Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-08-28 02:23:51 +00:00
Code Issues Actions Projects Releases Wiki Activity

Update calendar and activity voters in security checks

Browse Source 
This commit adjusts the conditions in CalendarVoter and ActivityVoter security checks. Now it takes into account both STEP_DRAFT and STEP_CLOSED statuses in determining permissions. This enhancement ensures tighter control over specific actions in these two scenarios, enhancing the overall application security.
This commit is contained in:
Julien Fastré
2024-06-13 12:08:41 +02:00
parent 90bfd87ec6
commit 008f344e49
4 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Bundle/ChillCalendarBundle/Menu/AccompanyingCourseQuickMenuBuilder.php
View File

@@ -16,7 +16,7 @@ use Chill\MainBundle\Routing\LocalMenuBuilderInterface;
use Knp\Menu\MenuItem;
use Symfony\Component\Security\Core\Security;
class AccompanyingCourseQuickMenuBuilder implements LocalMenuBuilderInterface
final readonly class AccompanyingCourseQuickMenuBuilder implements LocalMenuBuilderInterface
{
public function __construct(private Security $security)
{

2
src/Bundle/ChillCalendarBundle/Security/Voter/CalendarVoter.php
View File

@@ -89,7 +89,7 @@ class CalendarVoter extends AbstractChillVoter implements ProvideRoleHierarchyIn
switch ($attribute) {
case self::SEE:
case self::CREATE:
if (AccompanyingPeriod::STEP_DRAFT === $subject->getStep()) {
if (AccompanyingPeriod::STEP_DRAFT === $subject->getStep() || AccompanyingPeriod::STEP_CLOSED === $subject->getStep()) {
return false;
}