Refactor authorization for AccompanyingPeriodWorkEvaluationDocuments

The AccompanyingPeriodWorkEvaluationStoredObjectVoter has been updated to use the AccompanyingPeriodWorkEvaluationDocument-related classes instead of the AccompanyingPeriodWork classes. Additionally, a new voters class, AccompanyingPeriodWorkEvaluationDocumentVoter has been created. Changes are also made in the repository to find the associated entity in the AccompanyingPeriodWorkEvaluationDocument repository instead of the AccompanyingPeriodWork repository.
2025-06-07 18:44:08 +00:00 · 2024-07-15 17:53:06 +02:00 · 2024-07-15 17:53:06 +02:00 · 31f842471a
commit 31f842471a
parent 7d0f9175be
5 changed files with 40 additions and 27 deletions
--- a/src/Bundle/ChillDocStoreBundle/Security/Authorization/StoredObjectVoters/AccompanyingPeriodWorkEvaluationDocumentStoredObjectVoter.php
+++ b/src/Bundle/ChillDocStoreBundle/Security/Authorization/StoredObjectVoters/AccompanyingPeriodWorkEvaluationDocumentStoredObjectVoter.php
@ -14,15 +14,15 @@ namespace Chill\DocStoreBundle\Security\Authorization\StoredObjectVoters;
 use Chill\DocStoreBundle\Repository\AssociatedEntityToStoredObjectInterface;
 use Chill\DocStoreBundle\Security\Authorization\StoredObjectRoleEnum;
 use Chill\DocStoreBundle\Service\WorkflowDocumentService;
-use Chill\PersonBundle\Entity\AccompanyingPeriod\AccompanyingPeriodWork;
-use Chill\PersonBundle\Repository\AccompanyingPeriod\AccompanyingPeriodWorkRepository;
-use Chill\PersonBundle\Security\Authorization\AccompanyingPeriodWorkVoter;
+use Chill\PersonBundle\Entity\AccompanyingPeriod\AccompanyingPeriodWorkEvaluationDocument;
+use Chill\PersonBundle\Repository\AccompanyingPeriod\AccompanyingPeriodWorkEvaluationDocumentRepository;
+use Chill\PersonBundle\Security\Authorization\AccompanyingPeriodWorkEvaluationDocumentVoter;
 use Symfony\Component\Security\Core\Security;

-class AccompanyingPeriodWorkEvaluationStoredObjectVoter extends AbstractStoredObjectVoter
+class AccompanyingPeriodWorkEvaluationDocumentStoredObjectVoter extends AbstractStoredObjectVoter
 {
    public function __construct(
-        private readonly AccompanyingPeriodWorkRepository $repository,
+        private readonly AccompanyingPeriodWorkEvaluationDocumentRepository $repository,
        Security $security,
        WorkflowDocumentService $workflowDocumentService
    ) {
@ -36,14 +36,14 @@ class AccompanyingPeriodWorkEvaluationStoredObjectVoter extends AbstractStoredOb

    protected function getClass(): string
    {
-        return AccompanyingPeriodWork::class;
+        return AccompanyingPeriodWorkEvaluationDocument::class;
    }

    protected function attributeToRole(StoredObjectRoleEnum $attribute): string
    {
        return match ($attribute) {
-            StoredObjectRoleEnum::SEE => AccompanyingPeriodWorkVoter::SEE,
-            StoredObjectRoleEnum::EDIT => AccompanyingPeriodWorkVoter::UPDATE,
+            StoredObjectRoleEnum::SEE => AccompanyingPeriodWorkEvaluationDocumentVoter::SEE,
+            StoredObjectRoleEnum::EDIT => AccompanyingPeriodWorkEvaluationDocumentVoter::SEE_AND_EDIT,
        };
    }

--- a/src/Bundle/ChillPersonBundle/Repository/AccompanyingPeriod/AccompanyingPeriodWorkEvaluationDocumentRepository.php
+++ b/src/Bundle/ChillPersonBundle/Repository/AccompanyingPeriod/AccompanyingPeriodWorkEvaluationDocumentRepository.php
@ -11,14 +11,18 @@ declare(strict_types=1);

 namespace Chill\PersonBundle\Repository\AccompanyingPeriod;

+use Chill\DocStoreBundle\Entity\StoredObject;
+use Chill\DocStoreBundle\Repository\AssociatedEntityToStoredObjectInterface;
+use Chill\PersonBundle\Entity\AccompanyingPeriod\AccompanyingPeriodWork;
 use Chill\PersonBundle\Entity\AccompanyingPeriod\AccompanyingPeriodWorkEvaluationDocument;
 use Doctrine\ORM\EntityManagerInterface;
 use Doctrine\ORM\EntityRepository;
+use Doctrine\ORM\NonUniqueResultException;
 use Doctrine\Persistence\ObjectRepository;

-class AccompanyingPeriodWorkEvaluationDocumentRepository implements ObjectRepository
+readonly class AccompanyingPeriodWorkEvaluationDocumentRepository implements ObjectRepository, AssociatedEntityToStoredObjectInterface
 {
-    private readonly EntityRepository $repository;
+    private EntityRepository $repository;

    public function __construct(EntityManagerInterface $em)
    {
@ -58,4 +62,18 @@ class AccompanyingPeriodWorkEvaluationDocumentRepository implements ObjectReposi
    {
        return AccompanyingPeriodWorkEvaluationDocument::class;
    }
+
+    /**
+     * @throws NonUniqueResultException
+     */
+    public function findAssociatedEntityToStoredObject(StoredObject $storedObject): ?AccompanyingPeriodWorkEvaluationDocument
+    {
+        $qb = $this->repository->createQueryBuilder('acpwed');
+        $query = $qb
+            ->where('acpwed.storedObject = :storedObject')
+            ->setParameter('storedObject', $storedObject)
+            ->getQuery();
+
+        return $query->getOneOrNullResult();
+    }
 }
--- a/src/Bundle/ChillPersonBundle/Repository/AccompanyingPeriod/AccompanyingPeriodWorkRepository.php
+++ b/src/Bundle/ChillPersonBundle/Repository/AccompanyingPeriod/AccompanyingPeriodWorkRepository.php
@ -11,8 +11,6 @@ declare(strict_types=1);

 namespace Chill\PersonBundle\Repository\AccompanyingPeriod;

-use Chill\DocStoreBundle\Entity\StoredObject;
-use Chill\DocStoreBundle\Repository\AssociatedEntityToStoredObjectInterface;
 use Chill\MainBundle\Entity\User;
 use Chill\PersonBundle\Entity\AccompanyingPeriod;
 use Chill\PersonBundle\Entity\AccompanyingPeriod\AccompanyingPeriodWork;
@ -24,7 +22,7 @@ use Doctrine\ORM\Query\ResultSetMappingBuilder;
 use Doctrine\ORM\QueryBuilder;
 use Doctrine\Persistence\ObjectRepository;

-final readonly class AccompanyingPeriodWorkRepository implements ObjectRepository, AssociatedEntityToStoredObjectInterface
+final readonly class AccompanyingPeriodWorkRepository implements ObjectRepository
 {
    private EntityRepository $repository;

@ -253,17 +251,4 @@ final readonly class AccompanyingPeriodWorkRepository implements ObjectRepositor

        return $qb;
    }
-
-    public function findAssociatedEntityToStoredObject(StoredObject $storedObject): ?AccompanyingPeriodWork
-    {
-        $qb = $this->repository->createQueryBuilder('acpw');
-        $query = $qb
-            ->join('acpw.accompanyingPeriodWorkEvaluations', 'acpwe')
-            ->join('acpwe.documents', 'acpwed')
-            ->where('acpwed.storedObject = :storedObject')
-            ->setParameter('storedObject', $storedObject)
-            ->getQuery();
-
-        return $query->getOneOrNullResult();
-    }
 }
--- a/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodWorkEvaluationDocumentVoter.php
+++ b/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodWorkEvaluationDocumentVoter.php
@ -24,13 +24,14 @@ use Symfony\Component\Security\Core\Authorization\Voter\Voter;
 class AccompanyingPeriodWorkEvaluationDocumentVoter extends Voter
 {
    final public const SEE = 'CHILL_MAIN_ACCOMPANYING_PERIOD_WORK_EVALUATION_DOCUMENT_SHOW';
+    final public const SEE_AND_EDIT = 'CHILL_MAIN_ACCOMPANYING_PERIOD_WORK_EVALUATION_DOCUMENT_EDIT';

    public function __construct(private readonly AccessDecisionManagerInterface $accessDecisionManager) {}

    public function supports($attribute, $subject): bool
    {
        return $subject instanceof AccompanyingPeriodWorkEvaluationDocument
-            && self::SEE === $attribute;
+            && (self::SEE === $attribute || self::SEE_AND_EDIT === $attribute);
    }

    /**
@ -47,6 +48,11 @@ class AccompanyingPeriodWorkEvaluationDocumentVoter extends Voter
                [AccompanyingPeriodWorkEvaluationVoter::SEE],
                $subject->getAccompanyingPeriodWorkEvaluation()
            ),
+            self::SEE_AND_EDIT => $this->accessDecisionManager->decide(
+                $token,
+                [AccompanyingPeriodWorkEvaluationVoter::SEE_AND_EDIT],
+                $subject->getAccompanyingPeriodWorkEvaluation()
+            ),
            default => throw new \UnexpectedValueException("The attribute {$attribute} is not supported"),
        };
    }
--- a/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodWorkEvaluationVoter.php
+++ b/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodWorkEvaluationVoter.php
@ -21,11 +21,14 @@ class AccompanyingPeriodWorkEvaluationVoter extends Voter implements ChillVoterI
 {
    final public const ALL = [
        self::SEE,
+        self::SEE_AND_EDIT,
        self::STATS,
    ];

    final public const SEE = 'CHILL_MAIN_ACCOMPANYING_PERIOD_WORK_EVALUATION_SHOW';

+    final public const SEE_AND_EDIT = 'CHILL_MAIN_ACCOMPANYING_PERIOD_WORK_EVALUATION_EDIT';
+
    final public const STATS = 'CHILL_MAIN_ACCOMPANYING_PERIOD_WORK_EVALUATION_STATS';

    public function __construct(private readonly Security $security) {}
@ -45,6 +48,7 @@ class AccompanyingPeriodWorkEvaluationVoter extends Voter implements ChillVoterI
        return match ($attribute) {
            self::STATS => $this->security->isGranted(AccompanyingPeriodVoter::STATS, $subject),
            self::SEE => $this->security->isGranted(AccompanyingPeriodWorkVoter::SEE, $subject->getAccompanyingPeriodWork()),
+            self::SEE_AND_EDIT => $this->security->isGranted(AccompanyingPeriodWorkVoter::UPDATE, $subject->getAccompanyingPeriodWork()),
            default => throw new \UnexpectedValueException("attribute {$attribute} is not supported"),
        };
    }