Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-06-07 18:44:08 +00:00
Code Issues Actions Projects Releases Wiki Activity

voter updates

Browse Source
This commit is contained in:
Julie Lenaerts 2022-04-26 11:34:49 +02:00
parent 51d1e5422b
commit 2684345981
2 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/Bundle/ChillPersonBundle/Controller/AccompanyingCourseCommentController.php
View File

@ -13,6 +13,7 @@ namespace Chill\PersonBundle\Controller;
use Chill\PersonBundle\Entity\AccompanyingPeriod; use Chill\PersonBundle\Entity\AccompanyingPeriod;
use Chill\PersonBundle\Form\AccompanyingCourseCommentType; use Chill\PersonBundle\Form\AccompanyingCourseCommentType;
use Chill\PersonBundle\Security\Authorization\AccompanyingPeriodCommentVoter;
use Chill\PersonBundle\Security\Authorization\AccompanyingPeriodVoter; use Chill\PersonBundle\Security\Authorization\AccompanyingPeriodVoter;
use Doctrine\ORM\EntityManagerInterface; use Doctrine\ORM\EntityManagerInterface;
use LogicException; use LogicException;
@ -83,7 +84,7 @@ class AccompanyingCourseCommentController extends AbstractController
} }
if (isset($commentEdited)) { if (isset($commentEdited)) {
$this->denyAccessUnlessGranted(AccompanyingPeriodVoter::EDIT, $commentEdited->getAccompanyingPeriod()); $this->denyAccessUnlessGranted(AccompanyingPeriodCommentVoter::EDIT, $commentEdited);
} else { } else {
throw new LogicException('at this step, commentEdited should be set'); throw new LogicException('at this step, commentEdited should be set');
} }
@ -134,7 +135,7 @@ class AccompanyingCourseCommentController extends AbstractController
*/ */
public function deleteAction(AccompanyingPeriod\Comment $comment, Request $request): Response public function deleteAction(AccompanyingPeriod\Comment $comment, Request $request): Response
{ {
$this->denyAccessUnlessGranted(AccompanyingPeriodVoter::EDIT, $comment->getAccompanyingPeriod()); $this->denyAccessUnlessGranted(AccompanyingPeriodCommentVoter::DELETE, $comment);
$form = $this->createForm(FormType::class, []); $form = $this->createForm(FormType::class, []);
$form->add('submit', SubmitType::class, ['label' => 'Confirm']); $form->add('submit', SubmitType::class, ['label' => 'Confirm']);

12
src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodCommentVoter.php
View File

@ -14,6 +14,7 @@ namespace Chill\PersonBundle\Security\Authorization;
use Chill\PersonBundle\Entity\AccompanyingPeriod\Comment; use Chill\PersonBundle\Entity\AccompanyingPeriod\Comment;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter; use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\Security;
use UnexpectedValueException; use UnexpectedValueException;
class AccompanyingPeriodCommentVoter extends Voter class AccompanyingPeriodCommentVoter extends Voter
@ -22,6 +23,13 @@ class AccompanyingPeriodCommentVoter extends Voter
public const EDIT = 'CHILL_PERSON_ACCOMPANYING_PERIOD_COMMENT_EDIT'; public const EDIT = 'CHILL_PERSON_ACCOMPANYING_PERIOD_COMMENT_EDIT';
private Security $security;
public function __construct(Security $security)
{
$this->security = $security;
}
protected function supports($attribute, $subject) protected function supports($attribute, $subject)
{ {
return $subject instanceof Comment; return $subject instanceof Comment;
@ -32,9 +40,9 @@ class AccompanyingPeriodCommentVoter extends Voter
/** @var Comment $subject */ /** @var Comment $subject */
switch ($attribute) { switch ($attribute) {
case self::EDIT: case self::EDIT:
return $this->security->isGranted(AccompanyingPeriodVoter::EDIT, $subject->getAccompanyingPeriod());
case self::DELETE: case self::DELETE:
return $subject->getCreator() === $token->getUser(); return $this->security->isGranted(AccompanyingPeriodVoter::EDIT, $subject->getAccompanyingPeriod());
default: default:
throw new UnexpectedValueException("This attribute {$attribute} is not supported"); throw new UnexpectedValueException("This attribute {$attribute} is not supported");
} }