Update calendar and activity voters in security checks

This commit adjusts the conditions in CalendarVoter and ActivityVoter security checks. Now it takes into account both STEP_DRAFT and STEP_CLOSED statuses in determining permissions. This enhancement ensures tighter control over specific actions in these two scenarios, enhancing the overall application security.
2025-06-28 21:16:13 +00:00 · 2024-06-13 12:08:41 +02:00 · 2024-06-13 12:08:41 +02:00 · 008f344e49
commit 008f344e49
parent 90bfd87ec6
4 changed files with 4 additions and 4 deletions
--- a/src/Bundle/ChillActivityBundle/Menu/AccompanyingCourseQuickMenuBuilder.php
+++ b/src/Bundle/ChillActivityBundle/Menu/AccompanyingCourseQuickMenuBuilder.php
@ -16,7 +16,7 @@ use Chill\MainBundle\Routing\LocalMenuBuilderInterface;
 use Knp\Menu\MenuItem;
 use Symfony\Component\Security\Core\Security;

-class AccompanyingCourseQuickMenuBuilder implements LocalMenuBuilderInterface
+final readonly class AccompanyingCourseQuickMenuBuilder implements LocalMenuBuilderInterface
 {
    public function __construct(private Security $security)
    {
--- a/src/Bundle/ChillActivityBundle/Security/Authorization/ActivityVoter.php
+++ b/src/Bundle/ChillActivityBundle/Security/Authorization/ActivityVoter.php
@ -145,7 +145,7 @@ class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyIn
                throw new \RuntimeException('Could not determine context of activity.');
            }
        } elseif ($subject instanceof AccompanyingPeriod) {
-            if (AccompanyingPeriod::STEP_CLOSED === $subject->getStep()) {
+            if (AccompanyingPeriod::STEP_CLOSED === $subject->getStep() || AccompanyingPeriod::STEP_DRAFT === $subject->getStep()) {
                if (\in_array($attribute, [self::UPDATE, self::CREATE, self::DELETE], true)) {
                    return false;
                }
--- a/src/Bundle/ChillCalendarBundle/Menu/AccompanyingCourseQuickMenuBuilder.php
+++ b/src/Bundle/ChillCalendarBundle/Menu/AccompanyingCourseQuickMenuBuilder.php
@ -16,7 +16,7 @@ use Chill\MainBundle\Routing\LocalMenuBuilderInterface;
 use Knp\Menu\MenuItem;
 use Symfony\Component\Security\Core\Security;

-class AccompanyingCourseQuickMenuBuilder implements LocalMenuBuilderInterface
+final readonly class AccompanyingCourseQuickMenuBuilder implements LocalMenuBuilderInterface
 {
    public function __construct(private Security $security)
    {
--- a/src/Bundle/ChillCalendarBundle/Security/Voter/CalendarVoter.php
+++ b/src/Bundle/ChillCalendarBundle/Security/Voter/CalendarVoter.php
@ -89,7 +89,7 @@ class CalendarVoter extends AbstractChillVoter implements ProvideRoleHierarchyIn
            switch ($attribute) {
                case self::SEE:
                case self::CREATE:
-                    if (AccompanyingPeriod::STEP_DRAFT === $subject->getStep()) {
+                    if (AccompanyingPeriod::STEP_DRAFT === $subject->getStep() || AccompanyingPeriod::STEP_CLOSED === $subject->getStep()) {
                        return false;
                    }