Merge branch 'fix_parcours_creation_rights_in_household' into 'master'

Fix parcours creation rights in household See merge request Chill-Projet/chill-bundles!560
2025-06-07 18:44:08 +00:00 · 2023-06-07 15:59:02 +00:00 · 2023-06-07 15:59:02 +00:00 · 37e92ca58d
commit 37e92ca58d
parent 2178833da7 593adadef1
3 changed files with 29 additions and 14 deletions
--- a/.changes/unreleased/Security-20230607-174702.yaml
+++ b/.changes/unreleased/Security-20230607-174702.yaml
@ -0,0 +1,7 @@
+kind: Security
+body: Rights are checked for display of 'accompanying period' tab in household menu.
+  Rights are also checked for creation of 'accompanying period' from within household
+  context
+time: 2023-06-07T17:47:02.488819553+02:00
+custom:
+  Issue: "105"
--- a/src/Bundle/ChillPersonBundle/Menu/HouseholdMenuBuilder.php
+++ b/src/Bundle/ChillPersonBundle/Menu/HouseholdMenuBuilder.php
@ -12,7 +12,9 @@ declare(strict_types=1);
 namespace Chill\PersonBundle\Menu;

 use Chill\MainBundle\Routing\LocalMenuBuilderInterface;
+use Chill\PersonBundle\Security\Authorization\AccompanyingPeriodVoter;
 use Knp\Menu\MenuItem;
+use Symfony\Component\Security\Core\Security;
 use Symfony\Contracts\Translation\TranslatorInterface;

 class HouseholdMenuBuilder implements LocalMenuBuilderInterface
@ -22,9 +24,12 @@ class HouseholdMenuBuilder implements LocalMenuBuilderInterface
     */
    protected $translator;

-    public function __construct(TranslatorInterface $translator)
+    private Security $security;
+
+    public function __construct(TranslatorInterface $translator, Security $security)
    {
        $this->translator = $translator;
+        $this->security = $security;
    }

    public function buildMenu($menuId, MenuItem $menu, array $parameters): void
@ -53,12 +58,14 @@ class HouseholdMenuBuilder implements LocalMenuBuilderInterface
            ], ])
            ->setExtras(['order' => 17]);

+        if ($this->security->isGranted(AccompanyingPeriodVoter::SEE, $parameters['household'])) {
            $menu->addChild($this->translator->trans('household.Accompanying period'), [
                'route' => 'chill_person_household_accompanying_period',
                'routeParameters' => [
                    'household_id' => $household->getId(),
-            ], ])
+                ],])
                ->setExtras(['order' => 20]);
+        }

        $menu->addChild($this->translator->trans('household.Addresses'), [
            'route' => 'chill_person_household_addresses',
--- a/src/Bundle/ChillPersonBundle/Resources/views/Household/accompanying_period.html.twig
+++ b/src/Bundle/ChillPersonBundle/Resources/views/Household/accompanying_period.html.twig
@ -40,13 +40,14 @@
                {{ 'Household summary'|trans }}
            </a>
        </li>
-        {# TODO: add ACL to check if user is allowed to edit household? #}
+        {% if is_granted('CHILL_PERSON_HOUSEHOLD_EDIT', household) %}
            <li>
                <a class="btn btn-create"
                    href="{{ path ('chill_household_accompanying_course_new', {'household_id' : household.id } ) }}" role="button">
                    {{ 'Create an accompanying period'|trans }}
                </a>
            </li>
+        {% endif %}
    </ul>

 </div>