upgrade voter and acl for activities and implement autoconfiguration for

ChillProvideRole interface
2025-08-27 10:03:49 +00:00 · 2021-09-20 13:03:59 +02:00
parent b6c58a5c31
commit 120f7d8026
11 changed files with 236 additions and 101 deletions
--- a/src/Bundle/ChillActivityBundle/Controller/ActivityController.php
+++ b/src/Bundle/ChillActivityBundle/Controller/ActivityController.php
@@ -22,6 +22,9 @@

 namespace Chill\ActivityBundle\Controller;

+use Chill\ActivityBundle\Repository\ActivityACLAwareRepository;
+use Chill\ActivityBundle\Repository\ActivityACLAwareRepositoryInterface;
+use Chill\ActivityBundle\Security\Authorization\ActivityVoter;
 use Chill\MainBundle\Security\Authorization\AuthorizationHelper;
 use Chill\PersonBundle\Entity\AccompanyingPeriod;
 use Chill\PersonBundle\Entity\Person;
@@ -53,12 +56,16 @@ class ActivityController extends AbstractController

    protected SerializerInterface $serializer;

+    protected ActivityACLAwareRepositoryInterface $activityACLAwareRepository;
+
    public function __construct(
+        ActivityACLAwareRepositoryInterface $activityACLAwareRepository,
        EventDispatcherInterface $eventDispatcher,
        AuthorizationHelper $authorizationHelper,
        LoggerInterface $logger,
        SerializerInterface $serializer
    ) {
+        $this->activityACLAwareRepository = $activityACLAwareRepository;
        $this->eventDispatcher = $eventDispatcher;
        $this->authorizationHelper = $authorizationHelper;
        $this->logger = $logger;
@@ -77,13 +84,9 @@ class ActivityController extends AbstractController
        [$person, $accompanyingPeriod] = $this->getEntity($request);

        if ($person instanceof Person) {
-            $reachableScopes = $this->authorizationHelper
-                ->getReachableCircles($this->getUser(), new Role('CHILL_ACTIVITY_SEE'),
-                    $person->getCenter());
-
-            $activities = $em->getRepository(Activity::class)
-                ->findByPersonImplied($person, $reachableScopes)
-                ;
+            $this->denyAccessUnlessGranted(ActivityVoter::SEE, $person);
+            $activities = $this->activityACLAwareRepository
+                ->findByPerson($person, ActivityVoter::SEE, 0, null);

            $event = new PrivacyEvent($person, array(
                'element_class' => Activity::class,
@@ -93,10 +96,10 @@ class ActivityController extends AbstractController

            $view = 'ChillActivityBundle:Activity:listPerson.html.twig';
        } elseif ($accompanyingPeriod instanceof AccompanyingPeriod) {
-            $activities = $em->getRepository('ChillActivityBundle:Activity')->findBy(
-                ['accompanyingPeriod' => $accompanyingPeriod],
-                ['date' => 'DESC'],
-            );
+            $this->denyAccessUnlessGranted(ActivityVoter::SEE, $accompanyingPeriod);
+
+            $activities = $this->activityACLAwareRepository
+                ->findByAccompanyingPeriod($accompanyingPeriod, ActivityVoter::SEE);

            $view = 'ChillActivityBundle:Activity:listAccompanyingCourse.html.twig';
        }
@@ -238,7 +241,7 @@ class ActivityController extends AbstractController
        if (!$entity) {
            throw $this->createNotFoundException('Unable to find Activity entity.');
        }
-        
+
        if (null !== $accompanyingPeriod) {
           $entity->personsAssociated = $entity->getPersonsAssociated();
           $entity->personsNotAssociated = $entity->getPersonsNotAssociated();