From 4c704734cdf0857cacc3a2b8b8349cfbe84cb608 Mon Sep 17 00:00:00 2001
From: Julie Lenaerts <julielenaerts@gmail.com>
Date: Thu, 17 Feb 2022 16:53:11 +0100
Subject: [PATCH] Add ACL to edit membership

---
 .../Controller/HouseholdMemberController.php                | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/src/Bundle/ChillPersonBundle/Controller/HouseholdMemberController.php b/src/Bundle/ChillPersonBundle/Controller/HouseholdMemberController.php
index 78234d114..bc1cd6613 100644
--- a/src/Bundle/ChillPersonBundle/Controller/HouseholdMemberController.php
+++ b/src/Bundle/ChillPersonBundle/Controller/HouseholdMemberController.php
@@ -19,6 +19,7 @@ use Chill\PersonBundle\Entity\Person;
 use Chill\PersonBundle\Form\HouseholdMemberType;
 use Chill\PersonBundle\Household\MembersEditor;
 use Chill\PersonBundle\Repository\AccompanyingPeriodRepository;
+use Chill\PersonBundle\Security\Authorization\HouseholdVoter;
 use Chill\PersonBundle\Security\Authorization\PersonVoter;
 use Symfony\Component\HttpFoundation\Exception\BadRequestException;
 use Symfony\Component\HttpFoundation\Request;
@@ -26,7 +27,7 @@ use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Routing\Annotation\Route;
 use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
 use Symfony\Component\Serializer\Exception;
-use Symfony\Component\Translation\TranslatorInterface;
+use Symfony\Contracts\Translation\TranslatorInterface;
 
 use function count;
 
@@ -56,7 +57,8 @@ class HouseholdMemberController extends ApiController
      */
     public function editMembership(Request $request, HouseholdMember $member): Response
     {
-        // TODO ACL
+
+        $this->denyAccessUnlessGranted(HouseholdVoter::EDIT, $member);
 
         $form = $this->createForm(HouseholdMemberType::class, $member, [
             'validation_groups' => ['household_memberships'],