From 2c74e268d34cf6505cb7a14ca758685c73f89cf6 Mon Sep 17 00:00:00 2001 From: Julie Lenaerts Date: Mon, 22 Nov 2021 10:19:14 +0100 Subject: [PATCH] voter fixes --- .../Activity/listAccompanyingCourse.html.twig | 2 ++ .../Security/Authorization/ActivityVoter.php | 13 ++++++++----- .../AccompanyingCourseDocumentVoter.php | 4 ++-- .../Controller/AccompanyingCourseController.php | 17 +++++++---------- .../Security/Authorization/TaskVoter.php | 10 ++++++---- 5 files changed, 25 insertions(+), 21 deletions(-) diff --git a/src/Bundle/ChillActivityBundle/Resources/views/Activity/listAccompanyingCourse.html.twig b/src/Bundle/ChillActivityBundle/Resources/views/Activity/listAccompanyingCourse.html.twig index d1f9ec517..42bc25026 100644 --- a/src/Bundle/ChillActivityBundle/Resources/views/Activity/listAccompanyingCourse.html.twig +++ b/src/Bundle/ChillActivityBundle/Resources/views/Activity/listAccompanyingCourse.html.twig @@ -20,6 +20,7 @@ {% include 'ChillActivityBundle:Activity:list.html.twig' with {'context': 'accompanyingCourse'} %} + {% if is_granted('CHILL_ACTIVITY_CREATE', accompanyingCourse) %} + {% endif %} {% endblock %} diff --git a/src/Bundle/ChillActivityBundle/Security/Authorization/ActivityVoter.php b/src/Bundle/ChillActivityBundle/Security/Authorization/ActivityVoter.php index 2e6f01c6e..a8df6ff26 100644 --- a/src/Bundle/ChillActivityBundle/Security/Authorization/ActivityVoter.php +++ b/src/Bundle/ChillActivityBundle/Security/Authorization/ActivityVoter.php @@ -91,11 +91,6 @@ class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyIn return false; } } elseif ($subject->getAccompanyingPeriod() instanceof AccompanyingPeriod) { - if (AccompanyingPeriod::STEP_CLOSED === $subject->getAccompanyingPeriod->getStep()) { - if (\in_array($attribute, [self::UPDATE, self::CREATE, self::DELETE])) { - return false; - } - } if (!$this->security->isGranted(AccompanyingPeriodVoter::SEE, $subject->getAccompanyingPeriod())) { return false; } @@ -104,6 +99,14 @@ class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyIn } } + if ($subject instanceof AccompanyingPeriod) { + if (AccompanyingPeriod::STEP_CLOSED === $subject->getStep()) { + if (\in_array($attribute, [self::UPDATE, self::CREATE, self::DELETE])) { + return false; + } + } + } + return $this->voterHelper->voteOnAttribute($attribute, $subject, $token); } diff --git a/src/Bundle/ChillDocStoreBundle/Security/Authorization/AccompanyingCourseDocumentVoter.php b/src/Bundle/ChillDocStoreBundle/Security/Authorization/AccompanyingCourseDocumentVoter.php index d93b786e2..651ee47e4 100644 --- a/src/Bundle/ChillDocStoreBundle/Security/Authorization/AccompanyingCourseDocumentVoter.php +++ b/src/Bundle/ChillDocStoreBundle/Security/Authorization/AccompanyingCourseDocumentVoter.php @@ -76,8 +76,8 @@ class AccompanyingCourseDocumentVoter extends AbstractChillVoter implements Prov return false; } - if ($subject instanceof AccompanyingCourseDocument) { - if (AccompanyingPeriod::STEP_CLOSED === $subject->getCourse()->getStep()) { + if ($subject instanceof AccompanyingPeriod) { + if (AccompanyingPeriod::STEP_CLOSED === $subject->getStep()) { if (\in_array($attribute, [self::UPDATE, self::CREATE, self::DELETE])) { return false; } diff --git a/src/Bundle/ChillPersonBundle/Controller/AccompanyingCourseController.php b/src/Bundle/ChillPersonBundle/Controller/AccompanyingCourseController.php index 8eab36d03..634a767a2 100644 --- a/src/Bundle/ChillPersonBundle/Controller/AccompanyingCourseController.php +++ b/src/Bundle/ChillPersonBundle/Controller/AccompanyingCourseController.php @@ -180,25 +180,22 @@ class AccompanyingCourseController extends Controller if ($form->isSubmitted() && $form->isValid()) { $em = $this->getDoctrine()->getManager(); - $em->persist($accompanyingCourse); $workflow = $this->registry->get($accompanyingCourse); if ($workflow->can($accompanyingCourse, 'close')) { $errors = $this->validator->validate($accompanyingCourse, null, [$accompanyingCourse::STEP_CLOSED]); - if( count($errors) > 0 ){ + if (count($errors) > 0) { return $this->json($errors, 422); } $workflow->apply($accompanyingCourse, 'close'); - $em->persist($accompanyingCourse); + + $em->flush(); + + return $this->redirectToRoute('chill_person_accompanying_course_index', [ + 'accompanying_period_id' => $accompanyingCourse->getId() + ]); } - - $em->flush(); - - return $this->redirectToRoute('chill_person_accompanying_course_index', [ - 'accompanying_period_id' => $accompanyingCourse->getId() - ]); - } return $this->render('@ChillPerson/AccompanyingCourse/close.html.twig', [ diff --git a/src/Bundle/ChillTaskBundle/Security/Authorization/TaskVoter.php b/src/Bundle/ChillTaskBundle/Security/Authorization/TaskVoter.php index 9e5a59c01..8cb6de781 100644 --- a/src/Bundle/ChillTaskBundle/Security/Authorization/TaskVoter.php +++ b/src/Bundle/ChillTaskBundle/Security/Authorization/TaskVoter.php @@ -112,11 +112,13 @@ final class TaskVoter extends AbstractChillVoter implements ProvideRoleHierarchy if (!$this->accessDecisionManager->decide($token, [AccompanyingPeriodVoter::SEE], $period)) { return false; } + } + } - if (AccompanyingPeriod::STEP_CLOSED === $subject->getCourse()->getStep()) { - if (\in_array($attribute, [self::UPDATE, self::CREATE_COURSE, self::DELETE])) { - return false; - } + if ($subject instanceof AccompanyingPeriod) { + if (AccompanyingPeriod::STEP_CLOSED === $subject->getStep()) { + if (\in_array($attribute, [self::UPDATE, self::CREATE_COURSE, self::DELETE])) { + return false; } } }