From 2684345981cd2b3a724767bc804184b132f9b984 Mon Sep 17 00:00:00 2001 From: Julie Lenaerts Date: Tue, 26 Apr 2022 11:34:49 +0200 Subject: [PATCH] voter updates --- .../AccompanyingCourseCommentController.php | 5 +++-- .../Authorization/AccompanyingPeriodCommentVoter.php | 12 ++++++++++-- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/src/Bundle/ChillPersonBundle/Controller/AccompanyingCourseCommentController.php b/src/Bundle/ChillPersonBundle/Controller/AccompanyingCourseCommentController.php index 06bfe95ff..09af4a3cf 100644 --- a/src/Bundle/ChillPersonBundle/Controller/AccompanyingCourseCommentController.php +++ b/src/Bundle/ChillPersonBundle/Controller/AccompanyingCourseCommentController.php @@ -13,6 +13,7 @@ namespace Chill\PersonBundle\Controller; use Chill\PersonBundle\Entity\AccompanyingPeriod; use Chill\PersonBundle\Form\AccompanyingCourseCommentType; +use Chill\PersonBundle\Security\Authorization\AccompanyingPeriodCommentVoter; use Chill\PersonBundle\Security\Authorization\AccompanyingPeriodVoter; use Doctrine\ORM\EntityManagerInterface; use LogicException; @@ -83,7 +84,7 @@ class AccompanyingCourseCommentController extends AbstractController } if (isset($commentEdited)) { - $this->denyAccessUnlessGranted(AccompanyingPeriodVoter::EDIT, $commentEdited->getAccompanyingPeriod()); + $this->denyAccessUnlessGranted(AccompanyingPeriodCommentVoter::EDIT, $commentEdited); } else { throw new LogicException('at this step, commentEdited should be set'); } @@ -134,7 +135,7 @@ class AccompanyingCourseCommentController extends AbstractController */ public function deleteAction(AccompanyingPeriod\Comment $comment, Request $request): Response { - $this->denyAccessUnlessGranted(AccompanyingPeriodVoter::EDIT, $comment->getAccompanyingPeriod()); + $this->denyAccessUnlessGranted(AccompanyingPeriodCommentVoter::DELETE, $comment); $form = $this->createForm(FormType::class, []); $form->add('submit', SubmitType::class, ['label' => 'Confirm']); diff --git a/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodCommentVoter.php b/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodCommentVoter.php index 37a6ec6ac..64fdbb796 100644 --- a/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodCommentVoter.php +++ b/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodCommentVoter.php @@ -14,6 +14,7 @@ namespace Chill\PersonBundle\Security\Authorization; use Chill\PersonBundle\Entity\AccompanyingPeriod\Comment; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Authorization\Voter\Voter; +use Symfony\Component\Security\Core\Security; use UnexpectedValueException; class AccompanyingPeriodCommentVoter extends Voter @@ -22,6 +23,13 @@ class AccompanyingPeriodCommentVoter extends Voter public const EDIT = 'CHILL_PERSON_ACCOMPANYING_PERIOD_COMMENT_EDIT'; + private Security $security; + + public function __construct(Security $security) + { + $this->security = $security; + } + protected function supports($attribute, $subject) { return $subject instanceof Comment; @@ -32,9 +40,9 @@ class AccompanyingPeriodCommentVoter extends Voter /** @var Comment $subject */ switch ($attribute) { case self::EDIT: + return $this->security->isGranted(AccompanyingPeriodVoter::EDIT, $subject->getAccompanyingPeriod()); case self::DELETE: - return $subject->getCreator() === $token->getUser(); - + return $this->security->isGranted(AccompanyingPeriodVoter::EDIT, $subject->getAccompanyingPeriod()); default: throw new UnexpectedValueException("This attribute {$attribute} is not supported"); }