throw 403 error instead of 422 and display toast message

2025-06-07 18:44:08 +00:00 · 2022-02-25 13:11:30 +01:00 · 2022-02-25 13:11:30 +01:00 · 16cca07e12
commit 16cca07e12
parent 68bfca8a1f
7 changed files with 17 additions and 44 deletions
--- a/src/Bundle/ChillMainBundle/Resources/public/lib/api/apiMethods.js
+++ b/src/Bundle/ChillMainBundle/Resources/public/lib/api/apiMethods.js
@ -11,16 +11,19 @@ const makeFetch = (method, url, body) => {
    })
    .then(response => {
        if (response.ok) {
+            console.log('200 error')
            return response.json();
        }

        if (response.status === 422) {
+            console.log('422 error')
            return response.json().then(response => {
                throw ValidationException(response)
            });
        }

        if (response.status === 403) {
+            console.log('403 error')
            throw AccessException(response);
        }

@ -92,15 +95,8 @@ const ValidationException = (response) => {
 const AccessException = (response) => {
    const error = {};
    error.name = 'AccessException';
+    error.violations = ['You are not allowed to perform this action'];

-    switch (response.url) {
-        case 'http://localhost:8001/api/1.0/person/accompanying-course/5183/intensity.json':
-            error.violations = ['Only the referrer is allowed to change the intensity of a parcours'];
-            break;
-        default:
-            error.violations = ['You are not allowed to perform this action'];
-            break;
-    }
    return error;
 }

--- a/src/Bundle/ChillPersonBundle/Controller/AccompanyingCourseApiController.php
+++ b/src/Bundle/ChillPersonBundle/Controller/AccompanyingCourseApiController.php
@ -332,11 +332,6 @@ final class AccompanyingCourseApiController extends ApiController

            $accompanyingCourse->setConfidential(!$accompanyingCourse->isConfidential());

-            $errors = $this->validator->validate($accompanyingCourse);
-
-            if ($errors->count() > 0) {
-                return $this->json($errors, 422);
-            }
            $this->getDoctrine()->getManager()->flush();
        }

@ -349,6 +344,7 @@ final class AccompanyingCourseApiController extends ApiController
     */
    public function toggleIntensityApi(AccompanyingPeriod $accompanyingCourse, Request $request)
    {
+
        if ($request->getMethod() === 'POST') {
            $this->denyAccessUnlessGranted(AccompanyingPeriodVoter::TOGGLE_INTENSITY, $accompanyingCourse);

--- a/src/Bundle/ChillPersonBundle/Resources/public/vuejs/AccompanyingCourse/components/Banner/ToggleFlags.vue
+++ b/src/Bundle/ChillPersonBundle/Resources/public/vuejs/AccompanyingCourse/components/Banner/ToggleFlags.vue
@ -58,7 +58,7 @@ export default {
         this.$store.dispatch('toggleIntensity', value)
            .catch(({name, violations}) => {
               if (name === 'ValidationException' || name === 'AccessException') {
-                  violations.forEach((violation) => this.$toast.open({message: this.$t(violation)}));
+                  this.$toast.open({message: this.$t('Only the referrer can toggle the intensity of an accompanying course')})
               } else {
                  this.$toast.open({message: 'An error occurred'})
               }
@ -75,16 +75,11 @@ export default {
            });
      },
      toggleConfidential() {
-         this.$store.dispatch('fetchPermissions').then(() => {
-            if (!this.$store.getters.canTogglePermission) {
-               this.$toast.open({message: "Seul le référent peut modifier la confidentialité"});
-               return Promise.resolve();
-            } else {
-               return this.$store.dispatch('toggleConfidential', (!this.isConfidential));
-            }
-            }).catch(({name, violations}) => {
+         this.$store.dispatch('toggleConfidential')
+            .catch(({name, violations}) => {
+               console.log(name);
               if (name === 'ValidationException' || name === 'AccessException') {
-                  violations.forEach((violation) => this.$toast.open({message: violation}));
+                  this.$toast.open({message: this.$t('Only the referrer can toggle the confidentiality of an accompanying course')})
               } else {
                  this.$toast.open({message: 'An error occurred'})
               }
--- a/src/Bundle/ChillPersonBundle/Resources/public/vuejs/AccompanyingCourse/js/i18n.js
+++ b/src/Bundle/ChillPersonBundle/Resources/public/vuejs/AccompanyingCourse/js/i18n.js
@ -167,7 +167,8 @@ const appMessages = {
      'Error while retriving users.': "Erreur du serveur lors du chargement de la liste des travailleurs.",
      'Error while getting whoami.': "Erreur du serveur lors de la requête 'qui suis-je ?'",
      'Error while retriving origin\'s list.': "Erreur du serveur lors du chargement de la liste des origines de la demande.",
-      'Only the referrer is allowed to change the intensity of a parcours': "Seul le référent peut modifier l'intensité d'un parcours."
+      'Only the referrer can toggle the intensity of an accompanying course': "Seul le référent peut modifier l'intensité d'un parcours.",
+      'Only the referrer can toggle the confidentiality of an accompanying course': "Seul le référent peut modifier la confidentialité d'un parcours."
   }
 };

--- a/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodVoter.php
+++ b/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodVoter.php
@ -131,15 +131,17 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRoleH
            }

            if (self::TOGGLE_CONFIDENTIAL === $attribute) {
-                if ($subject->getUser() === $token->getUser()) {
+                if (null != $subject->getUser() && ($subject->getUser() === $token->getUser())) {
                    return true;
                }

-                return $this->voterHelper->voteOnAttribute(self::TOGGLE_CONFIDENTIAL_ALL, $subject, $token);
+                return false;
+
+                // return $this->voterHelper->voteOnAttribute(self::TOGGLE_CONFIDENTIAL_ALL, $subject, $token);
            }

            if (self::TOGGLE_INTENSITY === $attribute) {
-                if ($subject->getUser() === $token->getUser()) {
+                if (null != $subject->getUser() && ($subject->getUser() === $token->getUser())) {
                    return true;
                }

--- a/src/Bundle/ChillPersonBundle/Validator/Constraints/AccompanyingPeriod/AccompanyingPeriodValidity.php
+++ b/src/Bundle/ChillPersonBundle/Validator/Constraints/AccompanyingPeriod/AccompanyingPeriodValidity.php
@ -18,9 +18,6 @@ use Symfony\Component\Validator\Constraint;
 */
 class AccompanyingPeriodValidity extends Constraint
 {
-    public $messageReferrerIsCurrentUser = 'Only the referrer can change the confidentiality of a parcours';
-
-    public $messageReferrerIsNull = 'A confidential parcours must have a referrer';

    public $messageSocialIssueCannotBeDeleted = 'The social %name% issue cannot be deleted because it is associated with an activity or an action';

--- a/src/Bundle/ChillPersonBundle/Validator/Constraints/AccompanyingPeriod/AccompanyingPeriodValidityValidator.php
+++ b/src/Bundle/ChillPersonBundle/Validator/Constraints/AccompanyingPeriod/AccompanyingPeriodValidityValidator.php
@ -92,19 +92,5 @@ class AccompanyingPeriodValidityValidator extends ConstraintValidator
                    ->addViolation();
            }
        }
-
-        /** Check if confidentiality can be toggled */
-        $user = $period->getUser();
-        $currentUser = $this->token->getToken()->getUser();
-
-        if ($user && ($user !== $currentUser) && $period->isConfidential() === true) {
-            $this->context->buildViolation($constraint->messageReferrerIsCurrentUser)
-                ->addViolation();
-        }
-
-        if (null === $user && $period->isConfidential() === true) {
-            $this->context->buildViolation($constraint->messageReferrerIsNull)
-                ->addViolation();
-        }
    }
 }