diff --git a/src/Bundle/ChillActivityBundle/Security/Authorization/ActivityStatsVoter.php b/src/Bundle/ChillActivityBundle/Security/Authorization/ActivityStatsVoter.php index 93d8117a9..155799830 100644 --- a/src/Bundle/ChillActivityBundle/Security/Authorization/ActivityStatsVoter.php +++ b/src/Bundle/ChillActivityBundle/Security/Authorization/ActivityStatsVoter.php @@ -25,7 +25,7 @@ use Chill\MainBundle\Security\ProvideRoleHierarchyInterface; use Chill\MainBundle\Entity\Center; /** - * + * * * @author Julien Fastré */ @@ -33,13 +33,13 @@ class ActivityStatsVoter extends AbstractChillVoter implements ProvideRoleHierar { const STATS = 'CHILL_ACTIVITY_STATS'; const LISTS = 'CHILL_ACTIVITY_LIST'; - + /** * * @var AuthorizationHelper */ protected $helper; - + public function __construct(AuthorizationHelper $helper) { $this->helper = $helper; @@ -54,15 +54,15 @@ class ActivityStatsVoter extends AbstractChillVoter implements ProvideRoleHierar { return array(Center::class); } - + protected function supports($attribute, $subject) { - if ($subject instanceof Center + if ($subject instanceof Center && \in_array($attribute, $this->getAttributes())) { - + return true; } - + return false; } @@ -71,22 +71,22 @@ class ActivityStatsVoter extends AbstractChillVoter implements ProvideRoleHierar if (!$user instanceof \Symfony\Component\Security\Core\User\UserInterface) { return false; } - + return $this->helper->userHasAccess($user, $object, $attribute); } - public function getRoles() + public function getRoles(): array { return $this->getAttributes(); } - public function getRolesWithoutScope() + public function getRolesWithoutScope(): array { return $this->getAttributes(); } - public function getRolesWithHierarchy() + public function getRolesWithHierarchy(): array { - return [ 'Activity' => $this->getRoles() ]; + return ['Activity' => $this->getRoles()]; } } diff --git a/src/Bundle/ChillActivityBundle/Security/Authorization/ActivityVoter.php b/src/Bundle/ChillActivityBundle/Security/Authorization/ActivityVoter.php index 2273b912c..64d010f27 100644 --- a/src/Bundle/ChillActivityBundle/Security/Authorization/ActivityVoter.php +++ b/src/Bundle/ChillActivityBundle/Security/Authorization/ActivityVoter.php @@ -1,21 +1,6 @@ - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ +declare(strict_types=1); namespace Chill\ActivityBundle\Security\Authorization; @@ -25,9 +10,7 @@ use Chill\PersonBundle\Entity\AccompanyingPeriod; use Chill\PersonBundle\Security\Authorization\AccompanyingPeriodVoter; use Chill\PersonBundle\Security\Authorization\PersonVoter; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; - use Chill\MainBundle\Security\Authorization\AbstractChillVoter; -use Chill\MainBundle\Security\Authorization\AuthorizationHelper; use Chill\MainBundle\Security\ProvideRoleHierarchyInterface; use Chill\MainBundle\Entity\User; use Chill\ActivityBundle\Entity\Activity; @@ -35,9 +18,6 @@ use Chill\PersonBundle\Entity\Person; use Symfony\Component\Security\Core\Role\Role; use Symfony\Component\Security\Core\Security; -/** - * Voter for Activity class - */ class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyInterface { /** @@ -46,7 +26,7 @@ class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyIn * * It is safe for usage in template and controller */ - const CREATE = 'CHILL_ACTIVITY_CREATE'; + public const CREATE = 'CHILL_ACTIVITY_CREATE'; /** * role to allow to create an activity associated win an accompanying course. @@ -55,7 +35,7 @@ class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyIn * * @internal */ - const CREATE_ACCOMPANYING_COURSE = 'CHILL_ACTIVITY_CREATE_ACCOMPANYING_COURSE'; + public const CREATE_ACCOMPANYING_COURSE = 'CHILL_ACTIVITY_CREATE_ACCOMPANYING_COURSE'; /** * role to allow to create an activity associated with a person @@ -64,13 +44,13 @@ class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyIn * * @internal */ - const CREATE_PERSON = 'CHILL_ACTIVITY_CREATE_PERSON'; + public const CREATE_PERSON = 'CHILL_ACTIVITY_CREATE_PERSON'; - const SEE = 'CHILL_ACTIVITY_SEE'; - const SEE_DETAILS = 'CHILL_ACTIVITY_SEE_DETAILS'; - const UPDATE = 'CHILL_ACTIVITY_UPDATE'; - const DELETE = 'CHILL_ACTIVITY_DELETE'; - const FULL = 'CHILL_ACTIVITY_FULL'; + public const SEE = 'CHILL_ACTIVITY_SEE'; + public const SEE_DETAILS = 'CHILL_ACTIVITY_SEE_DETAILS'; + public const UPDATE = 'CHILL_ACTIVITY_UPDATE'; + public const DELETE = 'CHILL_ACTIVITY_DELETE'; + public const FULL = 'CHILL_ACTIVITY_FULL'; private const ALL = [ self::CREATE, @@ -97,13 +77,12 @@ class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyIn ->build(); } - - protected function supports($attribute, $subject) + protected function supports($attribute, $subject): bool { return $this->voterHelper->supports($attribute, $subject); } - protected function voteOnAttribute($attribute, $subject, TokenInterface $token) + protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool { if (!$token->getUser() instanceof User) { return false; @@ -132,7 +111,7 @@ class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyIn $attribute = self::CREATE_ACCOMPANYING_COURSE; } } else { - throw new \RuntimeException("could not determine context of activity"); + throw new \RuntimeException('Could not determine context of activity.'); } } elseif ($subject instanceof AccompanyingPeriod) { if (AccompanyingPeriod::STEP_CLOSED === $subject->getStep()) { @@ -155,8 +134,7 @@ class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyIn return $this->voterHelper->voteOnAttribute($attribute, $subject, $token); } - - public function getRoles() + public function getRoles(): array { return [ self::CREATE_PERSON, @@ -167,16 +145,14 @@ class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyIn ]; } - - public function getRolesWithoutScope() + public function getRolesWithoutScope(): array { return []; } - - public function getRolesWithHierarchy() + public function getRolesWithHierarchy(): array { - return [ 'Activity' => $this->getRoles() ]; + return ['Activity' => $this->getRoles()]; } } diff --git a/src/Bundle/ChillBudgetBundle/Security/Authorization/BudgetElementVoter.php b/src/Bundle/ChillBudgetBundle/Security/Authorization/BudgetElementVoter.php index 2f7530938..0ff166c40 100644 --- a/src/Bundle/ChillBudgetBundle/Security/Authorization/BudgetElementVoter.php +++ b/src/Bundle/ChillBudgetBundle/Security/Authorization/BudgetElementVoter.php @@ -12,7 +12,7 @@ use Chill\MainBundle\Entity\User; use Symfony\Component\Security\Core\Role\Role; /** - * + * * * @author Julien Fastré */ @@ -22,56 +22,56 @@ class BudgetElementVoter extends AbstractChillVoter implements ProvideRoleHierar const DELETE = 'CHILL_BUDGET_ELEMENT_DELETE'; const UPDATE = 'CHILL_BUDGET_ELEMENT_UPDATE'; const SHOW = 'CHILL_BUDGET_ELEMENT_SHOW'; - + const ROLES = [ self::CREATE, self::DELETE, self::SHOW, self::UPDATE ]; - + /** * * @var AuthorizationHelper */ protected $authorizationHelper; - + public function __construct(AuthorizationHelper $authorizationHelper) { $this->authorizationHelper = $authorizationHelper; } - + protected function supports($attribute, $subject) { return (\in_array($attribute, self::ROLES) && $subject instanceof AbstractElement) or ($subject instanceof Person && \in_array($attribute, [ self::SHOW, self::CREATE ])); } - + protected function voteOnAttribute($attribute, $subject, \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token) { $user = $token->getUser(); - + if (FALSE === $user instanceof User) { return false; } - + return $this->authorizationHelper ->userHasAccess($user, $subject, new Role($attribute)); } - - public function getRoles() + + public function getRoles(): array { return self::ROLES; - } - + } + public function getRolesWithHierarchy(): array { - return [ 'Budget elements' => self::ROLES ]; - } - - public function getRolesWithoutScope() + return ['Budget elements' => self::ROLES]; + } + + public function getRolesWithoutScope(): array { return self::ROLES; } diff --git a/src/Bundle/ChillDocStoreBundle/Security/Authorization/AccompanyingCourseDocumentVoter.php b/src/Bundle/ChillDocStoreBundle/Security/Authorization/AccompanyingCourseDocumentVoter.php index 0e9b2f40a..7b3efc416 100644 --- a/src/Bundle/ChillDocStoreBundle/Security/Authorization/AccompanyingCourseDocumentVoter.php +++ b/src/Bundle/ChillDocStoreBundle/Security/Authorization/AccompanyingCourseDocumentVoter.php @@ -47,7 +47,7 @@ class AccompanyingCourseDocumentVoter extends AbstractChillVoter implements Prov ->build(); } - public function getRoles() + public function getRoles(): array { return [ self::CREATE, @@ -91,13 +91,13 @@ class AccompanyingCourseDocumentVoter extends AbstractChillVoter implements Prov return $this->voterHelper->voteOnAttribute($attribute, $subject, $token); } - public function getRolesWithoutScope() + public function getRolesWithoutScope(): array { - return array(); + return []; } - public function getRolesWithHierarchy() + public function getRolesWithHierarchy(): array { - return ['accompanyingCourseDocument' => $this->getRoles() ]; + return ['accompanyingCourseDocument' => $this->getRoles()]; } } diff --git a/src/Bundle/ChillDocStoreBundle/Security/Authorization/PersonDocumentVoter.php b/src/Bundle/ChillDocStoreBundle/Security/Authorization/PersonDocumentVoter.php index 73254278b..a3e22857c 100644 --- a/src/Bundle/ChillDocStoreBundle/Security/Authorization/PersonDocumentVoter.php +++ b/src/Bundle/ChillDocStoreBundle/Security/Authorization/PersonDocumentVoter.php @@ -40,7 +40,7 @@ class PersonDocumentVoter extends AbstractChillVoter implements ProvideRoleHiera ->build(); } - public function getRoles() + public function getRoles(): array { return [ self::CREATE, @@ -79,14 +79,13 @@ class PersonDocumentVoter extends AbstractChillVoter implements ProvideRoleHiera return $this->voterHelper->voteOnAttribute($attribute, $subject, $token); } - public function getRolesWithoutScope() + public function getRolesWithoutScope(): array { - return array(); + return []; } - - public function getRolesWithHierarchy() + public function getRolesWithHierarchy(): array { - return ['PersonDocument' => $this->getRoles() ]; + return ['PersonDocument' => $this->getRoles()]; } } diff --git a/src/Bundle/ChillEventBundle/Entity/EventType.php b/src/Bundle/ChillEventBundle/Entity/EventType.php index c8b6b63c0..823a05334 100644 --- a/src/Bundle/ChillEventBundle/Entity/EventType.php +++ b/src/Bundle/ChillEventBundle/Entity/EventType.php @@ -160,12 +160,7 @@ class EventType $this->roles->removeElement($role); } - /** - * Get roles - * - * @return Collection - */ - public function getRoles() + public function getRoles(): array { return $this->roles; } diff --git a/src/Bundle/ChillEventBundle/Security/Authorization/EventVoter.php b/src/Bundle/ChillEventBundle/Security/Authorization/EventVoter.php index c62767fa9..68214125d 100644 --- a/src/Bundle/ChillEventBundle/Security/Authorization/EventVoter.php +++ b/src/Bundle/ChillEventBundle/Security/Authorization/EventVoter.php @@ -42,29 +42,29 @@ class EventVoter extends AbstractChillVoter implements ProvideRoleHierarchyInter const SEE_DETAILS = 'CHILL_EVENT_SEE_DETAILS'; const CREATE = 'CHILL_EVENT_CREATE'; const UPDATE = 'CHILL_EVENT_UPDATE'; - + const ROLES = [ self::SEE, self::SEE_DETAILS, self::CREATE, self::UPDATE ]; - + /** * @var AuthorizationHelper */ protected $authorizationHelper; - + /** * @var AccessDecisionManagerInterface */ protected $accessDecisionManager; - + /** * @var LoggerInterface */ protected $logger; - + public function __construct( AccessDecisionManagerInterface $accessDecisionManager, AuthorizationHelper $authorizationHelper, @@ -75,7 +75,7 @@ class EventVoter extends AbstractChillVoter implements ProvideRoleHierarchyInter $this->authorizationHelper = $authorizationHelper; $this->logger = $logger; } - + public function supports($attribute, $subject) { return ($subject instanceof Event && in_array($attribute, self::ROLES)) @@ -85,7 +85,7 @@ class EventVoter extends AbstractChillVoter implements ProvideRoleHierarchyInter (NULL === $subject && $attribute === self::SEE ) ; } - + /** * * @param string $attribute @@ -96,30 +96,30 @@ class EventVoter extends AbstractChillVoter implements ProvideRoleHierarchyInter protected function voteOnAttribute($attribute, $subject, TokenInterface $token) { $this->logger->debug(sprintf("Voting from %s class", self::class)); - + if (!$token->getUser() instanceof User) { return false; } - + if ($subject instanceof Event) { return $this->authorizationHelper->userHasAccess($token->getUser(), $subject, $attribute); - + } elseif ($subject instanceof Person) { return $this->authorizationHelper->userHasAccess($token->getUser(), $subject, $attribute); - + } else { - + // subject is null. We check that at least one center is reachable $centers = $this->authorizationHelper ->getReachableCenters($token->getUser(), new Role($attribute)); - + return count($centers) > 0; } - + if (!$this->accessDecisionManager->decide($token, [PersonVoter::SEE], $person)) { return false; } - + return $this->authorizationHelper->userHasAccess( $token->getUser(), $subject, @@ -127,23 +127,22 @@ class EventVoter extends AbstractChillVoter implements ProvideRoleHierarchyInter ); } - - - public function getRoles() + + public function getRoles(): array { return self::ROLES; } - - public function getRolesWithHierarchy() + + public function getRolesWithHierarchy(): array { return [ 'Event' => self::ROLES ]; } - public function getRolesWithoutScope() + public function getRolesWithoutScope(): array { return []; } - + } diff --git a/src/Bundle/ChillEventBundle/Security/Authorization/ParticipationVoter.php b/src/Bundle/ChillEventBundle/Security/Authorization/ParticipationVoter.php index 50e05e279..bbab2edbf 100644 --- a/src/Bundle/ChillEventBundle/Security/Authorization/ParticipationVoter.php +++ b/src/Bundle/ChillEventBundle/Security/Authorization/ParticipationVoter.php @@ -31,7 +31,7 @@ use Symfony\Component\Security\Core\Role\Role; use Psr\Log\LoggerInterface; /** - * + * * * @author Julien Fastré */ @@ -127,19 +127,19 @@ class ParticipationVoter extends AbstractChillVoter implements ProvideRoleHierar } - public function getRoles() + public function getRoles(): array { return self::ROLES; } - public function getRolesWithHierarchy() + public function getRolesWithHierarchy(): array { return [ 'Event' => self::ROLES ]; } - public function getRolesWithoutScope() + public function getRolesWithoutScope(): array { return []; } diff --git a/src/Bundle/ChillFamilyMembersBundle/Security/Voter/FamilyMemberVoter.php b/src/Bundle/ChillFamilyMembersBundle/Security/Voter/FamilyMemberVoter.php index 5e218657c..951d7a92f 100644 --- a/src/Bundle/ChillFamilyMembersBundle/Security/Voter/FamilyMemberVoter.php +++ b/src/Bundle/ChillFamilyMembersBundle/Security/Voter/FamilyMemberVoter.php @@ -12,7 +12,7 @@ use Chill\MainBundle\Entity\User; use Symfony\Component\Security\Core\Role\Role; /** - * + * * * @author Julien Fastré */ @@ -22,56 +22,56 @@ class FamilyMemberVoter extends AbstractChillVoter implements ProvideRoleHierarc const DELETE = 'CHILL_FAMILY_MEMBERS_FAMILY_MEMBERS_DELETE'; const UPDATE = 'CHILL_FAMILY_MEMBERS_FAMILY_MEMBERS_UPDATE'; const SHOW = 'CHILL_FAMILY_MEMBERS_FAMILY_MEMBERS_SHOW'; - + const ROLES = [ self::CREATE, self::DELETE, self::SHOW, self::UPDATE ]; - + /** * * @var AuthorizationHelper */ protected $authorizationHelper; - + public function __construct(AuthorizationHelper $authorizationHelper) { $this->authorizationHelper = $authorizationHelper; } - + protected function supports($attribute, $subject) { return (\in_array($attribute, self::ROLES) && $subject instanceof FamilyMember) or ($subject instanceof Person && \in_array($attribute, [ self::SHOW, self::CREATE ])); } - + protected function voteOnAttribute($attribute, $subject, \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token) { $user = $token->getUser(); - + if (FALSE === $user instanceof User) { return false; } - + return $this->authorizationHelper ->userHasAccess($user, $subject, new Role($attribute)); } - - public function getRoles() + + public function getRoles(): array { return self::ROLES; - } - + } + public function getRolesWithHierarchy(): array { - return [ 'Family Members' => self::ROLES ]; - } - - public function getRolesWithoutScope() + return ['Family Members' => self::ROLES]; + } + + public function getRolesWithoutScope(): array { return self::ROLES; } diff --git a/src/Bundle/ChillMainBundle/Entity/User.php b/src/Bundle/ChillMainBundle/Entity/User.php index 461d0d919..4addbe153 100644 --- a/src/Bundle/ChillMainBundle/Entity/User.php +++ b/src/Bundle/ChillMainBundle/Entity/User.php @@ -203,12 +203,9 @@ class User implements AdvancedUserInterface { */ public function eraseCredentials() {} - /** - * @return array - */ - public function getRoles() + public function getRoles(): array { - return array('ROLE_USER'); + return ['ROLE_USER']; } /** diff --git a/src/Bundle/ChillMainBundle/Security/Authorization/DefaultVoterHelper.php b/src/Bundle/ChillMainBundle/Security/Authorization/DefaultVoterHelper.php index ef1d319ac..1ccf28da6 100644 --- a/src/Bundle/ChillMainBundle/Security/Authorization/DefaultVoterHelper.php +++ b/src/Bundle/ChillMainBundle/Security/Authorization/DefaultVoterHelper.php @@ -1,5 +1,7 @@ authorizationHelper->getReachableCenters($token->getUser(), $attribute, null)); + return [] !== $this->authorizationHelper->getReachableCenters($token->getUser(), $attribute, null); } return $this->authorizationHelper->userHasAccess( diff --git a/src/Bundle/ChillMainBundle/Security/Authorization/DefaultVoterHelperFactory.php b/src/Bundle/ChillMainBundle/Security/Authorization/DefaultVoterHelperFactory.php index 9349eaed2..60a79f4be 100644 --- a/src/Bundle/ChillMainBundle/Security/Authorization/DefaultVoterHelperFactory.php +++ b/src/Bundle/ChillMainBundle/Security/Authorization/DefaultVoterHelperFactory.php @@ -1,5 +1,7 @@ - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ + +declare(strict_types=1); + namespace Chill\MainBundle\Security; /** - * Give a hierarchy for the role. - * - * This hierarchy allow to sort roles, which is useful in UI + * Give a hierarchy for the role. * - * @author Julien Fastré + * This hierarchy allow to sort roles, which is useful in UI */ interface ProvideRoleHierarchyInterface extends ProvideRoleInterface { /** * Return an array of roles, where keys are the hierarchy, and values * an array of roles. - * - * Example: - * + * + * Example: + * * ``` * [ 'Title' => [ 'CHILL_FOO_SEE', 'CHILL_FOO_UPDATE' ] ] * ``` - * - * @return array where keys are the hierarchy, and values an array of roles: `[ 'title' => [ 'CHILL_FOO_SEE', 'CHILL_FOO_UPDATE' ] ]` + * + * @return array> Where keys are the hierarchy, and values an array of roles: `[ 'title' => [ 'CHILL_FOO_SEE', 'CHILL_FOO_UPDATE' ] ]` */ - public function getRolesWithHierarchy(); + public function getRolesWithHierarchy(): array; } diff --git a/src/Bundle/ChillMainBundle/Security/ProvideRoleInterface.php b/src/Bundle/ChillMainBundle/Security/ProvideRoleInterface.php index 08a48181a..e3d756055 100644 --- a/src/Bundle/ChillMainBundle/Security/ProvideRoleInterface.php +++ b/src/Bundle/ChillMainBundle/Security/ProvideRoleInterface.php @@ -1,53 +1,36 @@ - * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as published by - * the Free Software Foundation, either version 3 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - */ +declare(strict_types=1); namespace Chill\MainBundle\Security; /** * Declare role - * + * * The role are added to the configuration at compile time. - * - * The implemented object must be declared as a service and tagged as - * + * + * The implemented object must be declared as a service and tagged as + * * 
  * my_role_declaration:
  *    # ...
  *    tags:
  *       - { name: chill.role }
  *
- * - * @author Julien Fastré */ interface ProvideRoleInterface { /** - * return an array of role provided by the object - * + * Return an array of role provided by the object. + * * @return string[] array of roles (as string) */ - public function getRoles(); - + public function getRoles(): array; + /** - * return roles which doesn't need - * + * Return roles which doesn't need. + * * @return string[] array of roles without scopes */ - public function getRolesWithoutScope(); + public function getRolesWithoutScope(): array; } diff --git a/src/Bundle/ChillMainBundle/Security/RoleProvider.php b/src/Bundle/ChillMainBundle/Security/RoleProvider.php index f72435cb1..8be0adc22 100644 --- a/src/Bundle/ChillMainBundle/Security/RoleProvider.php +++ b/src/Bundle/ChillMainBundle/Security/RoleProvider.php @@ -20,7 +20,7 @@ namespace Chill\MainBundle\Security; /** - * + * * * @author Julien Fastré */ @@ -31,63 +31,57 @@ class RoleProvider * @var ProvideRoleInterface[] */ private $providers = array(); - + /** * an array where keys are the role, and value is the title * for the given role. - * + * * Null when not initialized. * * @var array|null */ private $rolesTitlesCache = null; - + /** * Add a role provider - * + * * @internal This function is called by the dependency injector: it inject provider * @param \Chill\MainBundle\Security\ProvideRoleInterface $provider */ - public function addProvider(ProvideRoleInterface $provider) + public function addProvider(ProvideRoleInterface $provider) { $this->providers[] = $provider; } - - /** - * - * @return string[] the roles as string - */ - public function getRoles() + + public function getRoles(): array { - $roles = array(); + $roles = []; + foreach ($this->providers as $provider) { if ($provider->getRoles() !== NULL) { $roles = array_merge($roles, $provider->getRoles()); } } - + return $roles; } - - /** - * - * @return string[] the roles as string - */ - public function getRolesWithoutScopes() + + public function getRolesWithoutScopes(): array { - $roles = array(); + $roles = []; + foreach ($this->providers as $provider) { if ($provider->getRolesWithoutScope() !== NULL) { $roles = array_merge($roles, $provider->getRolesWithoutScope()); } } - + return $roles; } - + /** * initialize the array for caching role and titles - * + * */ private function initializeRolesTitlesCache() { @@ -95,7 +89,7 @@ class RoleProvider if ($this->rolesTitlesCache !== null) { return; } - + foreach ($this->providers as $provider) { if ($provider instanceof ProvideRoleHierarchyInterface) { foreach ($provider->getRolesWithHierarchy() as $title => $roles) { @@ -106,31 +100,31 @@ class RoleProvider } else { if ($provider->getRoles() !== null) { $this->rolesTitlesCache = \array_merge( - $this->rolesTitlesCache, + $this->rolesTitlesCache, \array_fill_keys($provider->getRoles(), null) ); } } } } - + /** * Get the title for each role. - * + * * @param string $role * @return string the title of the role */ public function getRoleTitle($role) { $this->initializeRolesTitlesCache(); - + if (! \array_key_exists($role, $this->rolesTitlesCache)) { - // this case might happens when the role is not described in + // this case might happens when the role is not described in // `getRolesWithHierarchy` return null; } - + return $this->rolesTitlesCache[$role]; } - + } diff --git a/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodVoter.php b/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodVoter.php index 4f170b2b0..b667d44a6 100644 --- a/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodVoter.php +++ b/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodVoter.php @@ -68,13 +68,13 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRole } if ($subject instanceof AccompanyingPeriod) { - + if (AccompanyingPeriod::STEP_CLOSED === $subject->getStep()) { if (\in_array($attribute, [self::EDIT, self::DELETE])) { return false; } } - + if (AccompanyingPeriod::STEP_DRAFT === $subject->getStep()) { // only creator can see, edit, delete, etc. if ($subject->getCreatedBy() === $token->getUser() @@ -84,7 +84,7 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRole return false; } - + // if confidential, only the referent can see it if ($subject->isConfidential()) { return $token->getUser() === $subject->getUser(); @@ -94,18 +94,18 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRole return $this->voterHelper->voteOnAttribute($attribute, $subject, $token); } - public function getRoles() + public function getRoles(): array { return self::ALL; } - public function getRolesWithoutScope() + public function getRolesWithoutScope(): array { return []; } - public function getRolesWithHierarchy() + public function getRolesWithHierarchy(): array { - return [ 'Accompanying period' => $this->getRoles() ]; + return ['Accompanying period' => $this->getRoles()]; } } diff --git a/src/Bundle/ChillPersonBundle/Security/Authorization/PersonVoter.php b/src/Bundle/ChillPersonBundle/Security/Authorization/PersonVoter.php index 2d585e80e..b1e6268b4 100644 --- a/src/Bundle/ChillPersonBundle/Security/Authorization/PersonVoter.php +++ b/src/Bundle/ChillPersonBundle/Security/Authorization/PersonVoter.php @@ -69,19 +69,19 @@ class PersonVoter extends AbstractChillVoter implements ProvideRoleHierarchyInte return array(self::CREATE, self::UPDATE, self::SEE, self::STATS, self::LISTS, self::DUPLICATE); } - public function getRoles() + public function getRoles(): array { return $this->getAttributes(); } - public function getRolesWithoutScope() + public function getRolesWithoutScope(): array { return $this->getAttributes(); } - public function getRolesWithHierarchy() + public function getRolesWithHierarchy(): array { - return [ 'Person' => $this->getRoles() ]; + return ['Person' => $this->getRoles()]; } } diff --git a/src/Bundle/ChillReportBundle/Security/Authorization/ReportVoter.php b/src/Bundle/ChillReportBundle/Security/Authorization/ReportVoter.php index 5741b567b..fb113ca68 100644 --- a/src/Bundle/ChillReportBundle/Security/Authorization/ReportVoter.php +++ b/src/Bundle/ChillReportBundle/Security/Authorization/ReportVoter.php @@ -74,19 +74,18 @@ class ReportVoter extends AbstractChillVoter implements ProvideRoleHierarchyInte return $this->helper->userHasAccess($token->getUser(), $subject, $attribute); } - - public function getRoles() + public function getRoles(): array { return [self::CREATE, self::UPDATE, self::SEE, self::LISTS]; } - public function getRolesWithoutScope() + public function getRolesWithoutScope(): array { - return array(self::LISTS); + return [self::LISTS]; } - public function getRolesWithHierarchy() + public function getRolesWithHierarchy(): array { - return [ 'Report' => $this->getRoles() ]; + return ['Report' => $this->getRoles()]; } } diff --git a/src/Bundle/ChillTaskBundle/Security/Authorization/TaskVoter.php b/src/Bundle/ChillTaskBundle/Security/Authorization/TaskVoter.php index 8cb6de781..aa96fbb69 100644 --- a/src/Bundle/ChillTaskBundle/Security/Authorization/TaskVoter.php +++ b/src/Bundle/ChillTaskBundle/Security/Authorization/TaskVoter.php @@ -127,7 +127,7 @@ final class TaskVoter extends AbstractChillVoter implements ProvideRoleHierarchy return $this->voter->voteOnAttribute($attribute, $subject, $token); } - public function getRoles() + public function getRoles(): array { return self::ROLES; } @@ -139,7 +139,7 @@ final class TaskVoter extends AbstractChillVoter implements ProvideRoleHierarchy ]; } - public function getRolesWithoutScope() + public function getRolesWithoutScope(): array { return []; } diff --git a/src/Bundle/ChillThirdPartyBundle/Security/Voter/ThirdPartyVoter.php b/src/Bundle/ChillThirdPartyBundle/Security/Voter/ThirdPartyVoter.php index ab78c7701..48efd88db 100644 --- a/src/Bundle/ChillThirdPartyBundle/Security/Voter/ThirdPartyVoter.php +++ b/src/Bundle/ChillThirdPartyBundle/Security/Voter/ThirdPartyVoter.php @@ -9,13 +9,13 @@ use Chill\MainBundle\Security\Authorization\AbstractChillVoter; use Chill\MainBundle\Security\Authorization\AuthorizationHelper; use Chill\ThirdPartyBundle\Entity\ThirdParty; use Chill\MainBundle\Security\ProvideRoleHierarchyInterface; -use Chill\MainBundle\Entity\User; +use Chill\MainBundle\Entity\User; use Symfony\Component\Security\Core\Role\Role; /** * Voter for Third Party - * - * + * + * * */ class ThirdPartyVoter extends AbstractChillVoter implements ProvideRoleHierarchyInterface @@ -29,13 +29,13 @@ class ThirdPartyVoter extends AbstractChillVoter implements ProvideRoleHierarchy public const CREATE = 'CHILL_3PARTY_3PARTY_CREATE'; public const UPDATE = 'CHILL_3PARTY_3PARTY_UPDATE'; public const SHOW = 'CHILL_3PARTY_3PARTY_SHOW'; - + public function __construct(AuthorizationHelper $authorizationHelper) { $this->authorizationHelper = $authorizationHelper; } - + protected function supports($attribute, $subject) { if ($subject instanceof ThirdParty) { @@ -43,42 +43,41 @@ class ThirdPartyVoter extends AbstractChillVoter implements ProvideRoleHierarchy } elseif ($subject === NULL) { return $attribute === self::CREATE || $attribute === self::SHOW ; } - + return false; } - + /** - * + * * @param string $attribute * @param ThirdParty|null $subject * @param TokenInterface $token - * @return type */ - protected function voteOnAttribute($attribute, $subject, TokenInterface $token) + protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool { return true; $user = $token->getUser(); - + if (!$user instanceof User) { return false; } return true; - + $centers = $this->authorizationHelper ->getReachableCenters($user, new Role($attribute)); - + if ($subject === NULL) { return count($centers) > 0; } elseif ($subject instanceof ThirdParty) { return count(\array_intersect($centers, $subject->getCenters()->toArray())) > 0; } - + return false; } - public function getRoles(): array + public function getRoles(): array { return [ self::CREATE, self::UPDATE, self::SHOW