Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-06-12 13:24:25 +00:00
Code Issues Actions Projects Releases Wiki Activity

Fixed: [accompanying course document] fix access to accompanying course document

Browse Source 
The entity AccompanyingCourseDocument didn't had any center associated with this entity. Implementing the interface `HasCenterInterface` fixed the problem.

Fix https://gitlab.com/Chill-Projet/chill-bundles/-/issues/83
This commit is contained in:
Julien Fastré 2023-04-05 19:29:33 +02:00
parent 907c724047
commit 386d1e44d0
Signed by: julienfastre
GPG Key ID: BDE2190974723FCB
4 changed files with 39 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/Bundle/ChillDocStoreBundle/Entity/AccompanyingCourseDocument.php
View File

@ -11,6 +11,7 @@ declare(strict_types=1);
namespace Chill\DocStoreBundle\Entity; namespace Chill\DocStoreBundle\Entity;
use Chill\MainBundle\Entity\HasCentersInterface;
use Chill\MainBundle\Entity\HasScopesInterface; use Chill\MainBundle\Entity\HasScopesInterface;
use Chill\PersonBundle\Entity\AccompanyingPeriod; use Chill\PersonBundle\Entity\AccompanyingPeriod;
use Doctrine\ORM\Mapping as ORM; use Doctrine\ORM\Mapping as ORM;
@ -19,7 +20,7 @@ use Doctrine\ORM\Mapping as ORM;
* @ORM\Entity * @ORM\Entity
* @ORM\Table("chill_doc.accompanyingcourse_document") * @ORM\Table("chill_doc.accompanyingcourse_document")
*/ */
class AccompanyingCourseDocument extends Document implements HasScopesInterface class AccompanyingCourseDocument extends Document implements HasScopesInterface, HasCentersInterface
{ {
/** /**
* @ORM\ManyToOne(targetEntity=AccompanyingPeriod::class) * @ORM\ManyToOne(targetEntity=AccompanyingPeriod::class)
@ -27,6 +28,11 @@ class AccompanyingCourseDocument extends Document implements HasScopesInterface
*/ */
private ?AccompanyingPeriod $course = null; private ?AccompanyingPeriod $course = null;
public function getCenters(): ?iterable
{
return $this->course->getCenters();
}
public function getCourse(): ?AccompanyingPeriod public function getCourse(): ?AccompanyingPeriod
{ {
return $this->course; return $this->course;

42
src/Bundle/ChillDocStoreBundle/Resources/views/List/list_item.html.twig
View File

@ -51,16 +51,9 @@
</div> </div>
<ul class="item-col record_actions flex-shrink-1"> <ul class="item-col record_actions flex-shrink-1">
{% if document.course is defined %} {% if document.course is defined %}
{% if is_granted('CHILL_ACCOMPANYING_COURSE_DOCUMENT_DELETE', document) %} <li>
<li class="delete"> {{ chill_entity_workflow_list('Chill\\DocStoreBundle\\Entity\\AccompanyingCourseDocument', document.id) }}
<a href="{{ chill_return_path_or('chill_docstore_accompanying_course_document_delete', {'course': accompanyingCourse.id, 'id': document.id}) }}" class="btn btn-delete"></a> </li>
</li>
{% endif %}
{% if is_granted('CHILL_ACCOMPANYING_COURSE_DOCUMENT_UPDATE', document) %}
<li>
<a href="{{ path('accompanying_course_document_edit', {'course': accompanyingCourse.id, 'id': document.id }) }}" class="btn btn-update"></a>
</li>
{% endif %}
{% if is_granted('CHILL_ACCOMPANYING_COURSE_DOCUMENT_SEE_DETAILS', document) %} {% if is_granted('CHILL_ACCOMPANYING_COURSE_DOCUMENT_SEE_DETAILS', document) %}
<li> <li>
{{ document.object|chill_document_button_group(document.title, is_granted('CHILL_ACCOMPANYING_COURSE_DOCUMENT_UPDATE', document)) }} {{ document.object|chill_document_button_group(document.title, is_granted('CHILL_ACCOMPANYING_COURSE_DOCUMENT_UPDATE', document)) }}
@ -69,20 +62,17 @@
<a href="{{ chill_path_add_return_path('accompanying_course_document_show', {'course': accompanyingCourse.id, 'id': document.id}) }}" class="btn btn-show"></a> <a href="{{ chill_path_add_return_path('accompanying_course_document_show', {'course': accompanyingCourse.id, 'id': document.id}) }}" class="btn btn-show"></a>
</li> </li>
{% endif %} {% endif %}
<li> {% if is_granted('CHILL_ACCOMPANYING_COURSE_DOCUMENT_UPDATE', document) %}
{{ chill_entity_workflow_list('Chill\\DocStoreBundle\\Entity\\AccompanyingCourseDocument', document.id) }}
</li>
{% else %}
{% if is_granted('CHILL_PERSON_DOCUMENT_DELETE', document) %}
<li class="delete">
<a href="{{ chill_return_path_or('chill_docstore_person_document_delete', {'person': person.id, 'id': document.id}) }}" class="btn btn-delete"></a>
</li>
{% endif %}
{% if is_granted('CHILL_PERSON_DOCUMENT_UPDATE', document) %}
<li> <li>
<a href="{{ path('person_document_edit', {'person': person.id, 'id': document.id}) }}" class="btn btn-update"></a> <a href="{{ path('accompanying_course_document_edit', {'course': accompanyingCourse.id, 'id': document.id }) }}" class="btn btn-update"></a>
</li> </li>
{% endif %} {% endif %}
{% if is_granted('CHILL_ACCOMPANYING_COURSE_DOCUMENT_DELETE', document) %}
<li class="delete">
<a href="{{ chill_return_path_or('chill_docstore_accompanying_course_document_delete', {'course': accompanyingCourse.id, 'id': document.id}) }}" class="btn btn-delete"></a>
</li>
{% endif %}
{% else %}
{% if is_granted('CHILL_PERSON_DOCUMENT_SEE_DETAILS', document) %} {% if is_granted('CHILL_PERSON_DOCUMENT_SEE_DETAILS', document) %}
<li> <li>
{{ document.object|chill_document_button_group(document.title, is_granted('CHILL_PERSON_DOCUMENT_UPDATE', document)) }} {{ document.object|chill_document_button_group(document.title, is_granted('CHILL_PERSON_DOCUMENT_UPDATE', document)) }}
@ -91,6 +81,16 @@
<a href="{{ path('person_document_show', {'person': person.id, 'id': document.id}) }}" class="btn btn-show"></a> <a href="{{ path('person_document_show', {'person': person.id, 'id': document.id}) }}" class="btn btn-show"></a>
</li> </li>
{% endif %} {% endif %}
{% if is_granted('CHILL_PERSON_DOCUMENT_UPDATE', document) %}
<li>
<a href="{{ path('person_document_edit', {'person': person.id, 'id': document.id}) }}" class="btn btn-update"></a>
</li>
{% endif %}
{% if is_granted('CHILL_PERSON_DOCUMENT_DELETE', document) %}
<li class="delete">
<a href="{{ chill_return_path_or('chill_docstore_person_document_delete', {'person': person.id, 'id': document.id}) }}" class="btn btn-delete"></a>
</li>
{% endif %}
{% endif %} {% endif %}
</ul> </ul>

4
src/Bundle/ChillDocStoreBundle/Security/Authorization/AccompanyingCourseDocumentVoter.php
View File

@ -78,12 +78,12 @@ class AccompanyingCourseDocumentVoter extends AbstractChillVoter implements Prov
return []; return [];
} }
protected function supports($attribute, $subject) protected function supports($attribute, $subject): bool
{ {
return $this->voterHelper->supports($attribute, $subject); return $this->voterHelper->supports($attribute, $subject);
} }
protected function voteOnAttribute($attribute, $subject, TokenInterface $token) protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
{ {
if (!$token->getUser() instanceof User) { if (!$token->getUser() instanceof User) {
return false; return false;

30
src/Bundle/ChillMainBundle/Security/Authorization/AuthorizationHelper.php
View File

@ -16,7 +16,7 @@ use Chill\MainBundle\Entity\Scope;
use Chill\MainBundle\Entity\User; use Chill\MainBundle\Entity\User;
use Chill\MainBundle\Repository\UserACLAwareRepositoryInterface; use Chill\MainBundle\Repository\UserACLAwareRepositoryInterface;
use Chill\MainBundle\Security\ParentRoleHelper; use Chill\MainBundle\Security\ParentRoleHelper;
use Chill\MainBundle\Security\Resolver\CenterResolverDispatcherInterface; use Chill\MainBundle\Security\Resolver\CenterResolverManagerInterface;
use Chill\MainBundle\Security\Resolver\ScopeResolverDispatcher; use Chill\MainBundle\Security\Resolver\ScopeResolverDispatcher;
use Psr\Log\LoggerInterface; use Psr\Log\LoggerInterface;
use Symfony\Component\Security\Core\Role\Role; use Symfony\Component\Security\Core\Role\Role;
@ -34,7 +34,7 @@ use function get_class;
*/ */
class AuthorizationHelper implements AuthorizationHelperInterface class AuthorizationHelper implements AuthorizationHelperInterface
{ {
private CenterResolverDispatcherInterface $centerResolverDispatcher; private CenterResolverManagerInterface $centerResolverManager;
private LoggerInterface $logger; private LoggerInterface $logger;
@ -45,13 +45,13 @@ class AuthorizationHelper implements AuthorizationHelperInterface
private UserACLAwareRepositoryInterface $userACLAwareRepository; private UserACLAwareRepositoryInterface $userACLAwareRepository;
public function __construct( public function __construct(
CenterResolverDispatcherInterface $centerResolverDispatcher, CenterResolverManagerInterface $centerResolverManager,
LoggerInterface $logger, LoggerInterface $logger,
ScopeResolverDispatcher $scopeResolverDispatcher, ScopeResolverDispatcher $scopeResolverDispatcher,
UserACLAwareRepositoryInterface $userACLAwareRepository, UserACLAwareRepositoryInterface $userACLAwareRepository,
ParentRoleHelper $parentRoleHelper ParentRoleHelper $parentRoleHelper
) { ) {
$this->centerResolverDispatcher = $centerResolverDispatcher; $this->centerResolverManager = $centerResolverManager;
$this->logger = $logger; $this->logger = $logger;
$this->scopeResolverDispatcher = $scopeResolverDispatcher; $this->scopeResolverDispatcher = $scopeResolverDispatcher;
$this->userACLAwareRepository = $userACLAwareRepository; $this->userACLAwareRepository = $userACLAwareRepository;
@ -252,27 +252,15 @@ class AuthorizationHelper implements AuthorizationHelperInterface
*/ */
public function userHasAccess(User $user, $entity, $attribute) public function userHasAccess(User $user, $entity, $attribute)
{ {
$center = $this->centerResolverDispatcher->resolveCenter($entity); $centers = $this->centerResolverManager->resolveCenters($entity);
if (is_iterable($center)) { foreach ($centers as $c) {
foreach ($center as $c) { if ($this->userHasAccessForCenter($user, $c, $entity, $attribute)) {
if ($this->userHasAccessForCenter($user, $c, $entity, $attribute)) { return true;
return true;
}
} }
return false;
} }
if ($center instanceof Center) { return false;
return $this->userHasAccessForCenter($user, $center, $entity, $attribute);
}
if (null === $center) {
return false;
}
throw new UnexpectedValueException('could not resolver a center');
} }
/** /**