Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-06-07 18:44:08 +00:00
Code Issues Actions Projects Releases Wiki Activity

fix: Strict types interfaces: VoterHelperInterface, ProvideRoleHierarchyInterface and ProvideRoleInterface.

Browse Source
This commit is contained in:
Pol Dellaiera 2021-11-23 10:40:34 +01:00
parent 05dda33a7a
commit 328b4c4596
No known key found for this signature in database
GPG Key ID: D476DFE9C67467CA
21 changed files with 187 additions and 255 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
src/Bundle/ChillActivityBundle/Security/Authorization/ActivityStatsVoter.php
View File

@ -25,7 +25,7 @@ use Chill\MainBundle\Security\ProvideRoleHierarchyInterface;
use Chill\MainBundle\Entity\Center;
/**
*
*
*
* @author Julien Fastré <julien.fastre@champs-libres.coop>
*/
@ -33,13 +33,13 @@ class ActivityStatsVoter extends AbstractChillVoter implements ProvideRoleHierar
{
const STATS = 'CHILL_ACTIVITY_STATS';
const LISTS = 'CHILL_ACTIVITY_LIST';
/**
*
* @var AuthorizationHelper
*/
protected $helper;
public function __construct(AuthorizationHelper $helper)
{
$this->helper = $helper;
@ -54,15 +54,15 @@ class ActivityStatsVoter extends AbstractChillVoter implements ProvideRoleHierar
{
return array(Center::class);
}
protected function supports($attribute, $subject)
{
if ($subject instanceof Center
if ($subject instanceof Center
&& \in_array($attribute, $this->getAttributes())) {
return true;
}
return false;
}
@ -71,22 +71,22 @@ class ActivityStatsVoter extends AbstractChillVoter implements ProvideRoleHierar
if (!$user instanceof \Symfony\Component\Security\Core\User\UserInterface) {
return false;
}
return $this->helper->userHasAccess($user, $object, $attribute);
}
public function getRoles()
public function getRoles(): array
{
return $this->getAttributes();
}
public function getRolesWithoutScope()
public function getRolesWithoutScope(): array
{
return $this->getAttributes();
}
public function getRolesWithHierarchy()
public function getRolesWithHierarchy(): array
{
return [ 'Activity' => $this->getRoles() ];
return ['Activity' => $this->getRoles()];
}
}

56
src/Bundle/ChillActivityBundle/Security/Authorization/ActivityVoter.php
View File

@ -1,21 +1,6 @@
<?php
/*
* Copyright (C) 2015 Julien Fastré <julien.fastre@champs-libres.coop>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
declare(strict_types=1);
namespace Chill\ActivityBundle\Security\Authorization;
@ -25,9 +10,7 @@ use Chill\PersonBundle\Entity\AccompanyingPeriod;
use Chill\PersonBundle\Security\Authorization\AccompanyingPeriodVoter;
use Chill\PersonBundle\Security\Authorization\PersonVoter;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Chill\MainBundle\Security\Authorization\AbstractChillVoter;
use Chill\MainBundle\Security\Authorization\AuthorizationHelper;
use Chill\MainBundle\Security\ProvideRoleHierarchyInterface;
use Chill\MainBundle\Entity\User;
use Chill\ActivityBundle\Entity\Activity;
@ -35,9 +18,6 @@ use Chill\PersonBundle\Entity\Person;
use Symfony\Component\Security\Core\Role\Role;
use Symfony\Component\Security\Core\Security;
/**
* Voter for Activity class
*/
class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyInterface
{
/**
@ -46,7 +26,7 @@ class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyIn
*
* It is safe for usage in template and controller
*/
const CREATE = 'CHILL_ACTIVITY_CREATE';
public const CREATE = 'CHILL_ACTIVITY_CREATE';
/**
* role to allow to create an activity associated win an accompanying course.
@ -55,7 +35,7 @@ class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyIn
*
* @internal
*/
const CREATE_ACCOMPANYING_COURSE = 'CHILL_ACTIVITY_CREATE_ACCOMPANYING_COURSE';
public const CREATE_ACCOMPANYING_COURSE = 'CHILL_ACTIVITY_CREATE_ACCOMPANYING_COURSE';
/**
* role to allow to create an activity associated with a person
@ -64,13 +44,13 @@ class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyIn
*
* @internal
*/
const CREATE_PERSON = 'CHILL_ACTIVITY_CREATE_PERSON';
public const CREATE_PERSON = 'CHILL_ACTIVITY_CREATE_PERSON';
const SEE = 'CHILL_ACTIVITY_SEE';
const SEE_DETAILS = 'CHILL_ACTIVITY_SEE_DETAILS';
const UPDATE = 'CHILL_ACTIVITY_UPDATE';
const DELETE = 'CHILL_ACTIVITY_DELETE';
const FULL = 'CHILL_ACTIVITY_FULL';
public const SEE = 'CHILL_ACTIVITY_SEE';
public const SEE_DETAILS = 'CHILL_ACTIVITY_SEE_DETAILS';
public const UPDATE = 'CHILL_ACTIVITY_UPDATE';
public const DELETE = 'CHILL_ACTIVITY_DELETE';
public const FULL = 'CHILL_ACTIVITY_FULL';
private const ALL = [
self::CREATE,
@ -97,13 +77,12 @@ class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyIn
->build();
}
protected function supports($attribute, $subject)
protected function supports($attribute, $subject): bool
{
return $this->voterHelper->supports($attribute, $subject);
}
protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
{
if (!$token->getUser() instanceof User) {
return false;
@ -132,7 +111,7 @@ class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyIn
$attribute = self::CREATE_ACCOMPANYING_COURSE;
}
} else {
throw new \RuntimeException("could not determine context of activity");
throw new \RuntimeException('Could not determine context of activity.');
}
} elseif ($subject instanceof AccompanyingPeriod) {
if (AccompanyingPeriod::STEP_CLOSED === $subject->getStep()) {
@ -155,8 +134,7 @@ class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyIn
return $this->voterHelper->voteOnAttribute($attribute, $subject, $token);
}
public function getRoles()
public function getRoles(): array
{
return [
self::CREATE_PERSON,
@ -167,16 +145,14 @@ class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyIn
];
}
public function getRolesWithoutScope()
public function getRolesWithoutScope(): array
{
return [];
}
public function getRolesWithHierarchy()
public function getRolesWithHierarchy(): array
{
return [ 'Activity' => $this->getRoles() ];
return ['Activity' => $this->getRoles()];
}
}

32
src/Bundle/ChillBudgetBundle/Security/Authorization/BudgetElementVoter.php
View File

@ -12,7 +12,7 @@ use Chill\MainBundle\Entity\User;
use Symfony\Component\Security\Core\Role\Role;
/**
*
*
*
* @author Julien Fastré <julien.fastre@champs-libres.coop>
*/
@ -22,56 +22,56 @@ class BudgetElementVoter extends AbstractChillVoter implements ProvideRoleHierar
const DELETE = 'CHILL_BUDGET_ELEMENT_DELETE';
const UPDATE = 'CHILL_BUDGET_ELEMENT_UPDATE';
const SHOW = 'CHILL_BUDGET_ELEMENT_SHOW';
const ROLES = [
self::CREATE,
self::DELETE,
self::SHOW,
self::UPDATE
];
/**
*
* @var AuthorizationHelper
*/
protected $authorizationHelper;
public function __construct(AuthorizationHelper $authorizationHelper)
{
$this->authorizationHelper = $authorizationHelper;
}
protected function supports($attribute, $subject)
{
return (\in_array($attribute, self::ROLES) && $subject instanceof AbstractElement)
or
($subject instanceof Person && \in_array($attribute, [ self::SHOW, self::CREATE ]));
}
protected function voteOnAttribute($attribute, $subject, \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token)
{
$user = $token->getUser();
if (FALSE === $user instanceof User) {
return false;
}
return $this->authorizationHelper
->userHasAccess($user, $subject, new Role($attribute));
}
public function getRoles()
public function getRoles(): array
{
return self::ROLES;
}
}
public function getRolesWithHierarchy(): array
{
return [ 'Budget elements' => self::ROLES ];
}
public function getRolesWithoutScope()
return ['Budget elements' => self::ROLES];
}
public function getRolesWithoutScope(): array
{
return self::ROLES;
}

10
src/Bundle/ChillDocStoreBundle/Security/Authorization/AccompanyingCourseDocumentVoter.php
View File

@ -47,7 +47,7 @@ class AccompanyingCourseDocumentVoter extends AbstractChillVoter implements Prov
->build();
}
public function getRoles()
public function getRoles(): array
{
return [
self::CREATE,
@ -91,13 +91,13 @@ class AccompanyingCourseDocumentVoter extends AbstractChillVoter implements Prov
return $this->voterHelper->voteOnAttribute($attribute, $subject, $token);
}
public function getRolesWithoutScope()
public function getRolesWithoutScope(): array
{
return array();
return [];
}
public function getRolesWithHierarchy()
public function getRolesWithHierarchy(): array
{
return ['accompanyingCourseDocument' => $this->getRoles() ];
return ['accompanyingCourseDocument' => $this->getRoles()];
}
}

11
src/Bundle/ChillDocStoreBundle/Security/Authorization/PersonDocumentVoter.php
View File

@ -40,7 +40,7 @@ class PersonDocumentVoter extends AbstractChillVoter implements ProvideRoleHiera
->build();
}
public function getRoles()
public function getRoles(): array
{
return [
self::CREATE,
@ -79,14 +79,13 @@ class PersonDocumentVoter extends AbstractChillVoter implements ProvideRoleHiera
return $this->voterHelper->voteOnAttribute($attribute, $subject, $token);
}
public function getRolesWithoutScope()
public function getRolesWithoutScope(): array
{
return array();
return [];
}
public function getRolesWithHierarchy()
public function getRolesWithHierarchy(): array
{
return ['PersonDocument' => $this->getRoles() ];
return ['PersonDocument' => $this->getRoles()];
}
}

7
src/Bundle/ChillEventBundle/Entity/EventType.php
View File

@ -160,12 +160,7 @@ class EventType
$this->roles->removeElement($role);
}
/**
* Get roles
*
* @return Collection
*/
public function getRoles()
public function getRoles(): array
{
return $this->roles;
}

43
src/Bundle/ChillEventBundle/Security/Authorization/EventVoter.php
View File

@ -42,29 +42,29 @@ class EventVoter extends AbstractChillVoter implements ProvideRoleHierarchyInter
const SEE_DETAILS = 'CHILL_EVENT_SEE_DETAILS';
const CREATE = 'CHILL_EVENT_CREATE';
const UPDATE = 'CHILL_EVENT_UPDATE';
const ROLES = [
self::SEE,
self::SEE_DETAILS,
self::CREATE,
self::UPDATE
];
/**
* @var AuthorizationHelper
*/
protected $authorizationHelper;
/**
* @var AccessDecisionManagerInterface
*/
protected $accessDecisionManager;
/**
* @var LoggerInterface
*/
protected $logger;
public function __construct(
AccessDecisionManagerInterface $accessDecisionManager,
AuthorizationHelper $authorizationHelper,
@ -75,7 +75,7 @@ class EventVoter extends AbstractChillVoter implements ProvideRoleHierarchyInter
$this->authorizationHelper = $authorizationHelper;
$this->logger = $logger;
}
public function supports($attribute, $subject)
{
return ($subject instanceof Event && in_array($attribute, self::ROLES))
@ -85,7 +85,7 @@ class EventVoter extends AbstractChillVoter implements ProvideRoleHierarchyInter
(NULL === $subject && $attribute === self::SEE )
;
}
/**
*
* @param string $attribute
@ -96,30 +96,30 @@ class EventVoter extends AbstractChillVoter implements ProvideRoleHierarchyInter
protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
{
$this->logger->debug(sprintf("Voting from %s class", self::class));
if (!$token->getUser() instanceof User) {
return false;
}
if ($subject instanceof Event) {
return $this->authorizationHelper->userHasAccess($token->getUser(), $subject, $attribute);
} elseif ($subject instanceof Person) {
return $this->authorizationHelper->userHasAccess($token->getUser(), $subject, $attribute);
} else {
// subject is null. We check that at least one center is reachable
$centers = $this->authorizationHelper
->getReachableCenters($token->getUser(), new Role($attribute));
return count($centers) > 0;
}
if (!$this->accessDecisionManager->decide($token, [PersonVoter::SEE], $person)) {
return false;
}
return $this->authorizationHelper->userHasAccess(
$token->getUser(),
$subject,
@ -127,23 +127,22 @@ class EventVoter extends AbstractChillVoter implements ProvideRoleHierarchyInter
);
}
public function getRoles()
public function getRoles(): array
{
return self::ROLES;
}
public function getRolesWithHierarchy()
public function getRolesWithHierarchy(): array
{
return [
'Event' => self::ROLES
];
}
public function getRolesWithoutScope()
public function getRolesWithoutScope(): array
{
return [];
}
}

8
src/Bundle/ChillEventBundle/Security/Authorization/ParticipationVoter.php
View File

@ -31,7 +31,7 @@ use Symfony\Component\Security\Core\Role\Role;
use Psr\Log\LoggerInterface;
/**
*
*
*
* @author Julien Fastré <julien.fastre@champs-libres.coop>
*/
@ -127,19 +127,19 @@ class ParticipationVoter extends AbstractChillVoter implements ProvideRoleHierar
}
public function getRoles()
public function getRoles(): array
{
return self::ROLES;
}
public function getRolesWithHierarchy()
public function getRolesWithHierarchy(): array
{
return [
'Event' => self::ROLES
];
}
public function getRolesWithoutScope()
public function getRolesWithoutScope(): array
{
return [];
}

32
src/Bundle/ChillFamilyMembersBundle/Security/Voter/FamilyMemberVoter.php
View File

@ -12,7 +12,7 @@ use Chill\MainBundle\Entity\User;
use Symfony\Component\Security\Core\Role\Role;
/**
*
*
*
* @author Julien Fastré <julien.fastre@champs-libres.coop>
*/
@ -22,56 +22,56 @@ class FamilyMemberVoter extends AbstractChillVoter implements ProvideRoleHierarc
const DELETE = 'CHILL_FAMILY_MEMBERS_FAMILY_MEMBERS_DELETE';
const UPDATE = 'CHILL_FAMILY_MEMBERS_FAMILY_MEMBERS_UPDATE';
const SHOW = 'CHILL_FAMILY_MEMBERS_FAMILY_MEMBERS_SHOW';
const ROLES = [
self::CREATE,
self::DELETE,
self::SHOW,
self::UPDATE
];
/**
*
* @var AuthorizationHelper
*/
protected $authorizationHelper;
public function __construct(AuthorizationHelper $authorizationHelper)
{
$this->authorizationHelper = $authorizationHelper;
}
protected function supports($attribute, $subject)
{
return (\in_array($attribute, self::ROLES) && $subject instanceof FamilyMember)
or
($subject instanceof Person && \in_array($attribute, [ self::SHOW, self::CREATE ]));
}
protected function voteOnAttribute($attribute, $subject, \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token)
{
$user = $token->getUser();
if (FALSE === $user instanceof User) {
return false;
}
return $this->authorizationHelper
->userHasAccess($user, $subject, new Role($attribute));
}
public function getRoles()
public function getRoles(): array
{
return self::ROLES;
}
}
public function getRolesWithHierarchy(): array
{
return [ 'Family Members' => self::ROLES ];
}
public function getRolesWithoutScope()
return ['Family Members' => self::ROLES];
}
public function getRolesWithoutScope(): array
{
return self::ROLES;
}

7
src/Bundle/ChillMainBundle/Entity/User.php
View File

@ -203,12 +203,9 @@ class User implements AdvancedUserInterface {
*/
public function eraseCredentials() {}
/**
* @return array
*/
public function getRoles()
public function getRoles(): array
{
return array('ROLE_USER');
return ['ROLE_USER'];
}
/**

4
src/Bundle/ChillMainBundle/Security/Authorization/DefaultVoterHelper.php
View File

@ -1,5 +1,7 @@
<?php
declare(strict_types=1);
namespace Chill\MainBundle\Security\Authorization;
use Chill\MainBundle\Entity\User;
@ -50,7 +52,7 @@ final class DefaultVoterHelper implements VoterHelperInterface
}
if (NULL === $subject) {
return 0 < count($this->authorizationHelper->getReachableCenters($token->getUser(), $attribute, null));
return [] !== $this->authorizationHelper->getReachableCenters($token->getUser(), $attribute, null);
}
return $this->authorizationHelper->userHasAccess(

2
src/Bundle/ChillMainBundle/Security/Authorization/DefaultVoterHelperFactory.php
View File

@ -1,5 +1,7 @@
<?php
declare(strict_types=1);
namespace Chill\MainBundle\Security\Authorization;
use Chill\MainBundle\Security\Resolver\CenterResolverDispatcher;

4
src/Bundle/ChillMainBundle/Security/Authorization/VoterHelperInterface.php
View File

@ -1,5 +1,7 @@
<?php
declare(strict_types=1);
namespace Chill\MainBundle\Security\Authorization;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
@ -8,5 +10,5 @@ interface VoterHelperInterface
{
public function supports($attribute, $subject): bool;
public function voteOnAttribute($attribute, $subject, TokenInterface $token);
public function voteOnAttribute($attribute, $subject, TokenInterface $token): bool;
}

37
src/Bundle/ChillMainBundle/Security/ProvideRoleHierarchyInterface.php
View File

@ -1,42 +1,27 @@
<?php
/*
* Copyright (C) 2017 Champs Libres Cooperative <info@champs-libres.coop>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
declare(strict_types=1);
namespace Chill\MainBundle\Security;
/**
* Give a hierarchy for the role.
*
* This hierarchy allow to sort roles, which is useful in UI
* Give a hierarchy for the role.
*
* @author Julien Fastré <julien.fastre@champs-libres.coop>
* This hierarchy allow to sort roles, which is useful in UI
*/
interface ProvideRoleHierarchyInterface extends ProvideRoleInterface
{
/**
* Return an array of roles, where keys are the hierarchy, and values
* an array of roles.
*
* Example:
*
*
* Example:
*
* ```
* [ 'Title' => [ 'CHILL_FOO_SEE', 'CHILL_FOO_UPDATE' ] ]
* ```
*
* @return array where keys are the hierarchy, and values an array of roles: `[ 'title' => [ 'CHILL_FOO_SEE', 'CHILL_FOO_UPDATE' ] ]`
*
* @return array<string, array<int, string>> Where keys are the hierarchy, and values an array of roles: `[ 'title' => [ 'CHILL_FOO_SEE', 'CHILL_FOO_UPDATE' ] ]`
*/
public function getRolesWithHierarchy();
public function getRolesWithHierarchy(): array;
}

41
src/Bundle/ChillMainBundle/Security/ProvideRoleInterface.php
View File

@ -1,53 +1,36 @@
<?php
/*
* Copyright (C) 2015 Julien Fastré <julien.fastre@champs-libres.coop>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
declare(strict_types=1);
namespace Chill\MainBundle\Security;
/**
* Declare role
*
*
* The role are added to the configuration at compile time.
*
* The implemented object must be declared as a service and tagged as
*
*
* The implemented object must be declared as a service and tagged as
*
* <pre>
* my_role_declaration:
* # ...
* tags:
* - { name: chill.role }
* </pre>
*
* @author Julien Fastré <julien.fastre@champs-libres.coop>
*/
interface ProvideRoleInterface
{
/**
* return an array of role provided by the object
*
* Return an array of role provided by the object.
*
* @return string[] array of roles (as string)
*/
public function getRoles();
public function getRoles(): array;
/**
* return roles which doesn't need
*
* Return roles which doesn't need.
*
* @return string[] array of roles without scopes
*/
public function getRolesWithoutScope();
public function getRolesWithoutScope(): array;
}

58
src/Bundle/ChillMainBundle/Security/RoleProvider.php
View File

@ -20,7 +20,7 @@
namespace Chill\MainBundle\Security;
/**
*
*
*
* @author Julien Fastré <julien.fastre@champs-libres.coop>
*/
@ -31,63 +31,57 @@ class RoleProvider
* @var ProvideRoleInterface[]
*/
private $providers = array();
/**
* an array where keys are the role, and value is the title
* for the given role.
*
*
* Null when not initialized.
*
* @var array|null
*/
private $rolesTitlesCache = null;
/**
* Add a role provider
*
*
* @internal This function is called by the dependency injector: it inject provider
* @param \Chill\MainBundle\Security\ProvideRoleInterface $provider
*/
public function addProvider(ProvideRoleInterface $provider)
public function addProvider(ProvideRoleInterface $provider)
{
$this->providers[] = $provider;
}
/**
*
* @return string[] the roles as string
*/
public function getRoles()
public function getRoles(): array
{
$roles = array();
$roles = [];
foreach ($this->providers as $provider) {
if ($provider->getRoles() !== NULL) {
$roles = array_merge($roles, $provider->getRoles());
}
}
return $roles;
}
/**
*
* @return string[] the roles as string
*/
public function getRolesWithoutScopes()
public function getRolesWithoutScopes(): array
{
$roles = array();
$roles = [];
foreach ($this->providers as $provider) {
if ($provider->getRolesWithoutScope() !== NULL) {
$roles = array_merge($roles, $provider->getRolesWithoutScope());
}
}
return $roles;
}
/**
* initialize the array for caching role and titles
*
*
*/
private function initializeRolesTitlesCache()
{
@ -95,7 +89,7 @@ class RoleProvider
if ($this->rolesTitlesCache !== null) {
return;
}
foreach ($this->providers as $provider) {
if ($provider instanceof ProvideRoleHierarchyInterface) {
foreach ($provider->getRolesWithHierarchy() as $title => $roles) {
@ -106,31 +100,31 @@ class RoleProvider
} else {
if ($provider->getRoles() !== null) {
$this->rolesTitlesCache = \array_merge(
$this->rolesTitlesCache,
$this->rolesTitlesCache,
\array_fill_keys($provider->getRoles(), null)
);
}
}
}
}
/**
* Get the title for each role.
*
*
* @param string $role
* @return string the title of the role
*/
public function getRoleTitle($role)
{
$this->initializeRolesTitlesCache();
if (! \array_key_exists($role, $this->rolesTitlesCache)) {
// this case might happens when the role is not described in
// this case might happens when the role is not described in
// `getRolesWithHierarchy`
return null;
}
return $this->rolesTitlesCache[$role];
}
}

14
src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodVoter.php
View File

@ -68,13 +68,13 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRole
}
if ($subject instanceof AccompanyingPeriod) {
if (AccompanyingPeriod::STEP_CLOSED === $subject->getStep()) {
if (\in_array($attribute, [self::EDIT, self::DELETE])) {
return false;
}
}
if (AccompanyingPeriod::STEP_DRAFT === $subject->getStep()) {
// only creator can see, edit, delete, etc.
if ($subject->getCreatedBy() === $token->getUser()
@ -84,7 +84,7 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRole
return false;
}
// if confidential, only the referent can see it
if ($subject->isConfidential()) {
return $token->getUser() === $subject->getUser();
@ -94,18 +94,18 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRole
return $this->voterHelper->voteOnAttribute($attribute, $subject, $token);
}
public function getRoles()
public function getRoles(): array
{
return self::ALL;
}
public function getRolesWithoutScope()
public function getRolesWithoutScope(): array
{
return [];
}
public function getRolesWithHierarchy()
public function getRolesWithHierarchy(): array
{
return [ 'Accompanying period' => $this->getRoles() ];
return ['Accompanying period' => $this->getRoles()];
}
}

8
src/Bundle/ChillPersonBundle/Security/Authorization/PersonVoter.php
View File

@ -69,19 +69,19 @@ class PersonVoter extends AbstractChillVoter implements ProvideRoleHierarchyInte
return array(self::CREATE, self::UPDATE, self::SEE, self::STATS, self::LISTS, self::DUPLICATE);
}
public function getRoles()
public function getRoles(): array
{
return $this->getAttributes();
}
public function getRolesWithoutScope()
public function getRolesWithoutScope(): array
{
return $this->getAttributes();
}
public function getRolesWithHierarchy()
public function getRolesWithHierarchy(): array
{
return [ 'Person' => $this->getRoles() ];
return ['Person' => $this->getRoles()];
}
}

11
src/Bundle/ChillReportBundle/Security/Authorization/ReportVoter.php
View File

@ -74,19 +74,18 @@ class ReportVoter extends AbstractChillVoter implements ProvideRoleHierarchyInte
return $this->helper->userHasAccess($token->getUser(), $subject, $attribute);
}
public function getRoles()
public function getRoles(): array
{
return [self::CREATE, self::UPDATE, self::SEE, self::LISTS];
}
public function getRolesWithoutScope()
public function getRolesWithoutScope(): array
{
return array(self::LISTS);
return [self::LISTS];
}
public function getRolesWithHierarchy()
public function getRolesWithHierarchy(): array
{
return [ 'Report' => $this->getRoles() ];
return ['Report' => $this->getRoles()];
}
}

4
src/Bundle/ChillTaskBundle/Security/Authorization/TaskVoter.php
View File

@ -127,7 +127,7 @@ final class TaskVoter extends AbstractChillVoter implements ProvideRoleHierarchy
return $this->voter->voteOnAttribute($attribute, $subject, $token);
}
public function getRoles()
public function getRoles(): array
{
return self::ROLES;
}
@ -139,7 +139,7 @@ final class TaskVoter extends AbstractChillVoter implements ProvideRoleHierarchy
];
}
public function getRolesWithoutScope()
public function getRolesWithoutScope(): array
{
return [];
}

29
src/Bundle/ChillThirdPartyBundle/Security/Voter/ThirdPartyVoter.php
View File

@ -9,13 +9,13 @@ use Chill\MainBundle\Security\Authorization\AbstractChillVoter;
use Chill\MainBundle\Security\Authorization\AuthorizationHelper;
use Chill\ThirdPartyBundle\Entity\ThirdParty;
use Chill\MainBundle\Security\ProvideRoleHierarchyInterface;
use Chill\MainBundle\Entity\User;
use Chill\MainBundle\Entity\User;
use Symfony\Component\Security\Core\Role\Role;
/**
* Voter for Third Party
*
*
*
*
*
*/
class ThirdPartyVoter extends AbstractChillVoter implements ProvideRoleHierarchyInterface
@ -29,13 +29,13 @@ class ThirdPartyVoter extends AbstractChillVoter implements ProvideRoleHierarchy
public const CREATE = 'CHILL_3PARTY_3PARTY_CREATE';
public const UPDATE = 'CHILL_3PARTY_3PARTY_UPDATE';
public const SHOW = 'CHILL_3PARTY_3PARTY_SHOW';
public function __construct(AuthorizationHelper $authorizationHelper)
{
$this->authorizationHelper = $authorizationHelper;
}
protected function supports($attribute, $subject)
{
if ($subject instanceof ThirdParty) {
@ -43,42 +43,41 @@ class ThirdPartyVoter extends AbstractChillVoter implements ProvideRoleHierarchy
} elseif ($subject === NULL) {
return $attribute === self::CREATE || $attribute === self::SHOW ;
}
return false;
}
/**
*
*
* @param string $attribute
* @param ThirdParty|null $subject
* @param TokenInterface $token
* @return type
*/
protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
{
return true;
$user = $token->getUser();
if (!$user instanceof User) {
return false;
}
return true;
$centers = $this->authorizationHelper
->getReachableCenters($user, new Role($attribute));
if ($subject === NULL) {
return count($centers) > 0;
} elseif ($subject instanceof ThirdParty) {
return count(\array_intersect($centers, $subject->getCenters()->toArray())) > 0;
}
return false;
}
public function getRoles(): array
public function getRoles(): array
{
return [
self::CREATE, self::UPDATE, self::SHOW