterface            $user
  191.      *
  192.      * @return bool
  193.      */
  194.     private function canRegisterOnlineConsultation(ServiceInstanceInterface $serviceInstanceUserInterface $user): bool
  195.     {
  196.         $serviceDefinitions $serviceInstance->getServiceDefinition();
  197.         if ($serviceDefinitions) {
  198.             if (!$serviceDefinitions->getConsultationCount()) {
  199.                 return false;
  200.             }
  201.         }
  202.         if ($serviceInstance->isDraft() || $serviceInstance->isUsed()) {
  203.             return false;
  204.         }
  205.         if ($this->security->isGranted(AccountRole::ADMIN)) {
  206.             return true;
  207.         }
  208.         if ($serviceInstance->accountIsOwner($user->getAccount())) {
  209.             return true;
  210.         }
  212.         return false;
  213.     }
  215.     /**
  216.      * @param OnlineConsultationInterface $onlineConsultation
  217.      * @param UserInterface|null          $user
  218.      * @param bool                        $isAnon
  219.      *
  220.      * @return bool
  221.      */
  222.     private function canUpdateOnlineConsultation(
  223.         OnlineConsultationInterface $onlineConsultation,
  224.         ?UserInterface              $user,
  225.         bool                        $isAnon
  226.     ): bool {
  227.         if ($onlineConsultation->getPaidAt()) {
  228.             return false;
  229.         }
  231.         if ($isAnon) {
  232.             return $this->hasAccessAsAnonymousUser($onlineConsultation);
  233.         }
  235.         $account $user->getAccount();
  237.         return $onlineConsultation->isOwner($account) || $this->security->isGranted(AccountRole::ADMIN);
  238.     }
  240.     /**
  241.      * @param OnlineConsultationInterface $consultation
  242.      *
  243.      * @return bool
  244.      */
  245.     private function canAssignOnlineConsultation(OnlineConsultationInterface $consultation): bool
  246.     {
  247.         if ($this->hasAccessAsAnonymousUser($consultation)) {
  248.             return true;
  249.         }
  251.         return $this->security->isGranted(AccountRole::ADMIN);
  252.     }
  254.     /**
  255.      * @param OnlineConsultationInterface $onlineConsultation
  256.      * @param UserInterface|null          $user
  257.      *
  258.      * @return bool
  259.      */
  260.     private function canGetConsultationData(OnlineConsultationInterface $onlineConsultation, ?UserInterface $user): bool
  261.     {
  262.         if ($user && $onlineConsultation->isOwner($user->getAccount())) {
  263.             return true;
  264.         }
  266.         return $this->isAdminOrParticipant($onlineConsultation$user);
  267.     }
  269.     /**
  270.      * @param OnlineConsultationInterface $onlineConsultation
  271.      * @param UserInterface|null          $user
  272.      *
  273.      * @return bool
  274.      */
  275.     private function canCancelOnlineConsultation(
  276.         OnlineConsultationInterface $onlineConsultation,
  277.         ?UserInterface              $user
  278.     ): bool {
  279.         if (!$user) {
  280.             return false;
  281.         }
  282.         if ($this->security->isGranted(AccountRole::ADMIN)) {
  283.             return true;
  284.         }
  285.         if ($onlineConsultation->getCancelledBy()) {
  286.             return false;
  287.         }
  288.         $now Carbon::now();
  289.         if ($now->greaterThan($onlineConsultation->getStartsAt())) {
  290.             return false;
  291.         }
  293.         return $onlineConsultation->isParticipant($user->getAccount());
  294.     }
  296.     /**
  297.      * @param OnlineConsultationInterface $onlineConsultation
  298.      * @param bool                        $isAnon
  299.      *
  300.      * @return bool
  301.      */
  302.     private function canFinishOnlineConsultation(OnlineConsultationInterface $onlineConsultationbool $isAnon): bool
  303.     {
  304.         return true;
  305.         if (!$isAnon && $this->security->isGranted(AccountRole::ADMIN)) {// @phpstan-ignore-line
  306.             return true;
  307.         }
  309.         return $this->checkSecret($onlineConsultation);
  310.     }
  312.     /**
  313.      * @param OnlineConsultationInterface $onlineConsultation
  314.      * @param UserInterface|null          $user
  315.      *
  316.      * @return bool
  317.      */
  318.     private function canRescheduleOnlineConsultation(
  319.         OnlineConsultationInterface $onlineConsultation,
  320.         ?UserInterface              $user
  321.     ): bool {
  322.         $dayBefore             Carbon::now();
  323.         $consultationStartDate $onlineConsultation->getStartsAt();
  325.         if ($dayBefore->greaterThan($consultationStartDate->subDay())) {
  326.             return false;
  327.         }
  328.         if ($user && $onlineConsultation->isOwner($user->getAccount())) {
  329.             return true;
  330.         }
  332.         return $this->isAdminOrParticipant($onlineConsultation$user);
  333.     }
  335.     /**
  336.      * @param OnlineConsultationInterface $onlineConsultation
  337.      * @param UserInterface|null          $user
  338.      *
  339.      * @return bool
  340.      */
  341.     private function canViewOnlineConsultation(
  342.         OnlineConsultationInterface $onlineConsultation,
  343.         ?UserInterface              $user
  344.     ): bool {
  345.         if (!$user) {
  346.             return $this->hasAccessAsAnonymousUser($onlineConsultation);
  347.         }
  348.         if ($onlineConsultation->isOwner($user->getAccount())) {
  349.             return true;
  350.         }
  351.         if ($user->getAccount() === $onlineConsultation->getCreatedBy()) {
  352.             return true;
  353.         }
  355.         return $this->isAdminOrParticipant($onlineConsultation$user);
  356.     }
  358.     /**
  359.      * @param OnlineConsultationInterface $subject
  360.      * @param UserInterface|null          $user
  361.      *
  362.      * @return bool
  363.      */
  364.     private function canStartOnlineConsultation(OnlineConsultationInterface $subject, ?UserInterface $user): bool
  365.     {
  366.         return true;
  368.         return $this->isAdminOrParticipant($subject$user); // @phpstan-ignore-line
  369.     }
  371.     /**
  372.      * @param OnlineConsultationInterface $onlineConsultation
  373.      * @param UserInterface|null          $user
  374.      *
  375.      * @return bool
  376.      */
  377.     private function isAdminOrParticipant(OnlineConsultationInterface $onlineConsultation, ?UserInterface $user): bool
  378.     {
  379.         if (!$user) {
  380.             return false;
  381.         }
  382.         if ($this->security->isGranted(AccountRole::ADMIN)) {
  383.             return true;
  384.         }
  386.         return $onlineConsultation->isParticipant($user->getAccount());
  387.     }
  389.     /**
  390.      * @param OnlineConsultationInterface $consultation
  391.      *
  392.      * @return bool
  393.      */
  394.     private function hasAccessAsAnonymousUser(OnlineConsultationInterface $consultation): bool
  395.     {
  396.         $request $this->requestStack->getMasterRequest();
  397.         $secret  $request->headers->get('X-Online-Consultation-Secret');
  399.         if (!$secret) {
  400.             return false;
  401.         }
  402.         if ($consultation->getSecret() && $secret === $consultation->getSecret()) {
  403.             return true;
  404.         }
  405.         foreach ($consultation->getParticipants() as $participant) {
  406.             if ($participant->getAccessSecret() === $secret) {
  407.                 return true;
  408.             }
  409.         }
  411.         return false;
  412.     }
  414.     /**
  415.      * @param OnlineConsultationInterface $consultation
  416.      *
  417.      * @return bool
  418.      */
  419.     private function checkSecret(OnlineConsultationInterface $consultation): bool// @phpstan-ignore-line
  420.     {
  421.         $request $this->requestStack->getMasterRequest();
  422.         $secret  $request->headers->get('X-Online-Consultation-Secret');
  423.         if (!$secret) {
  424.             return false;
  425.         }
  427.         foreach ($consultation->getParticipants() as $participant) {
  428.             $account $participant->getAccount();
  429.             if (!$account instanceof AccountInterface) {
  430.                 continue;
  431.             }
  432.             if ($participant->getAccessSecret() === $secret) {
  433.                 return true;
  434.             }
  435.         }
  437.         return false;
  438.     }
  439. }