From 4e83e7905af6e65d575ea40c0643549f222a24f7 Mon Sep 17 00:00:00 2001 From: Julie Lenaerts Date: Tue, 15 Feb 2022 14:22:41 +0100 Subject: [PATCH] Validation of confidential toggle added to accompanyingPeriod validator --- .../AccompanyingCourseApiController.php | 18 ++++++++-------- .../Entity/AccompanyingPeriod.php | 3 --- .../AccompanyingPeriodValidity.php | 4 ++++ .../AccompanyingPeriodValidityValidator.php | 21 ++++++++++++++++++- .../translations/validators.fr.yml | 4 ++-- 5 files changed, 35 insertions(+), 15 deletions(-) diff --git a/src/Bundle/ChillPersonBundle/Controller/AccompanyingCourseApiController.php b/src/Bundle/ChillPersonBundle/Controller/AccompanyingCourseApiController.php index 9a984f237..850fb8ff5 100644 --- a/src/Bundle/ChillPersonBundle/Controller/AccompanyingCourseApiController.php +++ b/src/Bundle/ChillPersonBundle/Controller/AccompanyingCourseApiController.php @@ -327,19 +327,19 @@ final class AccompanyingCourseApiController extends ApiController public function toggleConfidentialApi(AccompanyingPeriod $accompanyingCourse, $id, Request $request) { if ($request->getMethod() == 'POST') { + $this->denyAccessUnlessGranted(AccompanyingPeriodVoter::TOGGLE_CONFIDENTIAL, $accompanyingCourse); - if (null != $accompanyingCourse->getUser() && $this->getUser() == $accompanyingCourse->getUser()) { $accompanyingCourse->setConfidential(!$accompanyingCourse->isConfidential()); - $this->getDoctrine()->getManager()->flush(); - } else { - if ($accompanyingCourse->getUser() == null) { - throw new ValidationException("The parcours must have a referrer to be set to confidential"); - } - throw new ValidationException("Only the referrer can set a parcours to confidential"); - } - } + $errors = $this->validator->validate($accompanyingCourse); + + if ($errors->count() > 0) { + return $this->json($errors, 422); + } else { + $this->getDoctrine()->getManager()->flush(); + } + } return $this->json($accompanyingCourse->isConfidential(), Response::HTTP_OK, [], ['groups' => ['read']]); } diff --git a/src/Bundle/ChillPersonBundle/Entity/AccompanyingPeriod.php b/src/Bundle/ChillPersonBundle/Entity/AccompanyingPeriod.php index 0eac2a34c..131ecb74b 100644 --- a/src/Bundle/ChillPersonBundle/Entity/AccompanyingPeriod.php +++ b/src/Bundle/ChillPersonBundle/Entity/AccompanyingPeriod.php @@ -336,9 +336,6 @@ class AccompanyingPeriod implements * @ORM\ManyToOne(targetEntity=User::class) * @ORM\JoinColumn(nullable=true) * @Groups({"read", "write", "docgen:read"}) - * @Assert\Expression("!this.isConfidential() or (this.isConfidential() and value != null)", - * groups={AccompanyingPeriod::STEP_CONFIRMED}, - * message="Referrer cannot be null for a confidential parcours") */ private ?User $user = null; diff --git a/src/Bundle/ChillPersonBundle/Validator/Constraints/AccompanyingPeriod/AccompanyingPeriodValidity.php b/src/Bundle/ChillPersonBundle/Validator/Constraints/AccompanyingPeriod/AccompanyingPeriodValidity.php index c4bd30ed3..e7e51d8c8 100644 --- a/src/Bundle/ChillPersonBundle/Validator/Constraints/AccompanyingPeriod/AccompanyingPeriodValidity.php +++ b/src/Bundle/ChillPersonBundle/Validator/Constraints/AccompanyingPeriod/AccompanyingPeriodValidity.php @@ -20,6 +20,10 @@ class AccompanyingPeriodValidity extends Constraint { public $messageSocialIssueCannotBeDeleted = 'The social %name% issue cannot be deleted because it is associated with an activity or an action'; + public $messageReferrerIsCurrentUser = 'Only the referrer can change the confidentiality of a parcours'; + + public $messageReferrerIsNull = 'A confidential parcours must have a referrer'; + public function getTargets() { return self::CLASS_CONSTRAINT; diff --git a/src/Bundle/ChillPersonBundle/Validator/Constraints/AccompanyingPeriod/AccompanyingPeriodValidityValidator.php b/src/Bundle/ChillPersonBundle/Validator/Constraints/AccompanyingPeriod/AccompanyingPeriodValidityValidator.php index 0cf75397b..339e85f0b 100644 --- a/src/Bundle/ChillPersonBundle/Validator/Constraints/AccompanyingPeriod/AccompanyingPeriodValidityValidator.php +++ b/src/Bundle/ChillPersonBundle/Validator/Constraints/AccompanyingPeriod/AccompanyingPeriodValidityValidator.php @@ -15,6 +15,7 @@ use Chill\ActivityBundle\Repository\ActivityRepository; use Chill\PersonBundle\Entity\AccompanyingPeriod; use Chill\PersonBundle\Entity\SocialWork\SocialIssue; use Chill\PersonBundle\Templating\Entity\SocialIssueRender; +use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; use Symfony\Component\Validator\Constraint; use Symfony\Component\Validator\ConstraintValidator; use Symfony\Component\Validator\Exception\UnexpectedTypeException; @@ -28,10 +29,13 @@ class AccompanyingPeriodValidityValidator extends ConstraintValidator private SocialIssueRender $socialIssueRender; - public function __construct(ActivityRepository $activityRepository, SocialIssueRender $socialIssueRender) + private TokenStorageInterface $token; + + public function __construct(ActivityRepository $activityRepository, SocialIssueRender $socialIssueRender, TokenStorageInterface $token) { $this->activityRepository = $activityRepository; $this->socialIssueRender = $socialIssueRender; + $this->token = $token; } public function validate($period, Constraint $constraint) @@ -44,6 +48,7 @@ class AccompanyingPeriodValidityValidator extends ConstraintValidator throw new UnexpectedValueException($period, AccompanyingPeriod::class); } + /** Check if a social issue can be deleted (is not linked to an action or activity within the parcours) */ $socialIssues = []; $activities = $this->activityRepository->findBy(['accompanyingPeriod' => $period]); @@ -87,5 +92,19 @@ class AccompanyingPeriodValidityValidator extends ConstraintValidator ->addViolation(); } } + + /** Check if confidentiality and intensity can be toggled */ + $user = $period->getUser(); + $currentUser = $this->token->getToken()->getUser(); + + if ($user && ($user != $currentUser) && $period->isConfidential() == true) { + $this->context->buildViolation($constraint->messageReferrerIsCurrentUser) + ->addViolation(); + } + + if ($user == null && $period->isConfidential() == true) { + $this->context->buildViolation($constraint->messageReferrerIsNull) + ->addViolation(); + } } } diff --git a/src/Bundle/ChillPersonBundle/translations/validators.fr.yml b/src/Bundle/ChillPersonBundle/translations/validators.fr.yml index fa23f0c8e..56e165679 100644 --- a/src/Bundle/ChillPersonBundle/translations/validators.fr.yml +++ b/src/Bundle/ChillPersonBundle/translations/validators.fr.yml @@ -51,8 +51,8 @@ household_membership: A course must contains at least one social issue: 'Un parcours doit être associé à au moins une problématique sociale' A course must be associated to at least one scope: 'Un parcours doit être associé à au moins un service' The social %name% issue cannot be deleted because it is associated with an activity or an action: 'La problématique sociale "%name%" ne peut pas être supprimée car elle est associée à une activité ou une action' -Referrer cannot be null for a confidential parcours: 'Un parcours confidentiel doit avoir un référent' -Only the referrer can set a parcours to confidential: 'Seul le référent peut modifier la confidentialité' +A confidential parcours must have a referrer: 'Un parcours confidentiel doit avoir un référent' +Only the referrer can change the confidentiality of a parcours: 'Seul le référent peut modifier la confidentialité' # resource You must associate at least one entity: Associez un usager, un tiers ou indiquez une description libre