improve userPicker: delegate query to authorization helper

2025-08-27 10:03:49 +00:00 · 2018-06-05 09:45:22 +02:00
parent 514b619f8a
commit 13dbaa0b78
5 changed files with 67 additions and 35 deletions
--- a/Security/Authorization/AuthorizationHelper.php
+++ b/Security/Authorization/AuthorizationHelper.php
@@ -27,6 +27,9 @@ use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
 use Symfony\Component\Security\Core\Role\Role;
 use Chill\MainBundle\Entity\Scope;
 use Chill\MainBundle\Security\RoleProvider;
+use Doctrine\ORM\EntityManagerInterface;
+use Chill\MainBundle\Entity\GroupCenter;
+use Chill\MainBundle\Entity\RoleScope;

 /**
 * Helper for authorizations. 
@@ -51,15 +54,20 @@ class AuthorizationHelper
     */
    protected $hierarchy;
    
-    protected $existingRoles = array('CHILL_MASTER_ROLE', 'CHILL_PERSON_SEE', 
-       'CHILL_PERSON_UPDATE',);
+    /**
+     *
+     * @var EntityManagerInterface
+     */
+    protected $em;
    
    public function __construct(
        RoleHierarchyInterface $roleHierarchy,
-        $hierarchy
+        $hierarchy,
+        EntityManagerInterface $em
    ) {
        $this->roleHierarchy = $roleHierarchy;
        $this->hierarchy     = $hierarchy;
+        $this->em = $em;
    }
    
    /**
@@ -219,7 +227,40 @@ class AuthorizationHelper
        return $scopes;
    }
    
-    
+    /**
+     * 
+     * @param Role $role
+     * @param Center $center
+     * @param Scope $circle
+     * @return Users
+     */
+    public function findUsersReaching(Role $role, Center $center, Scope $circle = null)
+    {
+        $parents = $this->getParentRoles($role);
+        $parents[] = $role;
+        $parentRolesString = \array_map(function(Role $r) { return $r->getRole(); }, $parents);
+        
+        $qb = $this->em->createQueryBuilder();
+        $qb
+            ->select('u')
+            ->from(User::class, 'u')
+            ->join('u.groupCenters', 'gc')
+            ->join('gc.permissionsGroup', 'pg')
+            ->join('pg.roleScopes', 'rs')
+            ->where('gc.center = :center')
+            ->andWhere($qb->expr()->in('rs.role', $parentRolesString))
+            ;
+        
+        $qb->setParameter('center', $center);
+        
+        if ($circle !== null) {
+            $qb->andWhere('rs.scope = :circle')
+                ->setParameter('circle', $circle)
+                ;
+        }
+        
+        return $qb->getQuery()->getResult();
+    }
    
    /**
     * Test if a parent role may give access to a given child role