src/Security/Voters/InvoiceVoter.php line 13

Open in your IDE?
  1. <?php
  3. namespace App\Security\Voters;
  5. use App\Entity\CustomerQuotations;
  6. use App\Entity\Invoice;
  7. use App\Service\Constants\InvoiceStatus;
  8. use App\Service\Constants\InvoiceType;
  9. use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
  10. use Symfony\Component\Security\Core\Authorization\Voter\Voter;
  11. use Symfony\Component\Security\Core\Security;
  13. class InvoiceVoter extends Voter
  14. {
  15.     private Security $security;
  16.     public const CAN_ADD_PAYMENT 'invoice.can_add_payment';
  17.     public const CAN_CREATE_SALES 'invoice.can_create_sales';
  18.     public const CAN_UPDATE_INVOICE_JSON_DATA 'invoice.can_update_json_data';
  19.     public const CAN_BE_DELETED 'invoice.can_be_deleted';
  20.     public const CAN_BE_EDITED 'invoice.can_be_edited';
  21.     public const CAN_BE_CANCELED 'invoice.can_be_canceled';
  22.     public const CAN_BE_COPIED 'invoice.can_be_copied';
  23.     public const CAN_SEND_TO_CUSTOMER 'invoice.can_be_sent_to_customer';
  24.     public const VISIBLE_IN_CUSTOMER_PROF 'invoice.visible_in_customer_prof';
  25.     public const CAN_BE_UPDATED 'invoice.can_be_updated';
  26.     public const CAN_ROWS_BE_DELETED 'invoice.rows_can_be_deleted';
  27.     public const HAS_PDF 'invoice.has_pdf';
  29.     private const ATTRIBUTES = [
  30.         self::CAN_ADD_PAYMENT,
  31.         self::CAN_UPDATE_INVOICE_JSON_DATA,
  32.         self::CAN_BE_DELETED,
  33.         self::CAN_BE_EDITED,
  34.         self::CAN_BE_CANCELED,
  35.         self::CAN_BE_COPIED,
  36.         self::VISIBLE_IN_CUSTOMER_PROF,
  37.         self::CAN_SEND_TO_CUSTOMER,
  38.         self::CAN_BE_UPDATED,
  39.         self::CAN_ROWS_BE_DELETED,
  40.         self::HAS_PDF,
  41.         self::CAN_CREATE_SALES,
  42.     ];
  44.     public function __construct(Security $security)
  45.     {
  46.         $this->security $security;
  47.     }
  49.     protected function supports($attribute$subject): bool
  50.     {
  51.         return in_array($attributeself::ATTRIBUTES);
  52.     }
  54.     protected function voteOnAttribute($attribute$subjectTokenInterface $token): bool
  55.     {
  56.         switch ($attribute) {
  57.             case self::CAN_ADD_PAYMENT:
  58.                 return $this->canAddPayment($subject);
  59.             case self::CAN_CREATE_SALES:
  60.                 return $this->canCreateSales($subject);
  61.             case self::CAN_UPDATE_INVOICE_JSON_DATA:
  62.             case self::CAN_BE_DELETED:
  63.             case self::CAN_BE_EDITED:
  64.                 return $this->canBeEdited($subject);
  65.             case self::CAN_BE_CANCELED:
  66.                 return $this->canBeCanceled($subject);
  67.             case self::CAN_BE_COPIED:
  68.                 return $this->canBeCopied($subject);
  69.             case self::VISIBLE_IN_CUSTOMER_PROF:
  70.                 return $this->visibleInCustomerProfile($subject);
  71.             case self::CAN_SEND_TO_CUSTOMER:
  72.                 return $this->canSendToCustomer($subject);
  73.             case self::CAN_BE_UPDATED:
  74.                 return $this->canBeUpdated($subject);
  75.             case self::CAN_ROWS_BE_DELETED:
  76.                 return $this->canRowsBeDeleted($subject);
  77.             case self::HAS_PDF:
  78.                 return $this->hasPdf($subject);
  79.         }
  81.         throw new \LogicException('Invalid attribute: ' $attribute);
  82.     }
  84.     private function canAddPayment(Invoice $invoice): bool
  85.     {
  86.         if (!$this->security->isGranted('ROLE_SALES_MANAGER')) {
  87.             return false;
  88.         }
  90.         if ($invoice->getType() == InvoiceType::INVOICE_TYPE_SALES && (!$invoice->getSenderAddress() || !$invoice->getDeliveryAddress())) {
  91.             return false;
  92.         }
  94.         if (!$this->canBeUpdated($invoice)) {
  95.             return false;
  96.         }
  97.         return true;
  98.     }
  100.     private function canBeEdited(Invoice $invoice): bool
  101.     {
  102.         if (!$this->security->isGranted('ROLE_SALES_MANAGER')) {
  103.             return false;
  104.         }
  105.         if (!$this->canBeUpdated($invoice)) {
  106.             return false;
  107.         }
  108.         return !$invoice->getIsSent();
  109.     }
  112.     private function canBeCanceled(Invoice $invoice): bool
  113.     {
  114.         if (!$this->security->isGranted('ROLE_SALES_MANAGER')) {
  115.             return false;
  116.         }
  117.         if ($invoice->getInvoiceDirection() == Invoice::INVOICE_DIRECTION_INCOMING && !$invoice->getQuotation()) {
  118.             return false;
  119.         }
  120.         if (!$this->canBeUpdated($invoice)) {
  121.             return false;
  122.         }
  123.         return true;
  124.     }
  126.     private function visibleInCustomerProfile(Invoice $invoice): bool
  127.     {
  128.         if (!$invoice->getIsSent()) {
  129.             return false;
  130.         }
  131.         if (in_array($invoice->getStatus(), [
  132.             InvoiceStatus::INVOICE_STATUS_CANCELED
  133.         ])) {
  134.             return false;
  135.         }
  136.         return true;
  137.     }
  139.     private function canSendToCustomer(Invoice $invoice): bool
  140.     {
  141.         if ($invoice->getInvoiceDirection() === Invoice::INVOICE_DIRECTION_INCOMING) {
  142.             return false;
  143.         }
  144.         if (!$this->canBeUpdated($invoice)) {
  145.             return false;
  146.         }
  147.         return !$invoice->getIsSent();
  148.     }
  150.     private function canBeCopied(Invoice $invoice): bool
  151.     {
  152.         return !$invoice->getIsWebShopRelated();
  153.     }
  155.     private function canBeUpdated(Invoice $invoice): bool
  156.     {
  157.         if (count($invoice->getBatchInvoices())) {
  158.             return false;
  159.         }
  160.         if (in_array($invoice->getStatus(), [
  161.             InvoiceStatus::INVOICE_STATUS_CANCELED,
  162.             InvoiceStatus::INVOICE_STATUS_ARCHIVED,
  163.         ])) {
  164.             return false;
  165.         }
  167.         return true;
  168.     }
  170.     private function canRowsBeDeleted(Invoice $invoice): bool
  171.     {
  172.         if ($invoice->getType() === InvoiceType::INVOICE_TYPE_ADVANCE) {
  173.             return false;
  174.         }
  176.         return true;
  177.     }
  179.     private function hasPdf(Invoice $invoice): bool
  180.     {
  181.         if ($invoice->getInvoiceDirection() !== Invoice::INVOICE_DIRECTION_OUTGOING) {
  182.             return false;
  183.         }
  184.         if (!$invoice->getCustomer()) {
  185.             return false;
  186.         }
  187.         if (!$invoice->getCustomerData()) {
  188.             return false;
  189.         }
  190.         return true;
  191.     }
  193.     private function createdFromAdvance(Invoice $invoice): bool
  194.     {
  195.         foreach ($invoice->getPrepaymentInvoices() as $prepaymentInvoice) {
  196.             if ($prepaymentInvoice->getStatus() === InvoiceStatus::INVOICE_STATUS_ARCHIVED) {
  197.                 return true;
  198.             }
  199.         }
  200.         return false;
  201.     }
  203.     private function canCreateSales(Invoice $invoice): bool
  204.     {
  205.         if (
  206.             $invoice->getIsBatchAdvance()
  207.             && !in_array($invoice->getStatus(), [
  208.                 InvoiceStatus::INVOICE_STATUS_ARCHIVED,
  209.                 InvoiceStatus::INVOICE_STATUS_CANCELED
  210.             ])
  211.         ) {
  212.             return true;
  213.         }
  214.         return false;
  215.     }
  218. }