Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-06-12 21:34:25 +00:00
Code Issues Actions Projects Releases Wiki Activity

fix: Strict types interfaces: VoterHelperInterface, ProvideRoleHierarchyInterface and ProvideRoleInterface.

Browse Source
This commit is contained in:
Pol Dellaiera 2021-11-23 10:40:34 +01:00
parent 05dda33a7a
commit 328b4c4596
No known key found for this signature in database
GPG Key ID: D476DFE9C67467CA
21 changed files with 187 additions and 255 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
src/Bundle/ChillActivityBundle/Security/Authorization/ActivityStatsVoter.php
View File

@ -25,7 +25,7 @@ use Chill\MainBundle\Security\ProvideRoleHierarchyInterface;
use Chill\MainBundle\Entity\Center; use Chill\MainBundle\Entity\Center;
/** /**
* *
* *
* @author Julien Fastré <julien.fastre@champs-libres.coop> * @author Julien Fastré <julien.fastre@champs-libres.coop>
*/ */
@ -33,13 +33,13 @@ class ActivityStatsVoter extends AbstractChillVoter implements ProvideRoleHierar
{ {
const STATS = 'CHILL_ACTIVITY_STATS'; const STATS = 'CHILL_ACTIVITY_STATS';
const LISTS = 'CHILL_ACTIVITY_LIST'; const LISTS = 'CHILL_ACTIVITY_LIST';
/** /**
* *
* @var AuthorizationHelper * @var AuthorizationHelper
*/ */
protected $helper; protected $helper;
public function __construct(AuthorizationHelper $helper) public function __construct(AuthorizationHelper $helper)
{ {
$this->helper = $helper; $this->helper = $helper;
@ -54,15 +54,15 @@ class ActivityStatsVoter extends AbstractChillVoter implements ProvideRoleHierar
{ {
return array(Center::class); return array(Center::class);
} }
protected function supports($attribute, $subject) protected function supports($attribute, $subject)
{ {
if ($subject instanceof Center if ($subject instanceof Center
&& \in_array($attribute, $this->getAttributes())) { && \in_array($attribute, $this->getAttributes())) {
return true; return true;
} }
return false; return false;
} }
@ -71,22 +71,22 @@ class ActivityStatsVoter extends AbstractChillVoter implements ProvideRoleHierar
if (!$user instanceof \Symfony\Component\Security\Core\User\UserInterface) { if (!$user instanceof \Symfony\Component\Security\Core\User\UserInterface) {
return false; return false;
} }
return $this->helper->userHasAccess($user, $object, $attribute); return $this->helper->userHasAccess($user, $object, $attribute);
} }
public function getRoles() public function getRoles(): array
{ {
return $this->getAttributes(); return $this->getAttributes();
} }
public function getRolesWithoutScope() public function getRolesWithoutScope(): array
{ {
return $this->getAttributes(); return $this->getAttributes();
} }
public function getRolesWithHierarchy() public function getRolesWithHierarchy(): array
{ {
return [ 'Activity' => $this->getRoles() ]; return ['Activity' => $this->getRoles()];
} }
} }

56
src/Bundle/ChillActivityBundle/Security/Authorization/ActivityVoter.php
View File

@ -1,21 +1,6 @@
<?php <?php
/* declare(strict_types=1);
* Copyright (C) 2015 Julien Fastré <julien.fastre@champs-libres.coop>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
namespace Chill\ActivityBundle\Security\Authorization; namespace Chill\ActivityBundle\Security\Authorization;
@ -25,9 +10,7 @@ use Chill\PersonBundle\Entity\AccompanyingPeriod;
use Chill\PersonBundle\Security\Authorization\AccompanyingPeriodVoter; use Chill\PersonBundle\Security\Authorization\AccompanyingPeriodVoter;
use Chill\PersonBundle\Security\Authorization\PersonVoter; use Chill\PersonBundle\Security\Authorization\PersonVoter;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Chill\MainBundle\Security\Authorization\AbstractChillVoter; use Chill\MainBundle\Security\Authorization\AbstractChillVoter;
use Chill\MainBundle\Security\Authorization\AuthorizationHelper;
use Chill\MainBundle\Security\ProvideRoleHierarchyInterface; use Chill\MainBundle\Security\ProvideRoleHierarchyInterface;
use Chill\MainBundle\Entity\User; use Chill\MainBundle\Entity\User;
use Chill\ActivityBundle\Entity\Activity; use Chill\ActivityBundle\Entity\Activity;
@ -35,9 +18,6 @@ use Chill\PersonBundle\Entity\Person;
use Symfony\Component\Security\Core\Role\Role; use Symfony\Component\Security\Core\Role\Role;
use Symfony\Component\Security\Core\Security; use Symfony\Component\Security\Core\Security;
/**
* Voter for Activity class
*/
class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyInterface class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyInterface
{ {
/** /**
@ -46,7 +26,7 @@ class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyIn
* *
* It is safe for usage in template and controller * It is safe for usage in template and controller
*/ */
const CREATE = 'CHILL_ACTIVITY_CREATE'; public const CREATE = 'CHILL_ACTIVITY_CREATE';
/** /**
* role to allow to create an activity associated win an accompanying course. * role to allow to create an activity associated win an accompanying course.
@ -55,7 +35,7 @@ class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyIn
* *
* @internal * @internal
*/ */
const CREATE_ACCOMPANYING_COURSE = 'CHILL_ACTIVITY_CREATE_ACCOMPANYING_COURSE'; public const CREATE_ACCOMPANYING_COURSE = 'CHILL_ACTIVITY_CREATE_ACCOMPANYING_COURSE';
/** /**
* role to allow to create an activity associated with a person * role to allow to create an activity associated with a person
@ -64,13 +44,13 @@ class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyIn
* *
* @internal * @internal
*/ */
const CREATE_PERSON = 'CHILL_ACTIVITY_CREATE_PERSON'; public const CREATE_PERSON = 'CHILL_ACTIVITY_CREATE_PERSON';
const SEE = 'CHILL_ACTIVITY_SEE'; public const SEE = 'CHILL_ACTIVITY_SEE';
const SEE_DETAILS = 'CHILL_ACTIVITY_SEE_DETAILS'; public const SEE_DETAILS = 'CHILL_ACTIVITY_SEE_DETAILS';
const UPDATE = 'CHILL_ACTIVITY_UPDATE'; public const UPDATE = 'CHILL_ACTIVITY_UPDATE';
const DELETE = 'CHILL_ACTIVITY_DELETE'; public const DELETE = 'CHILL_ACTIVITY_DELETE';
const FULL = 'CHILL_ACTIVITY_FULL'; public const FULL = 'CHILL_ACTIVITY_FULL';
private const ALL = [ private const ALL = [
self::CREATE, self::CREATE,
@ -97,13 +77,12 @@ class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyIn
->build(); ->build();
} }
protected function supports($attribute, $subject): bool
protected function supports($attribute, $subject)
{ {
return $this->voterHelper->supports($attribute, $subject); return $this->voterHelper->supports($attribute, $subject);
} }
protected function voteOnAttribute($attribute, $subject, TokenInterface $token) protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
{ {
if (!$token->getUser() instanceof User) { if (!$token->getUser() instanceof User) {
return false; return false;
@ -132,7 +111,7 @@ class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyIn
$attribute = self::CREATE_ACCOMPANYING_COURSE; $attribute = self::CREATE_ACCOMPANYING_COURSE;
} }
} else { } else {
throw new \RuntimeException("could not determine context of activity"); throw new \RuntimeException('Could not determine context of activity.');
} }
} elseif ($subject instanceof AccompanyingPeriod) { } elseif ($subject instanceof AccompanyingPeriod) {
if (AccompanyingPeriod::STEP_CLOSED === $subject->getStep()) { if (AccompanyingPeriod::STEP_CLOSED === $subject->getStep()) {
@ -155,8 +134,7 @@ class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyIn
return $this->voterHelper->voteOnAttribute($attribute, $subject, $token); return $this->voterHelper->voteOnAttribute($attribute, $subject, $token);
} }
public function getRoles(): array
public function getRoles()
{ {
return [ return [
self::CREATE_PERSON, self::CREATE_PERSON,
@ -167,16 +145,14 @@ class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyIn
]; ];
} }
public function getRolesWithoutScope(): array
public function getRolesWithoutScope()
{ {
return []; return [];
} }
public function getRolesWithHierarchy(): array
public function getRolesWithHierarchy()
{ {
return [ 'Activity' => $this->getRoles() ]; return ['Activity' => $this->getRoles()];
} }
} }

32
src/Bundle/ChillBudgetBundle/Security/Authorization/BudgetElementVoter.php
View File

@ -12,7 +12,7 @@ use Chill\MainBundle\Entity\User;
use Symfony\Component\Security\Core\Role\Role; use Symfony\Component\Security\Core\Role\Role;
/** /**
* *
* *
* @author Julien Fastré <julien.fastre@champs-libres.coop> * @author Julien Fastré <julien.fastre@champs-libres.coop>
*/ */
@ -22,56 +22,56 @@ class BudgetElementVoter extends AbstractChillVoter implements ProvideRoleHierar
const DELETE = 'CHILL_BUDGET_ELEMENT_DELETE'; const DELETE = 'CHILL_BUDGET_ELEMENT_DELETE';
const UPDATE = 'CHILL_BUDGET_ELEMENT_UPDATE'; const UPDATE = 'CHILL_BUDGET_ELEMENT_UPDATE';
const SHOW = 'CHILL_BUDGET_ELEMENT_SHOW'; const SHOW = 'CHILL_BUDGET_ELEMENT_SHOW';
const ROLES = [ const ROLES = [
self::CREATE, self::CREATE,
self::DELETE, self::DELETE,
self::SHOW, self::SHOW,
self::UPDATE self::UPDATE
]; ];
/** /**
* *
* @var AuthorizationHelper * @var AuthorizationHelper
*/ */
protected $authorizationHelper; protected $authorizationHelper;
public function __construct(AuthorizationHelper $authorizationHelper) public function __construct(AuthorizationHelper $authorizationHelper)
{ {
$this->authorizationHelper = $authorizationHelper; $this->authorizationHelper = $authorizationHelper;
} }
protected function supports($attribute, $subject) protected function supports($attribute, $subject)
{ {
return (\in_array($attribute, self::ROLES) && $subject instanceof AbstractElement) return (\in_array($attribute, self::ROLES) && $subject instanceof AbstractElement)
or or
($subject instanceof Person && \in_array($attribute, [ self::SHOW, self::CREATE ])); ($subject instanceof Person && \in_array($attribute, [ self::SHOW, self::CREATE ]));
} }
protected function voteOnAttribute($attribute, $subject, \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token) protected function voteOnAttribute($attribute, $subject, \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token)
{ {
$user = $token->getUser(); $user = $token->getUser();
if (FALSE === $user instanceof User) { if (FALSE === $user instanceof User) {
return false; return false;
} }
return $this->authorizationHelper return $this->authorizationHelper
->userHasAccess($user, $subject, new Role($attribute)); ->userHasAccess($user, $subject, new Role($attribute));
} }
public function getRoles() public function getRoles(): array
{ {
return self::ROLES; return self::ROLES;
} }
public function getRolesWithHierarchy(): array public function getRolesWithHierarchy(): array
{ {
return [ 'Budget elements' => self::ROLES ]; return ['Budget elements' => self::ROLES];
} }
public function getRolesWithoutScope() public function getRolesWithoutScope(): array
{ {
return self::ROLES; return self::ROLES;
} }

10
src/Bundle/ChillDocStoreBundle/Security/Authorization/AccompanyingCourseDocumentVoter.php
View File

@ -47,7 +47,7 @@ class AccompanyingCourseDocumentVoter extends AbstractChillVoter implements Prov
->build(); ->build();
} }
public function getRoles() public function getRoles(): array
{ {
return [ return [
self::CREATE, self::CREATE,
@ -91,13 +91,13 @@ class AccompanyingCourseDocumentVoter extends AbstractChillVoter implements Prov
return $this->voterHelper->voteOnAttribute($attribute, $subject, $token); return $this->voterHelper->voteOnAttribute($attribute, $subject, $token);
} }
public function getRolesWithoutScope() public function getRolesWithoutScope(): array
{ {
return array(); return [];
} }
public function getRolesWithHierarchy() public function getRolesWithHierarchy(): array
{ {
return ['accompanyingCourseDocument' => $this->getRoles() ]; return ['accompanyingCourseDocument' => $this->getRoles()];
} }
} }

11
src/Bundle/ChillDocStoreBundle/Security/Authorization/PersonDocumentVoter.php
View File

@ -40,7 +40,7 @@ class PersonDocumentVoter extends AbstractChillVoter implements ProvideRoleHiera
->build(); ->build();
} }
public function getRoles() public function getRoles(): array
{ {
return [ return [
self::CREATE, self::CREATE,
@ -79,14 +79,13 @@ class PersonDocumentVoter extends AbstractChillVoter implements ProvideRoleHiera
return $this->voterHelper->voteOnAttribute($attribute, $subject, $token); return $this->voterHelper->voteOnAttribute($attribute, $subject, $token);
} }
public function getRolesWithoutScope() public function getRolesWithoutScope(): array
{ {
return array(); return [];
} }
public function getRolesWithHierarchy(): array
public function getRolesWithHierarchy()
{ {
return ['PersonDocument' => $this->getRoles() ]; return ['PersonDocument' => $this->getRoles()];
} }
} }

7
src/Bundle/ChillEventBundle/Entity/EventType.php
View File

@ -160,12 +160,7 @@ class EventType
$this->roles->removeElement($role); $this->roles->removeElement($role);
} }
/** public function getRoles(): array
* Get roles
*
* @return Collection
*/
public function getRoles()
{ {
return $this->roles; return $this->roles;
} }

43
src/Bundle/ChillEventBundle/Security/Authorization/EventVoter.php
View File

@ -42,29 +42,29 @@ class EventVoter extends AbstractChillVoter implements ProvideRoleHierarchyInter
const SEE_DETAILS = 'CHILL_EVENT_SEE_DETAILS'; const SEE_DETAILS = 'CHILL_EVENT_SEE_DETAILS';
const CREATE = 'CHILL_EVENT_CREATE'; const CREATE = 'CHILL_EVENT_CREATE';
const UPDATE = 'CHILL_EVENT_UPDATE'; const UPDATE = 'CHILL_EVENT_UPDATE';
const ROLES = [ const ROLES = [
self::SEE, self::SEE,
self::SEE_DETAILS, self::SEE_DETAILS,
self::CREATE, self::CREATE,
self::UPDATE self::UPDATE
]; ];
/** /**
* @var AuthorizationHelper * @var AuthorizationHelper
*/ */
protected $authorizationHelper; protected $authorizationHelper;
/** /**
* @var AccessDecisionManagerInterface * @var AccessDecisionManagerInterface
*/ */
protected $accessDecisionManager; protected $accessDecisionManager;
/** /**
* @var LoggerInterface * @var LoggerInterface
*/ */
protected $logger; protected $logger;
public function __construct( public function __construct(
AccessDecisionManagerInterface $accessDecisionManager, AccessDecisionManagerInterface $accessDecisionManager,
AuthorizationHelper $authorizationHelper, AuthorizationHelper $authorizationHelper,
@ -75,7 +75,7 @@ class EventVoter extends AbstractChillVoter implements ProvideRoleHierarchyInter
$this->authorizationHelper = $authorizationHelper; $this->authorizationHelper = $authorizationHelper;
$this->logger = $logger; $this->logger = $logger;
} }
public function supports($attribute, $subject) public function supports($attribute, $subject)
{ {
return ($subject instanceof Event && in_array($attribute, self::ROLES)) return ($subject instanceof Event && in_array($attribute, self::ROLES))
@ -85,7 +85,7 @@ class EventVoter extends AbstractChillVoter implements ProvideRoleHierarchyInter
(NULL === $subject && $attribute === self::SEE ) (NULL === $subject && $attribute === self::SEE )
; ;
} }
/** /**
* *
* @param string $attribute * @param string $attribute
@ -96,30 +96,30 @@ class EventVoter extends AbstractChillVoter implements ProvideRoleHierarchyInter
protected function voteOnAttribute($attribute, $subject, TokenInterface $token) protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
{ {
$this->logger->debug(sprintf("Voting from %s class", self::class)); $this->logger->debug(sprintf("Voting from %s class", self::class));
if (!$token->getUser() instanceof User) { if (!$token->getUser() instanceof User) {
return false; return false;
} }
if ($subject instanceof Event) { if ($subject instanceof Event) {
return $this->authorizationHelper->userHasAccess($token->getUser(), $subject, $attribute); return $this->authorizationHelper->userHasAccess($token->getUser(), $subject, $attribute);
} elseif ($subject instanceof Person) { } elseif ($subject instanceof Person) {
return $this->authorizationHelper->userHasAccess($token->getUser(), $subject, $attribute); return $this->authorizationHelper->userHasAccess($token->getUser(), $subject, $attribute);
} else { } else {
// subject is null. We check that at least one center is reachable // subject is null. We check that at least one center is reachable
$centers = $this->authorizationHelper $centers = $this->authorizationHelper
->getReachableCenters($token->getUser(), new Role($attribute)); ->getReachableCenters($token->getUser(), new Role($attribute));
return count($centers) > 0; return count($centers) > 0;
} }
if (!$this->accessDecisionManager->decide($token, [PersonVoter::SEE], $person)) { if (!$this->accessDecisionManager->decide($token, [PersonVoter::SEE], $person)) {
return false; return false;
} }
return $this->authorizationHelper->userHasAccess( return $this->authorizationHelper->userHasAccess(
$token->getUser(), $token->getUser(),
$subject, $subject,
@ -127,23 +127,22 @@ class EventVoter extends AbstractChillVoter implements ProvideRoleHierarchyInter
); );
} }
public function getRoles(): array
public function getRoles()
{ {
return self::ROLES; return self::ROLES;
} }
public function getRolesWithHierarchy() public function getRolesWithHierarchy(): array
{ {
return [ return [
'Event' => self::ROLES 'Event' => self::ROLES
]; ];
} }
public function getRolesWithoutScope() public function getRolesWithoutScope(): array
{ {
return []; return [];
} }
} }

8
src/Bundle/ChillEventBundle/Security/Authorization/ParticipationVoter.php
View File

@ -31,7 +31,7 @@ use Symfony\Component\Security\Core\Role\Role;
use Psr\Log\LoggerInterface; use Psr\Log\LoggerInterface;
/** /**
* *
* *
* @author Julien Fastré <julien.fastre@champs-libres.coop> * @author Julien Fastré <julien.fastre@champs-libres.coop>
*/ */
@ -127,19 +127,19 @@ class ParticipationVoter extends AbstractChillVoter implements ProvideRoleHierar
} }
public function getRoles() public function getRoles(): array
{ {
return self::ROLES; return self::ROLES;
} }
public function getRolesWithHierarchy() public function getRolesWithHierarchy(): array
{ {
return [ return [
'Event' => self::ROLES 'Event' => self::ROLES
]; ];
} }
public function getRolesWithoutScope() public function getRolesWithoutScope(): array
{ {
return []; return [];
} }

32
src/Bundle/ChillFamilyMembersBundle/Security/Voter/FamilyMemberVoter.php
View File

@ -12,7 +12,7 @@ use Chill\MainBundle\Entity\User;
use Symfony\Component\Security\Core\Role\Role; use Symfony\Component\Security\Core\Role\Role;
/** /**
* *
* *
* @author Julien Fastré <julien.fastre@champs-libres.coop> * @author Julien Fastré <julien.fastre@champs-libres.coop>
*/ */
@ -22,56 +22,56 @@ class FamilyMemberVoter extends AbstractChillVoter implements ProvideRoleHierarc
const DELETE = 'CHILL_FAMILY_MEMBERS_FAMILY_MEMBERS_DELETE'; const DELETE = 'CHILL_FAMILY_MEMBERS_FAMILY_MEMBERS_DELETE';
const UPDATE = 'CHILL_FAMILY_MEMBERS_FAMILY_MEMBERS_UPDATE'; const UPDATE = 'CHILL_FAMILY_MEMBERS_FAMILY_MEMBERS_UPDATE';
const SHOW = 'CHILL_FAMILY_MEMBERS_FAMILY_MEMBERS_SHOW'; const SHOW = 'CHILL_FAMILY_MEMBERS_FAMILY_MEMBERS_SHOW';
const ROLES = [ const ROLES = [
self::CREATE, self::CREATE,
self::DELETE, self::DELETE,
self::SHOW, self::SHOW,
self::UPDATE self::UPDATE
]; ];
/** /**
* *
* @var AuthorizationHelper * @var AuthorizationHelper
*/ */
protected $authorizationHelper; protected $authorizationHelper;
public function __construct(AuthorizationHelper $authorizationHelper) public function __construct(AuthorizationHelper $authorizationHelper)
{ {
$this->authorizationHelper = $authorizationHelper; $this->authorizationHelper = $authorizationHelper;
} }
protected function supports($attribute, $subject) protected function supports($attribute, $subject)
{ {
return (\in_array($attribute, self::ROLES) && $subject instanceof FamilyMember) return (\in_array($attribute, self::ROLES) && $subject instanceof FamilyMember)
or or
($subject instanceof Person && \in_array($attribute, [ self::SHOW, self::CREATE ])); ($subject instanceof Person && \in_array($attribute, [ self::SHOW, self::CREATE ]));
} }
protected function voteOnAttribute($attribute, $subject, \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token) protected function voteOnAttribute($attribute, $subject, \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token)
{ {
$user = $token->getUser(); $user = $token->getUser();
if (FALSE === $user instanceof User) { if (FALSE === $user instanceof User) {
return false; return false;
} }
return $this->authorizationHelper return $this->authorizationHelper
->userHasAccess($user, $subject, new Role($attribute)); ->userHasAccess($user, $subject, new Role($attribute));
} }
public function getRoles() public function getRoles(): array
{ {
return self::ROLES; return self::ROLES;
} }
public function getRolesWithHierarchy(): array public function getRolesWithHierarchy(): array
{ {
return [ 'Family Members' => self::ROLES ]; return ['Family Members' => self::ROLES];
} }
public function getRolesWithoutScope() public function getRolesWithoutScope(): array
{ {
return self::ROLES; return self::ROLES;
} }

7
src/Bundle/ChillMainBundle/Entity/User.php
View File

@ -203,12 +203,9 @@ class User implements AdvancedUserInterface {
*/ */
public function eraseCredentials() {} public function eraseCredentials() {}
/** public function getRoles(): array
* @return array
*/
public function getRoles()
{ {
return array('ROLE_USER'); return ['ROLE_USER'];
} }
/** /**

4
src/Bundle/ChillMainBundle/Security/Authorization/DefaultVoterHelper.php
View File

@ -1,5 +1,7 @@
<?php <?php
declare(strict_types=1);
namespace Chill\MainBundle\Security\Authorization; namespace Chill\MainBundle\Security\Authorization;
use Chill\MainBundle\Entity\User; use Chill\MainBundle\Entity\User;
@ -50,7 +52,7 @@ final class DefaultVoterHelper implements VoterHelperInterface
} }
if (NULL === $subject) { if (NULL === $subject) {
return 0 < count($this->authorizationHelper->getReachableCenters($token->getUser(), $attribute, null)); return [] !== $this->authorizationHelper->getReachableCenters($token->getUser(), $attribute, null);
} }
return $this->authorizationHelper->userHasAccess( return $this->authorizationHelper->userHasAccess(

2
src/Bundle/ChillMainBundle/Security/Authorization/DefaultVoterHelperFactory.php
View File

@ -1,5 +1,7 @@
<?php <?php
declare(strict_types=1);
namespace Chill\MainBundle\Security\Authorization; namespace Chill\MainBundle\Security\Authorization;
use Chill\MainBundle\Security\Resolver\CenterResolverDispatcher; use Chill\MainBundle\Security\Resolver\CenterResolverDispatcher;

4
src/Bundle/ChillMainBundle/Security/Authorization/VoterHelperInterface.php
View File

@ -1,5 +1,7 @@
<?php <?php
declare(strict_types=1);
namespace Chill\MainBundle\Security\Authorization; namespace Chill\MainBundle\Security\Authorization;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
@ -8,5 +10,5 @@ interface VoterHelperInterface
{ {
public function supports($attribute, $subject): bool; public function supports($attribute, $subject): bool;
public function voteOnAttribute($attribute, $subject, TokenInterface $token); public function voteOnAttribute($attribute, $subject, TokenInterface $token): bool;
} }

37
src/Bundle/ChillMainBundle/Security/ProvideRoleHierarchyInterface.php
View File

@ -1,42 +1,27 @@
<?php <?php
/*
* Copyright (C) 2017 Champs Libres Cooperative <info@champs-libres.coop> declare(strict_types=1);
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
namespace Chill\MainBundle\Security; namespace Chill\MainBundle\Security;
/** /**
* Give a hierarchy for the role. * Give a hierarchy for the role.
*
* This hierarchy allow to sort roles, which is useful in UI
* *
* @author Julien Fastré <julien.fastre@champs-libres.coop> * This hierarchy allow to sort roles, which is useful in UI
*/ */
interface ProvideRoleHierarchyInterface extends ProvideRoleInterface interface ProvideRoleHierarchyInterface extends ProvideRoleInterface
{ {
/** /**
* Return an array of roles, where keys are the hierarchy, and values * Return an array of roles, where keys are the hierarchy, and values
* an array of roles. * an array of roles.
* *
* Example: * Example:
* *
* ``` * ```
* [ 'Title' => [ 'CHILL_FOO_SEE', 'CHILL_FOO_UPDATE' ] ] * [ 'Title' => [ 'CHILL_FOO_SEE', 'CHILL_FOO_UPDATE' ] ]
* ``` * ```
* *
* @return array where keys are the hierarchy, and values an array of roles: `[ 'title' => [ 'CHILL_FOO_SEE', 'CHILL_FOO_UPDATE' ] ]` * @return array<string, array<int, string>> Where keys are the hierarchy, and values an array of roles: `[ 'title' => [ 'CHILL_FOO_SEE', 'CHILL_FOO_UPDATE' ] ]`
*/ */
public function getRolesWithHierarchy(); public function getRolesWithHierarchy(): array;
} }

41
src/Bundle/ChillMainBundle/Security/ProvideRoleInterface.php
View File

@ -1,53 +1,36 @@
<?php <?php
/* declare(strict_types=1);
* Copyright (C) 2015 Julien Fastré <julien.fastre@champs-libres.coop>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
namespace Chill\MainBundle\Security; namespace Chill\MainBundle\Security;
/** /**
* Declare role * Declare role
* *
* The role are added to the configuration at compile time. * The role are added to the configuration at compile time.
* *
* The implemented object must be declared as a service and tagged as * The implemented object must be declared as a service and tagged as
* *
* <pre> * <pre>
* my_role_declaration: * my_role_declaration:
* # ... * # ...
* tags: * tags:
* - { name: chill.role } * - { name: chill.role }
* </pre> * </pre>
*
* @author Julien Fastré <julien.fastre@champs-libres.coop>
*/ */
interface ProvideRoleInterface interface ProvideRoleInterface
{ {
/** /**
* return an array of role provided by the object * Return an array of role provided by the object.
* *
* @return string[] array of roles (as string) * @return string[] array of roles (as string)
*/ */
public function getRoles(); public function getRoles(): array;
/** /**
* return roles which doesn't need * Return roles which doesn't need.
* *
* @return string[] array of roles without scopes * @return string[] array of roles without scopes
*/ */
public function getRolesWithoutScope(); public function getRolesWithoutScope(): array;
} }

58
src/Bundle/ChillMainBundle/Security/RoleProvider.php
View File

@ -20,7 +20,7 @@
namespace Chill\MainBundle\Security; namespace Chill\MainBundle\Security;
/** /**
* *
* *
* @author Julien Fastré <julien.fastre@champs-libres.coop> * @author Julien Fastré <julien.fastre@champs-libres.coop>
*/ */
@ -31,63 +31,57 @@ class RoleProvider
* @var ProvideRoleInterface[] * @var ProvideRoleInterface[]
*/ */
private $providers = array(); private $providers = array();
/** /**
* an array where keys are the role, and value is the title * an array where keys are the role, and value is the title
* for the given role. * for the given role.
* *
* Null when not initialized. * Null when not initialized.
* *
* @var array|null * @var array|null
*/ */
private $rolesTitlesCache = null; private $rolesTitlesCache = null;
/** /**
* Add a role provider * Add a role provider
* *
* @internal This function is called by the dependency injector: it inject provider * @internal This function is called by the dependency injector: it inject provider
* @param \Chill\MainBundle\Security\ProvideRoleInterface $provider * @param \Chill\MainBundle\Security\ProvideRoleInterface $provider
*/ */
public function addProvider(ProvideRoleInterface $provider) public function addProvider(ProvideRoleInterface $provider)
{ {
$this->providers[] = $provider; $this->providers[] = $provider;
} }
/** public function getRoles(): array
*
* @return string[] the roles as string
*/
public function getRoles()
{ {
$roles = array(); $roles = [];
foreach ($this->providers as $provider) { foreach ($this->providers as $provider) {
if ($provider->getRoles() !== NULL) { if ($provider->getRoles() !== NULL) {
$roles = array_merge($roles, $provider->getRoles()); $roles = array_merge($roles, $provider->getRoles());
} }
} }
return $roles; return $roles;
} }
/** public function getRolesWithoutScopes(): array
*
* @return string[] the roles as string
*/
public function getRolesWithoutScopes()
{ {
$roles = array(); $roles = [];
foreach ($this->providers as $provider) { foreach ($this->providers as $provider) {
if ($provider->getRolesWithoutScope() !== NULL) { if ($provider->getRolesWithoutScope() !== NULL) {
$roles = array_merge($roles, $provider->getRolesWithoutScope()); $roles = array_merge($roles, $provider->getRolesWithoutScope());
} }
} }
return $roles; return $roles;
} }
/** /**
* initialize the array for caching role and titles * initialize the array for caching role and titles
* *
*/ */
private function initializeRolesTitlesCache() private function initializeRolesTitlesCache()
{ {
@ -95,7 +89,7 @@ class RoleProvider
if ($this->rolesTitlesCache !== null) { if ($this->rolesTitlesCache !== null) {
return; return;
} }
foreach ($this->providers as $provider) { foreach ($this->providers as $provider) {
if ($provider instanceof ProvideRoleHierarchyInterface) { if ($provider instanceof ProvideRoleHierarchyInterface) {
foreach ($provider->getRolesWithHierarchy() as $title => $roles) { foreach ($provider->getRolesWithHierarchy() as $title => $roles) {
@ -106,31 +100,31 @@ class RoleProvider
} else { } else {
if ($provider->getRoles() !== null) { if ($provider->getRoles() !== null) {
$this->rolesTitlesCache = \array_merge( $this->rolesTitlesCache = \array_merge(
$this->rolesTitlesCache, $this->rolesTitlesCache,
\array_fill_keys($provider->getRoles(), null) \array_fill_keys($provider->getRoles(), null)
); );
} }
} }
} }
} }
/** /**
* Get the title for each role. * Get the title for each role.
* *
* @param string $role * @param string $role
* @return string the title of the role * @return string the title of the role
*/ */
public function getRoleTitle($role) public function getRoleTitle($role)
{ {
$this->initializeRolesTitlesCache(); $this->initializeRolesTitlesCache();
if (! \array_key_exists($role, $this->rolesTitlesCache)) { if (! \array_key_exists($role, $this->rolesTitlesCache)) {
// this case might happens when the role is not described in // this case might happens when the role is not described in
// `getRolesWithHierarchy` // `getRolesWithHierarchy`
return null; return null;
} }
return $this->rolesTitlesCache[$role]; return $this->rolesTitlesCache[$role];
} }
} }

14
src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodVoter.php
View File

@ -68,13 +68,13 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRole
} }
if ($subject instanceof AccompanyingPeriod) { if ($subject instanceof AccompanyingPeriod) {
if (AccompanyingPeriod::STEP_CLOSED === $subject->getStep()) { if (AccompanyingPeriod::STEP_CLOSED === $subject->getStep()) {
if (\in_array($attribute, [self::EDIT, self::DELETE])) { if (\in_array($attribute, [self::EDIT, self::DELETE])) {
return false; return false;
} }
} }
if (AccompanyingPeriod::STEP_DRAFT === $subject->getStep()) { if (AccompanyingPeriod::STEP_DRAFT === $subject->getStep()) {
// only creator can see, edit, delete, etc. // only creator can see, edit, delete, etc.
if ($subject->getCreatedBy() === $token->getUser() if ($subject->getCreatedBy() === $token->getUser()
@ -84,7 +84,7 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRole
return false; return false;
} }
// if confidential, only the referent can see it // if confidential, only the referent can see it
if ($subject->isConfidential()) { if ($subject->isConfidential()) {
return $token->getUser() === $subject->getUser(); return $token->getUser() === $subject->getUser();
@ -94,18 +94,18 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRole
return $this->voterHelper->voteOnAttribute($attribute, $subject, $token); return $this->voterHelper->voteOnAttribute($attribute, $subject, $token);
} }
public function getRoles() public function getRoles(): array
{ {
return self::ALL; return self::ALL;
} }
public function getRolesWithoutScope() public function getRolesWithoutScope(): array
{ {
return []; return [];
} }
public function getRolesWithHierarchy() public function getRolesWithHierarchy(): array
{ {
return [ 'Accompanying period' => $this->getRoles() ]; return ['Accompanying period' => $this->getRoles()];
} }
} }

8
src/Bundle/ChillPersonBundle/Security/Authorization/PersonVoter.php
View File

@ -69,19 +69,19 @@ class PersonVoter extends AbstractChillVoter implements ProvideRoleHierarchyInte
return array(self::CREATE, self::UPDATE, self::SEE, self::STATS, self::LISTS, self::DUPLICATE); return array(self::CREATE, self::UPDATE, self::SEE, self::STATS, self::LISTS, self::DUPLICATE);
} }
public function getRoles() public function getRoles(): array
{ {
return $this->getAttributes(); return $this->getAttributes();
} }
public function getRolesWithoutScope() public function getRolesWithoutScope(): array
{ {
return $this->getAttributes(); return $this->getAttributes();
} }
public function getRolesWithHierarchy() public function getRolesWithHierarchy(): array
{ {
return [ 'Person' => $this->getRoles() ]; return ['Person' => $this->getRoles()];
} }
} }

11
src/Bundle/ChillReportBundle/Security/Authorization/ReportVoter.php
View File

@ -74,19 +74,18 @@ class ReportVoter extends AbstractChillVoter implements ProvideRoleHierarchyInte
return $this->helper->userHasAccess($token->getUser(), $subject, $attribute); return $this->helper->userHasAccess($token->getUser(), $subject, $attribute);
} }
public function getRoles(): array
public function getRoles()
{ {
return [self::CREATE, self::UPDATE, self::SEE, self::LISTS]; return [self::CREATE, self::UPDATE, self::SEE, self::LISTS];
} }
public function getRolesWithoutScope() public function getRolesWithoutScope(): array
{ {
return array(self::LISTS); return [self::LISTS];
} }
public function getRolesWithHierarchy() public function getRolesWithHierarchy(): array
{ {
return [ 'Report' => $this->getRoles() ]; return ['Report' => $this->getRoles()];
} }
} }

4
src/Bundle/ChillTaskBundle/Security/Authorization/TaskVoter.php
View File

@ -127,7 +127,7 @@ final class TaskVoter extends AbstractChillVoter implements ProvideRoleHierarchy
return $this->voter->voteOnAttribute($attribute, $subject, $token); return $this->voter->voteOnAttribute($attribute, $subject, $token);
} }
public function getRoles() public function getRoles(): array
{ {
return self::ROLES; return self::ROLES;
} }
@ -139,7 +139,7 @@ final class TaskVoter extends AbstractChillVoter implements ProvideRoleHierarchy
]; ];
} }
public function getRolesWithoutScope() public function getRolesWithoutScope(): array
{ {
return []; return [];
} }

29
src/Bundle/ChillThirdPartyBundle/Security/Voter/ThirdPartyVoter.php
View File

@ -9,13 +9,13 @@ use Chill\MainBundle\Security\Authorization\AbstractChillVoter;
use Chill\MainBundle\Security\Authorization\AuthorizationHelper; use Chill\MainBundle\Security\Authorization\AuthorizationHelper;
use Chill\ThirdPartyBundle\Entity\ThirdParty; use Chill\ThirdPartyBundle\Entity\ThirdParty;
use Chill\MainBundle\Security\ProvideRoleHierarchyInterface; use Chill\MainBundle\Security\ProvideRoleHierarchyInterface;
use Chill\MainBundle\Entity\User; use Chill\MainBundle\Entity\User;
use Symfony\Component\Security\Core\Role\Role; use Symfony\Component\Security\Core\Role\Role;
/** /**
* Voter for Third Party * Voter for Third Party
* *
* *
* *
*/ */
class ThirdPartyVoter extends AbstractChillVoter implements ProvideRoleHierarchyInterface class ThirdPartyVoter extends AbstractChillVoter implements ProvideRoleHierarchyInterface
@ -29,13 +29,13 @@ class ThirdPartyVoter extends AbstractChillVoter implements ProvideRoleHierarchy
public const CREATE = 'CHILL_3PARTY_3PARTY_CREATE'; public const CREATE = 'CHILL_3PARTY_3PARTY_CREATE';
public const UPDATE = 'CHILL_3PARTY_3PARTY_UPDATE'; public const UPDATE = 'CHILL_3PARTY_3PARTY_UPDATE';
public const SHOW = 'CHILL_3PARTY_3PARTY_SHOW'; public const SHOW = 'CHILL_3PARTY_3PARTY_SHOW';
public function __construct(AuthorizationHelper $authorizationHelper) public function __construct(AuthorizationHelper $authorizationHelper)
{ {
$this->authorizationHelper = $authorizationHelper; $this->authorizationHelper = $authorizationHelper;
} }
protected function supports($attribute, $subject) protected function supports($attribute, $subject)
{ {
if ($subject instanceof ThirdParty) { if ($subject instanceof ThirdParty) {
@ -43,42 +43,41 @@ class ThirdPartyVoter extends AbstractChillVoter implements ProvideRoleHierarchy
} elseif ($subject === NULL) { } elseif ($subject === NULL) {
return $attribute === self::CREATE || $attribute === self::SHOW ; return $attribute === self::CREATE || $attribute === self::SHOW ;
} }
return false; return false;
} }
/** /**
* *
* @param string $attribute * @param string $attribute
* @param ThirdParty|null $subject * @param ThirdParty|null $subject
* @param TokenInterface $token * @param TokenInterface $token
* @return type
*/ */
protected function voteOnAttribute($attribute, $subject, TokenInterface $token) protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
{ {
return true; return true;
$user = $token->getUser(); $user = $token->getUser();
if (!$user instanceof User) { if (!$user instanceof User) {
return false; return false;
} }
return true; return true;
$centers = $this->authorizationHelper $centers = $this->authorizationHelper
->getReachableCenters($user, new Role($attribute)); ->getReachableCenters($user, new Role($attribute));
if ($subject === NULL) { if ($subject === NULL) {
return count($centers) > 0; return count($centers) > 0;
} elseif ($subject instanceof ThirdParty) { } elseif ($subject instanceof ThirdParty) {
return count(\array_intersect($centers, $subject->getCenters()->toArray())) > 0; return count(\array_intersect($centers, $subject->getCenters()->toArray())) > 0;
} }
return false; return false;
} }
public function getRoles(): array public function getRoles(): array
{ {
return [ return [
self::CREATE, self::UPDATE, self::SHOW self::CREATE, self::UPDATE, self::SHOW