Minor fixes for closing accompanying course:

* check that transition can be applyied in menu; * change organisation for activityVoter, and check for authorization in Activity Controller * fix label 'create' in accompanying course document * minor fix in accompanying course document voter * change color when course is closed and show old user, and startdate / enddate
2025-08-21 07:03:49 +00:00 · 2021-11-22 20:24:08 +01:00
parent 4c1e416a14
commit 0867965d9c
8 changed files with 95 additions and 28 deletions
--- a/src/Bundle/ChillActivityBundle/Security/Authorization/ActivityVoter.php
+++ b/src/Bundle/ChillActivityBundle/Security/Authorization/ActivityVoter.php
@@ -40,7 +40,32 @@ use Symfony\Component\Security\Core\Security;
 */
 class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyInterface
 {
+    /**
+     * allow to create an activity, which will either be associated to an
+     * accompanying course or person.
+     *
+     * It is safe for usage in template and controller
+     */
    const CREATE = 'CHILL_ACTIVITY_CREATE';
+
+    /**
+     * role to allow to create an activity associated win an accompanying course.
+     *
+     * Before using this, check if @link{self::CREATE} is not sufficiant
+     *
+     * @internal
+     */
+    const CREATE_ACCOMPANYING_COURSE = 'CHILL_ACTIVITY_CREATE_ACCOMPANYING_COURSE';
+
+    /**
+     * role to allow to create an activity associated with a person
+     *
+     * Before using this, check if @link{self::CREATE} is not sufficiant
+     *
+     * @internal
+     */
+    const CREATE_PERSON = 'CHILL_ACTIVITY_CREATE_PERSON';
+
    const SEE    = 'CHILL_ACTIVITY_SEE';
    const SEE_DETAILS = 'CHILL_ACTIVITY_SEE_DETAILS';
    const UPDATE = 'CHILL_ACTIVITY_UPDATE';
@@ -90,10 +115,22 @@ class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyIn
                if (!$this->security->isGranted(PersonVoter::SEE, $subject->getPerson())) {
                    return false;
                }
+
+                // change attribute CREATE
+                if (self::CREATE === $attribute) {
+                    $attribute = self::CREATE_PERSON;
+                }
            } elseif ($subject->getAccompanyingPeriod() instanceof AccompanyingPeriod) {
                if (!$this->security->isGranted(AccompanyingPeriodVoter::SEE, $subject->getAccompanyingPeriod())) {
                    return false;
                }
+
+                if (self::CREATE === $attribute) {
+                    if (AccompanyingPeriod::STEP_CLOSED === $subject->getAccompanyingPeriod()->getStep()) {
+                        return false;
+                    }
+                    $attribute = self::CREATE_ACCOMPANYING_COURSE;
+                }
            } else {
                throw new \RuntimeException("could not determine context of activity");
            }
@@ -106,16 +143,23 @@ class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyIn
                }
            }
        }
-        
+
        return $this->voterHelper->voteOnAttribute($attribute, $subject, $token);
    }


    public function getRoles()
    {
-        return self::ALL;
+        return [
+            self::CREATE_PERSON,
+            self::CREATE_ACCOMPANYING_COURSE,
+            self::UPDATE,
+            self::DELETE,
+            self::FULL
+        ];
    }

+
    public function getRolesWithoutScope()
    {
        return [];