Symfony Profiler

<?php
namespace App\Security\Voter;
use App\Util\AccountTools;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\User\UserInterface;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
use Symfony\Component\Security\Core\Security;
class AliasVoter extends Voter
{
private $security;
public function __construct(Security $security)
{
$this->security = $security;
}
protected function supports($attribute, $subject) : bool
{
// NEW actions don't yet have objects
if(in_array($attribute, ['NEW_ALIAS']))
return true;
return in_array($attribute, ['EDIT', 'DELETE', 'EDITGLOBAL', 'MASS_SEND'])
&& $subject instanceof \App\Model\Alias;
}
protected function voteOnAttribute($attribute, $subject, TokenInterface $token) : bool
{
$user = $token->getUser();
// if the user is anonymous, do not grant access
if (!$user instanceof UserInterface) {
return false;
}
switch ($attribute) {
case 'EDIT':
if($this->security->isGranted('ROLE_POSTMASTER')) {
return true;
}
if($this->security->isGranted('ROLE_GROUPMASTER')) {
foreach($user->getAccounts() as $acc) {
if($acc == $subject->getDest()) {
return true;
}
}
return false;
}
break;
case 'DELETE':
if($this->security->isGranted('ROLE_POSTMASTER')) {
// check the list of system aliases
if(!isset($_SERVER['APP_SYSTEM_ALIASES'])) {
return true;
}
$systemAliases = AccountTools::envToArray($_SERVER['APP_SYSTEM_ALIASES']);
$aliasSrcArr = explode('@', $subject->getSrc());
if(count($aliasSrcArr) != 2) {
return false;
}
foreach($systemAliases as $sa) {
if($aliasSrcArr[0] == $sa) {
return false;
}
}
return true;
}
break;
case 'NEW_ALIAS':
if($this->security->isGranted('ROLE_POSTMASTER'))
return true;
break;
case 'EDITGLOBAL':
if($this->security->isGranted('ROLE_ADMIN')) {
return true;
}
if($this->security->isGranted('ROLE_POSTMASTER_MANY')) {
if($subject->getSrc() == "") { // new alias
return true;
}
$userDomainArr = explode('@', $subject->getSrc());
if(sizeof($userDomainArr) != 2) {
return false;
}
foreach($user->getDomains() as $d) {
if($userDomainArr[1] == $d) {
return true;
}
}
return false;
}
if($this->security->isGranted('ROLE_POSTMASTER')) {
if($subject->getSrc() == "") { // new alias
return true;
}
$subjUserDomainArr = explode('@', $subject->getSrc());
$userDomainArr = explode('@', $user->getUsername());
if(sizeof($subjUserDomainArr) != 2 || sizeof($userDomainArr) != 2) {
return false;
}
if($userDomainArr[1] == $subjUserDomainArr[1]) {
return true;
}
return false;
}
break;
case 'MASS_SEND':
$userDomainArr = explode('@', $subject->getSrc());
if(sizeof($userDomainArr) != 2) {
return false;
}
if($this->security->isGranted('ROLE_ADMIN')) {
return true;
}
if($this->security->isGranted('ROLE_POSTMASTER')) {
if(in_array($userDomainArr[1], $user->getDomains())) {
return true;
}
}
if($this->security->isGranted('ROLE_POSTMASTER_MIN')) {
if(in_array($userDomainArr[1], $user->getDomains())) {
return true;
}
}
if($this->security->isGranted('ROLE_GROUPMASTER')) {
if(in_array($userDomainArr[1], $user->getDomains())) {
return true;
/*if(in_array($subject->getSrc(), $user->getAccounts()))
return true;*/
}
}
if($this->security->isGranted('ROLE_USER')) {
// only possible to "mass send" to his own account
if($subject->getSrc() == $user->getUsername()) {
return true;
}
}
break;
}
return false;
}
}

src/Security/Voter/AliasVoter.php line 12