introducer UserCircleConsistency validator

This validator allow to check that the entity is consistent between user associated with the entity, and the scope. The entity is consistent if the user associated can reach the scope for the ROLE "SEE/SHOW". This is a Constraint with scope Class. Example of utilisation: ``` @UserCircleConsistency( * "CHILL_TASK_TASK_SEE", * getUserFunction="getAssignee", * path="circle" * ) class MyEntity { // ... public function getAssignee() { // return user } } ```
2025-06-07 18:44:08 +00:00 · 2018-04-16 17:20:34 +02:00 · 2018-04-16 17:20:34 +02:00 · 190e2f48b3
commit 190e2f48b3
parent 96cd18563b
6 changed files with 127 additions and 1 deletions
--- a/DependencyInjection/ChillMainExtension.php
+++ b/DependencyInjection/ChillMainExtension.php
@ -92,6 +92,7 @@ class ChillMainExtension extends Extension implements PrependExtensionInterface,
        $loader->load('services/pagination.yml');
        $loader->load('services/export.yml');
        $loader->load('services/form.yml');
+        $loader->load('services/validator.yml');
        
    }
    
--- a/Resources/config/services/validator.yml
+++ b/Resources/config/services/validator.yml
@ -0,0 +1,7 @@
+services:
+    chill_main.validator_user_circle_consistency:
+        class: Chill\MainBundle\Validator\Constraints\Entity\UserCircleConsistencyValidator
+        arguments:
+            - "@chill.main.security.authorization.helper"
+        tags:
+            - { name: "validator.constraint_validator" }
--- a/Resources/translations/messages.fr.yml
+++ b/Resources/translations/messages.fr.yml
@ -31,6 +31,7 @@ not valid: non valide
 Confirm: Confirmer
 Cancel: Annuler
 Save: Enregistrer
+This form contains errors: Ce formulaire contient des erreurs

 'You are going to leave a page with unsubmitted data. Are you sure you want to leave ?': "Vous allez quitter la page alors que des données n'ont pas été enregistrées. Êtes vous sûr de vouloir partir ?"

--- a/Resources/translations/validators.fr.yml
+++ b/Resources/translations/validators.fr.yml
@ -5,4 +5,7 @@ The role "%role%" should not be associated with a scope.: Le rôle "%role%" ne d
 "The password must contains one letter, one capitalized letter, one number and one special character as *[@#$%!,;:+\"'-/{}~=µ()£]). Other characters are allowed.": "Le mot de passe doit contenir une majuscule, une minuscule, et au moins un caractère spécial parmi *[@#$%!,;:+\"'-/{}~=µ()£]). Les autres caractères sont autorisés."
 The password fields must match: Les mots de passe doivent correspondre

-A permission is already present for the same role and scope: Une permission est déjà présente pour le même rôle et cercle.
+A permission is already present for the same role and scope: Une permission est déjà présente pour le même rôle et cercle.
+
+#UserCircleConsistency
+"{{ username }} is not allowed to see entities published in this circle": "{{ username }} n'est pas autorisé à voir l'élément publié dans ce cercle."
--- a/Validator/Constraints/Entity/UserCircleConsistency.php
+++ b/Validator/Constraints/Entity/UserCircleConsistency.php
@ -0,0 +1,52 @@
+<?php
+/*
+ * Copyright (C) 2018 Champs Libres Cooperative <info@champs-libres.coop>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+namespace Chill\MainBundle\Validator\Constraints\Entity;
+
+use Symfony\Component\Validator\Constraint;
+
+/**
+ * 
+ *
+ * @Annotation
+ */
+class UserCircleConsistency extends Constraint
+{
+    public $message = "{{ username }} is not allowed to see entities published in this circle";
+    
+    public $role;
+    
+    public $getUserFunction = 'getUser';
+    
+    public $path = 'circle';
+    
+    public function getDefaultOption()
+    {
+        return 'role';
+    }
+    
+    public function getRequiredOptions()
+    {
+        return [ 'role' ];
+    }
+    
+    public function getTargets()
+    {
+        return self::CLASS_CONSTRAINT;
+    }
+    
+}
--- a/Validator/Constraints/Entity/UserCircleConsistencyValidator.php
+++ b/Validator/Constraints/Entity/UserCircleConsistencyValidator.php
@ -0,0 +1,62 @@
+<?php
+/*
+ * Copyright (C) 2018 Champs Libres Cooperative <info@champs-libres.coop>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+namespace Chill\MainBundle\Validator\Constraints\Entity;
+
+use Chill\MainBundle\Security\Authorization\AuthorizationHelper;
+use Symfony\Component\Validator\Constraint;
+use Symfony\Component\Validator\ConstraintValidator;
+use Chill\MainBundle\Entity\HasScopeInterface;
+
+/**
+ * 
+ *
+ */
+class UserCircleConsistencyValidator extends ConstraintValidator
+{
+    /**
+     *
+     * @var AuthorizationHelper
+     */
+    protected $autorizationHelper;
+    
+    function __construct(AuthorizationHelper $autorizationHelper)
+    {
+        $this->autorizationHelper = $autorizationHelper;
+    }
+
+    
+    /**
+     * 
+     * @param object $value
+     * @param UserCircleConsistency $constraint
+     */
+    public function validate($value, Constraint $constraint)
+    {
+        /* @var $user \Chill\MainBundle\Entity\User */
+        $user = \call_user_func([$value, $constraint->getUserFunction ]);
+        
+        if (FALSE === $this->autorizationHelper->userHasAccess($user, $value, $constraint->role)) {
+            $this->context
+                ->buildViolation($constraint->message)
+                ->setParameter('{{ username }}', $user->getUsername())
+                ->atPath($constraint->path)
+                ->addViolation()
+                ;
+        }
+    }
+}