vendor/nellapp/sdk-bundle/src/Permission/ChannelUserPermissionService.php line 155

Open in your IDE?
  1. <?php
  3. namespace Nellapp\Bundle\SDKBundle\Permission;
  5. use DateTime;
  6. use Nellapp\Bundle\SDKBundle\Channel\Entity\ChannelInterface;
  7. use Nellapp\Bundle\SDKBundle\Channel\Entity\ChannelUserData\AdminChannelUserDataInterface;
  8. use Nellapp\Bundle\SDKBundle\Channel\Entity\ChannelUserData\ChannelUserDataInterface;
  9. use Nellapp\Bundle\SDKBundle\Permission\Entity\ChannelPermissionResourceInterface;
  10. use Nellapp\Bundle\SDKBundle\Permission\Entity\ChannelResourceInterface;
  11. use Nellapp\Bundle\SDKBundle\Permission\Entity\ChannelUserPermissionInterface;
  12. use Nellapp\Bundle\SDKBundle\Permission\Enum\ChannelUserPermissionEnumInterface;
  13. use Nellapp\Bundle\SDKBundle\Permission\Security\Hierarchy\ChannelUserPermissionHierarchyInterface;
  14. use Nellapp\Bundle\SDKBundle\Permission\UserOwner\UserOwnerGetter;
  15. use Nellapp\Bundle\SDKBundle\Sync\ApiClient\Model\ChannelUserData;
  17. class ChannelUserPermissionService
  18. {
  19.     public function __construct(
  20.         private ChannelUserPermissionManager $channelUserPermissionManager,
  21.         private UserOwnerGetter              $userOwnerGetter,
  22.     )
  23.     {
  24.     }
  26.     public function hasAccess(ChannelUserDataInterface $channelUserDataChannelInterface|ChannelResourceInterface $subjectstring $attribute): bool
  27.     {
  28.         if (!$channelUserData instanceof AdminChannelUserDataInterface) {
  29.             return false;
  30.         }
  32.         if ($subject instanceof ChannelInterface && $this->userOwnerGetter->isOwnerOf($channelUserData->getUser(), $subject)) {
  33.             return true;
  34.         }
  36.         if ($subject instanceof ChannelInterface && $channelUserData->getUser() === $subject->getOwner()) {
  37.             return true;
  38.         }
  40.         $availableAttribute $this->isAvailableAttribute($subject$attribute);
  41.         if ($availableAttribute === false) {
  42.             return false;
  43.         }
  45.         $channelUserPermissionInterface $this->getChannelUserPermissionInterface($channelUserData$subject);
  46.         if (!$channelUserPermissionInterface) {
  47.             return false;
  48.         }
  50.         if (!$this->isChannelUserPermissionActive($channelUserPermissionInterface)) {
  51.             return false;
  52.         }
  54.         return in_array($attribute$this->getAvailablePermissions($subject$channelUserPermissionInterface));
  55.     }
  57.     public function getChannelUserPermissionInterface(ChannelUserDataInterface $channelUserDataChannelInterface|ChannelResourceInterface $subject): ?ChannelUserPermissionInterface
  58.     {
  59.         if (!$channelUserData instanceof AdminChannelUserDataInterface) {
  60.             return null;
  61.         }
  63.         if ($subject instanceof ChannelInterface) {
  64.             return $channelUserData;
  65.         }
  67.         $channelResourcePermissionRepository $this->channelUserPermissionManager->getChannelPermissionResourceRepository($subject::getPermissionResourceClass());
  68.         return $channelResourcePermissionRepository?->findOneByChannelUserDataAndResource($channelUserData$subject);
  69.     }
  72.     public function isChannelUserPermissionActive(ChannelUserPermissionInterface $channelUserPermission): bool
  73.     {
  74.         $startAt $channelUserPermission->getStartAt();
  75.         $expireAt $channelUserPermission->getExpireAt();
  76.         return $this->isBetween($startAt$expireAt);
  77.     }
  79.     public function isBetween(?\DateTimeInterface $startAt, ?\DateTimeInterface $expireAt): bool
  80.     {
  81.         $now = new DateTime();
  82.         if ($startAt !== null && $startAt $now) {
  83.             return false;
  84.         }
  86.         if ($expireAt !== null) {
  87.             $expireAtEnd DateTime::createFromInterface($expireAt);
  88.             $expireAtEnd->setTime(235959);
  89.             return $expireAtEnd >= $now;
  90.         }
  92.         return true;
  93.     }
  95.     private function getAvailablePermissions(ChannelInterface|ChannelResourceInterface $subjectChannelUserPermissionInterface $channelUserPermissionInterface): array
  96.     {
  97.         $permissionHierarchies $this->channelUserPermissionManager->getChannelUserPermissionHierarchies($subject);
  98.         if (empty($permissionHierarchies)) {
  99.             return $channelUserPermissionInterface->getPerms();
  100.         }
  101.         return array_unique(array_merge(...array_map(function (ChannelUserPermissionHierarchyInterface $channelUserPermissionHierarchy) use ($channelUserPermissionInterface) {
  102.             return $channelUserPermissionHierarchy->getReachableRoleNames($channelUserPermissionInterface->getPerms());
  103.         }, $permissionHierarchies)));
  104.     }
  106.     private function getAvailablePermissionForSubject(ChannelInterface|ChannelResourceInterface $subject): array
  107.     {
  108.         $channelUserPermissionEnums $this->channelUserPermissionManager->getChannelUserPermissionEnums($subject);
  109.         if (empty($channelUserPermissionEnums)) {
  110.             return [];
  111.         }
  113.         return array_unique(array_merge(...array_map(function (ChannelUserPermissionEnumInterface $channelUserPermissionEnum) {
  114.             return $channelUserPermissionEnum->getChoices();
  115.         }, $channelUserPermissionEnums)));
  116.     }
  118.     private function getAvailablePermissionsWithHierarchyForSubject(ChannelInterface|ChannelResourceInterface $subject): array
  119.     {
  120.         $permissionHierarchies $this->channelUserPermissionManager->getChannelUserPermissionHierarchies($subject);
  121.         if (empty($permissionHierarchies)) {
  122.             return $this->getAvailablePermissionForSubject($subject);
  123.         }
  125.         return array_unique(array_merge(...array_map(function (ChannelUserPermissionHierarchyInterface $channelUserPermissionHierarchy) use ($subject) {
  126.             return $channelUserPermissionHierarchy->getReachableRoleNames($this->getAvailablePermissionForSubject($subject));
  127.         }, $permissionHierarchies)));
  128.     }
  130.     /**
  131.      * @param array $availablePermissions
  132.      * @param string $attribute
  133.      * @return array
  134.      *
  135.      * Check if given attribute exists in the list of available permissions for the resource
  136.      */
  137.     private function isAvailableAttribute(ChannelInterface|ChannelResourceInterface $subjectstring $attribute): bool
  138.     {
  139.         return in_array($attribute$this->getAvailablePermissionsWithHierarchyForSubject($subject));
  140.     }
  143.     /**
  144.      * @param ChannelResourceInterface|ChannelInterface $subject
  145.      * @param string|string[] $perms
  146.      * @return ChannelUserData[]
  147.      */
  148.     public function getAllChannelUserDataForGivenPermissions(ChannelResourceInterface|ChannelInterface $subjectstring|array $perms): array
  149.     {
  150.         if (!is_array($perms)) {
  151.             $perms = [$perms];
  152.         }
  154.         if ($subject instanceof ChannelResourceInterface) {
  155.             return $this->getChannelUserDataForChannelResourceWithPermissions($subject$perms);
  156.         }
  157.         return $this->getChannelUserDataForChannelWithPermissions($subject$perms);
  158.     }
  160.     private function getChannelUserDataForChannelWithPermissions(ChannelInterface $channel, array $perms): array
  161.     {
  162.         return [$channel->getOwner()->getChannelUserDataByChannel($channel)];
  163.     }
  165.     private function getChannelUserDataForChannelResourceWithPermissions(ChannelResourceInterface $channelResource, array $perms): array
  166.     {
  167.         $channelUserPermissionResourceRepository $this->channelUserPermissionManager
  168.             ->getChannelPermissionResourceRepository($channelResource::getPermissionResourceClass());
  169.         if ($channelUserPermissionResourceRepository === null) {
  170.             return [];
  171.         }
  173.         $qb $channelUserPermissionResourceRepository->queryAllByResource($channelResource);
  174.         foreach ($perms as $perm) {
  175.             $qb
  176.                 ->andWhere('FIND_IN_SET(:perm, c_u_p.perms) > 0')
  177.                 ->setParameter('perm'$perm);
  178.         }
  180.         $channelPermissionResourceInterfaceList $qb
  181.             ->addSelect('channel_user_data')
  182.             ->innerJoin('c_u_p.channelUserData''channel_user_data')
  183.             ->getQuery()
  184.             ->getResult();
  186.         return array_map(function (ChannelPermissionResourceInterface $channelPermissionResourceInterface) {
  187.             return $channelPermissionResourceInterface->getChannelUserData();
  188.         }, $channelPermissionResourceInterfaceList);
  189.     }
  191.     public function getAllUserForGivenPermissions(ChannelResourceInterface|ChannelInterface $subjectstring|array $perms): array
  192.     {
  193.         return array_map(function (ChannelUserDataInterface $channelUserData) {
  194.             return $channelUserData->getUser();
  195.         }, $this->getAllChannelUserDataForGivenPermissions($subject$perms));
  196.     }
  197. }