Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2026-03-17 19:28:06 +00:00
Code Issues Actions Projects Releases Wiki Activity

Replace ActivityVoter::SEE with AccompanyingPeriodVoter::SEE for correct authorization check

Browse Source
This commit is contained in:
Julien Fastré
2026-03-16 14:54:47 +00:00
parent 0aa0824831
commit 1524ed8ce9
2 changed files with 9 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
.changes/unreleased/Security-20260316-153605.yaml Normal file
View File

@@ -0,0 +1,7 @@
kind: Security
body: Fix permission in list of activities in person context
time: 2026-03-16T15:36:05.243511868+01:00
custom:
Issue: "506"
MR: "972"
SchemaChange: No schema change

3
src/Bundle/ChillActivityBundle/Repository/ActivityACLAwareRepository.php
View File

@@ -24,6 +24,7 @@ use Chill\MainBundle\Security\Authorization\AuthorizationHelperForCurrentUserInt
use Chill\MainBundle\Security\Resolver\CenterResolverManagerInterface;
use Chill\PersonBundle\Entity\AccompanyingPeriod;
use Chill\PersonBundle\Entity\Person;
use Chill\PersonBundle\Security\Authorization\AccompanyingPeriodVoter;
use Doctrine\DBAL\Types\Types;
use Doctrine\ORM\AbstractQuery;
use Doctrine\ORM\EntityManagerInterface;
@@ -340,7 +341,7 @@ final readonly class ActivityACLAwareRepository implements ActivityACLAwareRepos
}
foreach ($person->getAccompanyingPeriodParticipations() as $participation) {
if (!$this->security->isGranted(ActivityVoter::SEE, $participation->getAccompanyingPeriod())) {
if (!$this->security->isGranted(AccompanyingPeriodVoter::SEE, $participation->getAccompanyingPeriod())) {
continue;
}