Symfony Profiler

<?php
namespace App\Security\Voter;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\User\UserInterface;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
use Symfony\Component\Security\Core\Security;
class AccountVoter extends Voter
{
private $security;
public function __construct(Security $security)
{
$this->security = $security;
}
protected function supports($attribute, $subject) : bool
{
// NEW actions don't yet have objects
if(in_array($attribute, ['NEW_ACCOUNT']))
return true;
return in_array($attribute, ['EDIT', 'LOCK', 'DELETE', 'UNLOCK', 'PASSWORD_CHANGE', 'FORWARD',
'AUTORESPONDER', 'SPAMASSASSIN', 'SPAMASSASSIN_DOMAIN', 'PROCMAIL', 'IMAP', 'NOTICESMS', 'STATS',
'MASS_SEND', 'SETTINGS', 'OPERATION_HISTORY', 'LOGIN_HISTORY',
'ADMIN_DOMAINS_SHOW', 'ADMIN_DOMAINS_NEW', 'ADMIN_ALIASES_SHOW', 'ADMIN_ALIASES_NEW',
'ADMIN_ROLES_SHOW', 'ADMIN_ROLES_NEW', 'ADMIN_ROLES_DELETE',
'ADMIN_LOGS', 'ADMIN_SYSTEM_STATUS', 'ADMIN_SYSTEM_SETTINGS',
'ADMIN_CHARTS', 'LOGIN_MESSAGES', 'MASS_CHANGE_QUOTA'
])
&& $subject instanceof \App\Model\Account;
}
protected function voteOnAttribute($attribute, $subject, TokenInterface $token) : bool
{
$user = $token->getUser();
// if the user is anonymous, do not grant access
if (!$user instanceof UserInterface) {
return false;
}
if($subject != null && $subject->isInProgress()) {
return false;
}
switch ($attribute) {
case 'EDIT':
if($this->security->isGranted('ROLE_ADMIN')) {
return true;
}
if($this->security->isGranted('ROLE_POSTMASTER')) {
if(in_array($subject->getUserDomain(), $user->getDomains())) {
return true;
}
}
if($this->security->isGranted('ROLE_GROUPMASTER')) {
if(in_array($subject->getUserDomain(), $user->getDomains())) {
if(in_array($subject->userAddress(), $user->getAccounts()))
return true;
}
}
if($this->security->isGranted('ROLE_USER')) {
// only possible to edit his own account
if($subject->userAddress() == $user->getUsername()) {
return true;
}
}
break;
case 'LOCK':
if($this->security->isGranted('ROLE_POSTMASTER')) {
if(in_array($subject->getUserDomain(), $user->getDomains())) {
return true;
}
}
if($this->security->isGranted('ROLE_GROUPMASTER')) {
if(in_array($subject->getUserDomain(), $user->getDomains())) {
if(in_array($subject->userAddress(), $user->getAccounts()))
return true;
}
}
break;
case 'UNLOCK':
if($this->security->isGranted('ROLE_POSTMASTER')) {
if(in_array($subject->getUserDomain(), $user->getDomains())) {
return true;
}
}
if($this->security->isGranted('ROLE_GROUPMASTER')) {
if(in_array($subject->getUserDomain(), $user->getDomains())) {
if(in_array($subject->userAddress(), $user->getAccounts()))
return true;
}
}
break;
case 'DELETE':
// don't allow deleting your own account
if($subject->userAddress() == $user->getUsername()) {
return false;
}
// don't delete any postmaster account
if($subject->getUserName() == 'postmaster') {
return false;
}
if($this->security->isGranted('ROLE_POSTMASTER')) {
if(in_array($subject->getUserDomain(), $user->getDomains())) {
return true;
}
}
break;
case 'NEW_ACCOUNT':
if($this->security->isGranted('ROLE_POSTMASTER')) {
return true;
}
break;
case 'FORWARD':
if(isset($_SERVER['APP_QU_FORWARDING_ALLOWED'])) {
if($_SERVER['APP_QU_FORWARDING_ALLOWED'] == 'false') {
return false;
}
}
if($this->security->isGranted('ROLE_USER')) {
foreach($user->getAccount()->getAllowedModules() as $s) {
if($s == 'Forward')
return true;
}
return false;
}
break;
case 'PASSWORD_CHANGE':
if(isset($_SERVER['APP_QU_PASSWORD_ALLOWED'])) {
if($_SERVER['APP_QU_PASSWORD_ALLOWED'] == 'false') {
return false;
}
}
if($this->security->isGranted('ROLE_USER')) {
foreach($user->getAccount()->getAllowedModules() as $s) {
if($s == 'PasswordChange')
return true;
}
return false;
}
break;
case 'AUTORESPONDER':
if(isset($_SERVER['APP_QU_AUTORESPONDER_ALLOWED'])) {
if($_SERVER['APP_QU_AUTORESPONDER_ALLOWED'] == 'false') {
return false;
}
}
if($this->security->isGranted('ROLE_USER')) {
foreach($user->getAccount()->getAllowedModules() as $s) {
if($s == 'Autoresponder')
return true;
}
return false;
}
break;
case 'SPAMASSASSIN':
if(isset($_SERVER['APP_QU_SA_ALLOWED'])) {
if($_SERVER['APP_QU_SA_ALLOWED'] == 'false') {
return false;
}
}
if($this->security->isGranted('ROLE_USER')) {
foreach($user->getAccount()->getAllowedModules() as $s) {
if($s == 'SpamAssassin')
return true;
}
return false;
}
break;
case 'SPAMASSASSIN_DOMAIN':
if($this->security->isGranted('ROLE_POSTMASTER')) {
return true;
}
else {
return false;
}
break;
case 'PROCMAIL':
if(isset($_SERVER['APP_QU_PROCMAIL_ALLOWED'])) {
if($_SERVER['APP_QU_PROCMAIL_ALLOWED'] == 'false') {
return false;
}
}
if($this->security->isGranted('ROLE_USER')) {
foreach($user->getAccount()->getAllowedModules() as $s) {
if($s == 'ProcMail')
return true;
}
return false;
}
break;
case 'IMAP':
if(isset($_SERVER['APP_QU_IMAP_ALLOWED'])) {
if($_SERVER['APP_QU_IMAP_ALLOWED'] == 'false') {
return false;
}
}
if($this->security->isGranted('ROLE_USER')) {
foreach($user->getAccount()->getAllowedModules() as $s) {
if($s == 'ImapDirs')
return true;
}
return false;
}
break;
case 'NOTICESMS':
if(isset($_SERVER['APP_QU_NOTICE_SMS_ALLOWED'])) {
if($_SERVER['APP_QU_NOTICE_SMS_ALLOWED'] == 'false') {
return false;
}
}
if($this->security->isGranted('ROLE_USER')) {
foreach($user->getAccount()->getAllowedModules() as $s) {
if($s == 'NoticeSms')
return true;
}
return false;
}
break;
case 'STATS':
return true;
case 'LOGIN_MESSAGES':
if(!isset($_SERVER['APP_QP_LOGIN_MSG_ALLOWED'])) {
return false;
}
if(isset($_SERVER['APP_QP_LOGIN_MSG_ALLOWED'])) {
if($_SERVER['APP_QP_LOGIN_MSG_ALLOWED'] == 'false') {
return false;
}
}
if($this->security->isGranted('ROLE_POSTMASTER')) {
return true;
}
return false;
break;
case 'SETTINGS':
if(isset($_SERVER['APP_QU_SETTINGS_ALLOWED'])) {
if($_SERVER['APP_QU_SETTINGS_ALLOWED'] == 'false') {
return false;
}
}
return true;
case 'OPERATION_HISTORY':
if(isset($_SERVER['APP_QU_OPERATION_HISTORY_ALLOWED'])) {
if($_SERVER['APP_QU_OPERATION_HISTORY_ALLOWED'] == 'false') {
return false;
}
}
return true;
case 'LOGIN_HISTORY':
if(isset($_SERVER['APP_QU_LOGIN_HISTORY_ALLOWED'])) {
if($_SERVER['APP_QU_LOGIN_HISTORY_ALLOWED'] == 'false') {
return false;
}
}
return true;
case 'MASS_SEND':
if($this->security->isGranted('ROLE_ADMIN')) {
return true;
}
if($this->security->isGranted('ROLE_POSTMASTER')) {
if(in_array($subject->getUserDomain(), $user->getDomains())) {
return true;
}
}
if($this->security->isGranted('ROLE_POSTMASTER_MIN')) {
if(in_array($subject->getUserDomain(), $user->getDomains())) {
return true;
}
}
if($this->security->isGranted('ROLE_GROUPMASTER')) {
if(in_array($subject->getUserDomain(), $user->getDomains())) {
if(in_array($subject->userAddress(), $user->getAccounts()))
return true;
}
}
if($this->security->isGranted('ROLE_USER')) {
// only possible to "mass send" to his own account
if($subject->userAddress() == $user->getUsername()) {
return true;
}
}
break;
case 'MASS_CHANGE_QUOTA':
if($this->security->isGranted('ROLE_ADMIN')) {
return true;
}
if($this->security->isGranted('ROLE_POSTMASTER')) {
if(in_array($subject->getUserDomain(), $user->getDomains())) {
return true;
}
}
if($this->security->isGranted('ROLE_POSTMASTER_MIN')) {
return false;
}
if($this->security->isGranted('ROLE_GROUPMASTER')) {
if(in_array($subject->getUserDomain(), $user->getDomains())) {
if(in_array($subject->userAddress(), $user->getAccounts()))
return true;
}
}
if($this->security->isGranted('ROLE_USER')) {
// only possible to "mass send" to his own account
if($subject->userAddress() == $user->getUsername()) {
return true;
}
}
break;
case 'DOMAIN_SETTINGS':
if($this->security->isGranted('ROLE_ADMIN')) {
return true;
}
if($this->security->isGranted('ROLE_POSTMASTER')) {
if(in_array($subject->getUserDomain(), $user->getDomains())) {
return true;
}
}
if($this->security->isGranted('ROLE_GROUPMASTER')) {
return false;
}
if($this->security->isGranted('ROLE_USER')) {
return false;
}
break;
// admin modules
case 'ADMIN_DOMAINS_SHOW':
if(isset($_SERVER['APP_QA_DOMAINS_SHOW_ALLOWED'])) {
if($_SERVER['APP_QA_DOMAINS_SHOW_ALLOWED'] == 'false') {
return false;
}
}
return true;
break;
case 'ADMIN_DOMAINS_NEW':
if(isset($_SERVER['APP_QA_DOMAINS_ADD_ALLOWED'])) {
if($_SERVER['APP_QA_DOMAINS_ADD_ALLOWED'] == 'false') {
return false;
}
}
return true;
break;
case 'ADMIN_ALIASES_SHOW':
if(isset($_SERVER['APP_QA_ALIASES_SHOW_ALLOWED'])) {
if($_SERVER['APP_QA_ALIASES_SHOW_ALLOWED'] == 'false') {
return false;
}
}
return true;
break;
case 'ADMIN_ALIASES_NEW':
if(isset($_SERVER['APP_QA_ALIASES_ADD_ALLOWED'])) {
if($_SERVER['APP_QA_ALIASES_ADD_ALLOWED'] == 'false') {
return false;
}
}
return true;
break;
case 'ADMIN_ROLES_SHOW':
if(isset($_SERVER['APP_QA_ROLES_SHOW_ALLOWED'])) {
if($_SERVER['APP_QA_ROLES_SHOW_ALLOWED'] == 'false') {
return false;
}
}
return true;
break;
case 'ADMIN_ROLES_NEW':
if(isset($_SERVER['APP_QA_ROLES_NEW_ALLOWED'])) {
if($_SERVER['APP_QA_ROLES_NEW_ALLOWED'] == 'false') {
return false;
}
}
return true;
break;
case 'ADMIN_ROLES_DELETE':
if(isset($_SERVER['APP_QA_ROLES_DELETE_ALLOWED'])) {
if($_SERVER['APP_QA_ROLES_DELETE_ALLOWED'] == 'false') {
return false;
}
}
return true;
break;
case 'ADMIN_LOGS':
if(isset($_SERVER['APP_QA_LOGS_ALLOWED'])) {
if($_SERVER['APP_QA_LOGS_ALLOWED'] == 'false') {
return false;
}
}
return true;
break;
case 'ADMIN_SYSTEM_STATUS':
if(isset($_SERVER['APP_QA_SYSTEM_STATUS_ALLOWED'])) {
if($_SERVER['APP_QA_SYSTEM_STATUS_ALLOWED'] == 'false') {
return false;
}
}
return true;
break;
case 'ADMIN_SYSTEM_SETTINGS':
if(isset($_SERVER['APP_QA_SYSTEM_SETTINGS_ALLOWED'])) {
if($_SERVER['APP_QA_SYSTEM_SETTINGS_ALLOWED'] == 'false') {
return false;
}
}
return true;
break;
case 'ADMIN_CHARTS':
if(isset($_SERVER['APP_QA_CHARTS_ALLOWED'])) {
if($_SERVER['APP_QA_CHARTS_ALLOWED'] == 'false') {
return false;
}
}
return true;
break;
}
return false;
}
}

src/Security/Voter/AccountVoter.php line 11