Refactor authorization for AccompanyingPeriodWorkEvaluationDocuments

The AccompanyingPeriodWorkEvaluationStoredObjectVoter has been updated to use the AccompanyingPeriodWorkEvaluationDocument-related classes instead of the AccompanyingPeriodWork classes. Additionally, a new voters class, AccompanyingPeriodWorkEvaluationDocumentVoter has been created. Changes are also made in the repository to find the associated entity in the AccompanyingPeriodWorkEvaluationDocument repository instead of the AccompanyingPeriodWork repository.
2025-08-30 11:33:49 +00:00 · 2024-07-15 17:53:06 +02:00
parent 7d0f9175be
commit 31f842471a
5 changed files with 40 additions and 27 deletions
--- a/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodWorkEvaluationDocumentVoter.php
+++ b/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodWorkEvaluationDocumentVoter.php
@@ -24,13 +24,14 @@ use Symfony\Component\Security\Core\Authorization\Voter\Voter;
 class AccompanyingPeriodWorkEvaluationDocumentVoter extends Voter
 {
    final public const SEE = 'CHILL_MAIN_ACCOMPANYING_PERIOD_WORK_EVALUATION_DOCUMENT_SHOW';
+    final public const SEE_AND_EDIT = 'CHILL_MAIN_ACCOMPANYING_PERIOD_WORK_EVALUATION_DOCUMENT_EDIT';

    public function __construct(private readonly AccessDecisionManagerInterface $accessDecisionManager) {}

    public function supports($attribute, $subject): bool
    {
        return $subject instanceof AccompanyingPeriodWorkEvaluationDocument
-            && self::SEE === $attribute;
+            && (self::SEE === $attribute || self::SEE_AND_EDIT === $attribute);
    }

    /**
@@ -47,6 +48,11 @@ class AccompanyingPeriodWorkEvaluationDocumentVoter extends Voter
                [AccompanyingPeriodWorkEvaluationVoter::SEE],
                $subject->getAccompanyingPeriodWorkEvaluation()
            ),
+            self::SEE_AND_EDIT => $this->accessDecisionManager->decide(
+                $token,
+                [AccompanyingPeriodWorkEvaluationVoter::SEE_AND_EDIT],
+                $subject->getAccompanyingPeriodWorkEvaluation()
+            ),
            default => throw new \UnexpectedValueException("The attribute {$attribute} is not supported"),
        };
    }
--- a/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodWorkEvaluationVoter.php
+++ b/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodWorkEvaluationVoter.php
@@ -21,11 +21,14 @@ class AccompanyingPeriodWorkEvaluationVoter extends Voter implements ChillVoterI
 {
    final public const ALL = [
        self::SEE,
+        self::SEE_AND_EDIT,
        self::STATS,
    ];

    final public const SEE = 'CHILL_MAIN_ACCOMPANYING_PERIOD_WORK_EVALUATION_SHOW';

+    final public const SEE_AND_EDIT = 'CHILL_MAIN_ACCOMPANYING_PERIOD_WORK_EVALUATION_EDIT';
+
    final public const STATS = 'CHILL_MAIN_ACCOMPANYING_PERIOD_WORK_EVALUATION_STATS';

    public function __construct(private readonly Security $security) {}
@@ -45,6 +48,7 @@ class AccompanyingPeriodWorkEvaluationVoter extends Voter implements ChillVoterI
        return match ($attribute) {
            self::STATS => $this->security->isGranted(AccompanyingPeriodVoter::STATS, $subject),
            self::SEE => $this->security->isGranted(AccompanyingPeriodWorkVoter::SEE, $subject->getAccompanyingPeriodWork()),
+            self::SEE_AND_EDIT => $this->security->isGranted(AccompanyingPeriodWorkVoter::UPDATE, $subject->getAccompanyingPeriodWork()),
            default => throw new \UnexpectedValueException("attribute {$attribute} is not supported"),
        };
    }