55 lines
1.8 KiB
PHP
55 lines
1.8 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\State;
|
|
|
|
use ApiPlatform\Metadata\Operation;
|
|
use ApiPlatform\State\ProcessorInterface;
|
|
use App\Entity\User;
|
|
use App\Entity\WorkHour;
|
|
use App\Security\EmployeeScopeService;
|
|
use Doctrine\ORM\EntityManagerInterface;
|
|
use Symfony\Bundle\SecurityBundle\Security;
|
|
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
|
|
|
|
final readonly class WorkHourSiteValidationProcessor implements ProcessorInterface
|
|
{
|
|
public function __construct(
|
|
private Security $security,
|
|
private EmployeeScopeService $employeeScopeService,
|
|
private EntityManagerInterface $entityManager,
|
|
) {}
|
|
|
|
public function process(mixed $data, Operation $operation, array $uriVariables = [], array $context = []): WorkHour
|
|
{
|
|
if (!$data instanceof WorkHour) {
|
|
throw new AccessDeniedHttpException('Invalid payload.');
|
|
}
|
|
|
|
$user = $this->security->getUser();
|
|
if (!$user instanceof User) {
|
|
throw new AccessDeniedHttpException('Authentication required.');
|
|
}
|
|
|
|
// Réservé aux profils "Sites" (ni admin, ni self).
|
|
if (in_array('ROLE_ADMIN', $user->getRoles(), true) || in_array('ROLE_SELF', $user->getRoles(), true)) {
|
|
throw new AccessDeniedHttpException('Only site managers can update site validation.');
|
|
}
|
|
|
|
$siteId = $data->getEmployee()?->getSite()?->getId();
|
|
if (!$siteId) {
|
|
throw new AccessDeniedHttpException('Employee site is required.');
|
|
}
|
|
|
|
$allowedSiteIds = $this->employeeScopeService->getAllowedSiteIds($user);
|
|
if (!in_array($siteId, $allowedSiteIds, true)) {
|
|
throw new AccessDeniedHttpException('Employee is outside your site scope.');
|
|
}
|
|
|
|
$this->entityManager->flush();
|
|
|
|
return $data;
|
|
}
|
|
}
|