change order for accompanying period work list

2025-08-21 07:03:49 +00:00 · 2022-02-08 19:36:45 +01:00
parent dc08ced6c9
commit 4314823a70
6 changed files with 123 additions and 42 deletions
--- a/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodWorkVoter.php
+++ b/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodWorkVoter.php
@@ -11,6 +11,7 @@ declare(strict_types=1);

 namespace Chill\PersonBundle\Security\Authorization;

+use Chill\PersonBundle\Entity\AccompanyingPeriod;
 use Chill\PersonBundle\Entity\AccompanyingPeriod\AccompanyingPeriodWork;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authorization\Voter\Voter;
@@ -20,7 +21,9 @@ use function in_array;

 class AccompanyingPeriodWorkVoter extends Voter
 {
+    public const CREATE = 'CHILL_MAIN_ACCOMPANYING_PERIOD_WORK_CREATE';
    public const SEE = 'CHILL_MAIN_ACCOMPANYING_PERIOD_WORK_SEE';
+    public const UPDATE = 'CHILL_MAIN_ACCOMPANYING_PERIOD_WORK_UPDATE';

    private Security $security;

@@ -31,8 +34,14 @@ class AccompanyingPeriodWorkVoter extends Voter

    protected function supports($attribute, $subject): bool
    {
-        return $subject instanceof AccompanyingPeriodWork
-            && in_array($attribute, $this->getRoles(), true);
+        return
+            (
+                $subject instanceof AccompanyingPeriodWork
+                && in_array($attribute, $this->getRoles(), true)
+            ) || (
+                $subject instanceof AccompanyingPeriod
+                && in_array($attribute,  [self::SEE, self::CREATE])
+            );
    }

    /**
@@ -41,13 +50,26 @@ class AccompanyingPeriodWorkVoter extends Voter
     */
    protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
    {
-        switch ($attribute) {
-            case self::SEE:
-                return $this->security->isGranted(AccompanyingPeriodVoter::SEE, $subject->getAccompanyingPeriod());
+        if ($subject instanceof AccompanyingPeriodWork) {
+            switch ($attribute) {
+                case self::SEE:
+                    return $this->security->isGranted(AccompanyingPeriodVoter::SEE_DETAILS, $subject->getAccompanyingPeriod());

-            default:
-                throw new UnexpectedValueException("attribute {$attribute} is not supported");
+                default:
+                    throw new UnexpectedValueException("attribute {$attribute} is not supported");
+            }
+        } elseif ($subject instanceof AccompanyingPeriod) {
+            switch ($attribute) {
+                case self::SEE:
+                    return $this->security->isGranted(AccompanyingPeriodVoter::SEE_DETAILS, $subject);
+
+                default:
+                    throw new UnexpectedValueException(sprintf("attribute {$attribute} is not supported on instance %s",
+                        AccompanyingPeriod::class));
+            }
        }
+
+        throw new UnexpectedValueException(sprintf("attribute {$attribute} on instance %s is not supported", get_class($subject)));
    }

    private function getRoles(): array