<?phpdeclare(strict_types=1);/** * OrderVoter.php File. * This file is part of the Payment.net Project. * * PHP version 5 * * @category Application * @package Bdm\BackofficeBundle\Security\Authorization\Voter * @author Pavel Baraulya <pbaraulya@bdmultimedia.fr> * @link http://www.payment.net/ * * FEATURES : * ========== * * TODO-LIST : * =========== * * HISTORY : * ========= * 20150709 - Pavel Baraulya * **/namespace Bdm\BackofficeBundle\Security\Authorization\Voter;use Bdm\BackofficeBundle\Entity\Application;use Bdm\BackofficeBundle\Entity\Merchant;use Bdm\CheckoutBundle\Entity\Order;use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;/** * Voter for order entity */class OrderVoter extends AbstractVoter{ /** * @param string $sAttribute attribute * @param mixed $oSubject subject * @return bool */ #[\Override] public function supports($sAttribute, $oSubject) { return $oSubject instanceof Order && parent::supports($sAttribute, $oSubject); } /** * @param string $sAttr attr * @param mixed $mEntity entity * @param TokenInterface $oToken token * * @return bool */ protected function voteOnAttribute($sAttr, $mEntity, TokenInterface $oToken) { $oUser = $oToken->getUser(); if (!$oUser instanceof Merchant) { return false; } return (bool) $this->findByOwner($oUser->getId(), $mEntity->getId()); } /** * Find entity by owner id * * @param int $iOwnerId owner id * @param int $iEntityId entity id * * @return mixed * @throws \Doctrine\ORM\NonUniqueResultException */ protected function findByOwner($iOwnerId, $iEntityId) { $oQuery = $this->oEm->createQuery(' SELECT o FROM ' . Order::class . ' o WHERE o.oApplication IN ( SELECT a.iId FROM ' . Application::class . ' a WHERE a.oMerchant = :owner_id ) AND o.iId = :entity_id '); $oQuery->setParameters(['owner_id' => $iOwnerId, 'entity_id' => $iEntityId]); return $oQuery->getOneOrNullResult(); }}