Merge remote-tracking branch 'origin/master' into rector/rules-up-to-php80

Conflicts: src/Bundle/ChillActivityBundle/Controller/ActivityController.php src/Bundle/ChillActivityBundle/Export/Aggregator/ACPAggregators/DateAggregator.php src/Bundle/ChillActivityBundle/Menu/PersonMenuBuilder.php src/Bundle/ChillActivityBundle/Repository/ActivityACLAwareRepository.php src/Bundle/ChillActivityBundle/Service/DocGenerator/ActivityContext.php src/Bundle/ChillCalendarBundle/Command/MapAndSubscribeUserCalendarCommand.php src/Bundle/ChillCalendarBundle/RemoteCalendar/Connector/MSGraph/MSGraphUserRepository.php src/Bundle/ChillDocStoreBundle/Controller/DocumentAccompanyingCourseController.php src/Bundle/ChillDocStoreBundle/Controller/DocumentPersonController.php src/Bundle/ChillDocStoreBundle/Repository/PersonDocumentACLAwareRepository.php src/Bundle/ChillEventBundle/Search/EventSearch.php src/Bundle/ChillMainBundle/Controller/ExportController.php src/Bundle/ChillMainBundle/Controller/PermissionsGroupController.php src/Bundle/ChillMainBundle/Cron/CronManager.php src/Bundle/ChillMainBundle/Entity/CronJobExecution.php src/Bundle/ChillMainBundle/Export/ExportManager.php src/Bundle/ChillMainBundle/Form/Type/Export/PickCenterType.php src/Bundle/ChillMainBundle/Form/Type/Listing/FilterOrderType.php src/Bundle/ChillMainBundle/Repository/NotificationRepository.php src/Bundle/ChillMainBundle/Templating/Listing/FilterOrderHelper.php src/Bundle/ChillMainBundle/Templating/Listing/FilterOrderHelperBuilder.php src/Bundle/ChillMainBundle/Templating/Listing/FilterOrderHelperFactory.php src/Bundle/ChillPersonBundle/Controller/AccompanyingCourseWorkController.php src/Bundle/ChillPersonBundle/Controller/SocialWorkSocialActionApiController.php src/Bundle/ChillPersonBundle/Export/Aggregator/PersonAggregators/AgeAggregator.php src/Bundle/ChillPersonBundle/Export/Export/ListAccompanyingPeriod.php src/Bundle/ChillPersonBundle/Export/Export/ListHouseholdInPeriod.php src/Bundle/ChillPersonBundle/Repository/AccompanyingPeriodACLAwareRepository.php src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodVoter.php src/Bundle/ChillPersonBundle/Service/DocGenerator/AccompanyingPeriodContext.php src/Bundle/ChillPersonBundle/Service/DocGenerator/AccompanyingPeriodWorkEvaluationContext.php src/Bundle/ChillPersonBundle/Service/DocGenerator/PersonContext.php src/Bundle/ChillReportBundle/DataFixtures/ORM/LoadReports.php src/Bundle/ChillTaskBundle/Controller/SingleTaskController.php
2025-08-30 03:23:48 +00:00 · 2023-07-17 12:49:13 +02:00
parent 737f5f9275 1ebf68683f
commit 224c2c74e8
544 changed files with 18622 additions and 2105 deletions
--- a/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodVoter.php
+++ b/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodVoter.php
@@ -18,6 +18,7 @@ use Chill\MainBundle\Security\Authorization\VoterHelperFactoryInterface;
 use Chill\MainBundle\Security\Authorization\VoterHelperInterface;
 use Chill\MainBundle\Security\ProvideRoleHierarchyInterface;
 use Chill\PersonBundle\Entity\AccompanyingPeriod;
+use Chill\PersonBundle\Entity\Household\Household;
 use Chill\PersonBundle\Entity\Person;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Security;
@@ -41,11 +42,6 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRoleH
        self::RE_OPEN_COURSE,
    ];

-    /**
-     * Give the ability to see all confidential courses.
-     */
-    public const CONFIDENTIAL_CRUD = 'CHILL_PERSON_ACCOMPANYING_PERIOD_CRUD_CONFIDENTIAL';
-
    public const CREATE = 'CHILL_PERSON_ACCOMPANYING_PERIOD_CREATE';

    /**
@@ -106,16 +102,25 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRoleH
     */
    public const TOGGLE_INTENSITY = 'CHILL_PERSON_ACCOMPANYING_PERIOD_TOGGLE_INTENSITY';

+    /**
+     * Right to see confidential period even if not referrer
+     */
+    public const SEE_CONFIDENTIAL_ALL = 'CHILL_PERSON_ACCOMPANYING_PERIOD_SEE_CONFIDENTIAL';
+
+    private Security $security;
+
    private VoterHelperInterface $voterHelper;

    public function __construct(
-        private Security $security,
+        Security $security,
        VoterHelperFactoryInterface $voterHelperFactory
    ) {
+        $this->security = $security;
        $this->voterHelper = $voterHelperFactory
            ->generate(self::class)
            ->addCheckFor(null, [self::CREATE, self::REASSIGN_BULK])
            ->addCheckFor(AccompanyingPeriod::class, [self::TOGGLE_CONFIDENTIAL, ...self::ALL])
+            ->addCheckFor(Household::class, [self::SEE])
            ->addCheckFor(Person::class, [self::SEE, self::CREATE])
            ->addCheckFor(Center::class, [self::STATS])
            ->build();
@@ -126,7 +131,6 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRoleH
        return [
            self::SEE,
            self::SEE_DETAILS,
-            self::CONFIDENTIAL_CRUD,
            self::CREATE,
            self::EDIT,
            self::DELETE,
@@ -134,6 +138,7 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRoleH
            self::TOGGLE_CONFIDENTIAL_ALL,
            self::REASSIGN_BULK,
            self::STATS,
+            self::SEE_CONFIDENTIAL_ALL,
        ];
    }

@@ -144,7 +149,7 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRoleH

    public function getRolesWithoutScope(): array
    {
-        return [self::REASSIGN_BULK];
+        return [];
    }

    protected function supports($attribute, $subject)
@@ -211,7 +216,7 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRoleH

            // if confidential, only the referent can see it
            if ($subject->isConfidential()) {
-                if ($this->voterHelper->voteOnAttribute(self::CONFIDENTIAL_CRUD, $subject, $token)) {
+                if ($this->voterHelper->voteOnAttribute(self::SEE_CONFIDENTIAL_ALL, $subject, $token)) {
                    return true;
                }