Merge branch 'sf4' of framagit.org:Chill-project/Chill-Doc-Store into sf4

Controller/DocumentPersonController.php

@@ -5,6 +5,7 @@ namespace Chill\DocStoreBundle\Controller;
 use Chill\DocStoreBundle\Entity\PersonDocument;
 use Chill\DocStoreBundle\Form\PersonDocumentType;
 use Chill\DocStoreBundle\Repository\DocumentRepository;
+use Chill\MainBundle\Security\Authorization\AuthorizationHelper;
 use Chill\PersonBundle\Privacy\PrivacyEvent;
 use Symfony\Bundle\FrameworkBundle\Controller\Controller;
 use Symfony\Component\EventDispatcher\EventDispatcherInterface;
@@ -36,16 +37,26 @@ class DocumentPersonController extends Controller
      */
     protected $eventDispatcher;
     
+    /**
+     * @var AuthorizationHelper
+     */
+    protected $authorizationHelper;
+    
     /**
      * DocumentPersonController constructor.
-     *
+
      * @param TranslatorInterface $translator
      * @param EventDispatcherInterface $eventDispatcher
+     * @param AuthorizationHelper $authorizationHelper
      */
-    public function __construct(TranslatorInterface $translator, EventDispatcherInterface $eventDispatcher)
-    {
+    public function __construct(
+        TranslatorInterface $translator, 
+        EventDispatcherInterface $eventDispatcher, 
+        AuthorizationHelper $authorizationHelper
+    ) {
         $this->translator = $translator;
         $this->eventDispatcher = $eventDispatcher;
+        $this->authorizationHelper = $authorizationHelper;
     }
     
     /**
@@ -61,7 +72,7 @@ class DocumentPersonController extends Controller
 
         $this->denyAccessUnlessGranted(PersonVoter::SEE, $person);
 
-        $reachableScopes = $this->get('chill.main.security.authorization.helper')
+        $reachableScopes = $this->authorizationHelper
             ->getReachableScopes(
                 $this->getUser(), new Role(PersonDocumentVoter::SEE),
                 $person->getCenter());

DataFixtures/ORM/LoadDocumentACL.php

@@ -21,7 +21,7 @@ namespace Chill\DocStoreBundle\DataFixtures\ORM;
 
 use Doctrine\Common\DataFixtures\AbstractFixture;
 use Doctrine\Common\DataFixtures\OrderedFixtureInterface;
-use Doctrine\Common\Persistence\ObjectManager;
+use Doctrine\Persistence\ObjectManager;
 use Chill\MainBundle\DataFixtures\ORM\LoadPermissionsGroup;
 use Chill\MainBundle\Entity\RoleScope;
 use Chill\MainBundle\DataFixtures\ORM\LoadScopes;

DataFixtures/ORM/LoadDocumentCategory.php

@@ -19,7 +19,7 @@ namespace Chill\DocStoreBundle\DataFixtures\ORM;
 
 use Doctrine\Common\DataFixtures\AbstractFixture;
 use Doctrine\Common\DataFixtures\OrderedFixtureInterface;
-use Doctrine\Common\Persistence\ObjectManager;
+use Doctrine\Persistence\ObjectManager;
 use Chill\DocStoreBundle\Entity\DocumentCategory;
 
 /**

DependencyInjection/ChillDocStoreExtension.php

@@ -24,13 +24,13 @@ class ChillDocStoreExtension extends Extension implements PrependExtensionInterf
         $configuration = new Configuration();
         $config = $this->processConfiguration($configuration, $configs);
 
-        $loader = new Loader\YamlFileLoader($container, new FileLocator(__DIR__.'/../Resources/config'));
-        $loader->load('services.yml');
-        $loader->load('services/media.yml');
-        $loader->load('services/controller.yml');
-        $loader->load('services/menu.yml');
-        $loader->load('services/fixtures.yml');
-        $loader->load('services/form.yml');
+        $loader = new Loader\YamlFileLoader($container, new FileLocator(__DIR__.'/../config'));
+        $loader->load('services.yaml');
+        $loader->load('services/media.yaml');
+        $loader->load('services/controller.yaml');
+        $loader->load('services/menu.yaml');
+        $loader->load('services/fixtures.yaml');
+        $loader->load('services/form.yaml');
     }
 
     public function prepend(ContainerBuilder $container)
@@ -46,8 +46,8 @@ class ChillDocStoreExtension extends Extension implements PrependExtensionInterf
         $container->prependExtensionConfig('chill_main', array(
            'routing' => array(
               'resources' => array(
-                  '@ChillDocStoreBundle/Resources/config/routing.yml',
-                  '@ChampsLibresAsyncUploaderBundle/Resources/config/routing.yml'
+                  '@ChillDocStoreBundle/config/routes.yaml',
+                  '@ChampsLibresAsyncUploaderBundle/config/routes.yaml'
               )
            )
         ));

DependencyInjection/Configuration.php

@@ -17,8 +17,8 @@ class Configuration implements ConfigurationInterface
      */
     public function getConfigTreeBuilder()
     {
-        $treeBuilder = new TreeBuilder();
-        $rootNode = $treeBuilder->root('chill_doc_store');
+        $treeBuilder = new TreeBuilder('chill_doc_store');
+        $rootNode = $treeBuilder->getRootNode('chill_doc_store');
 
         // Here you should define the parameters that are allowed to
         // configure your bundle. See the documentation linked above for

Resources/views/DocumentCategory/edit.html.twig

@@ -14,7 +14,7 @@
  * You should have received a copy of the GNU Affero General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #}
-{% extends "ChillMainBundle::Admin/layout.html.twig" %}
+{% extends "@ChillMain/Admin/layout.html.twig" %}
 
 {% block title %}{{ 'Document category edit'|trans }}{% endblock title %}
 

Resources/views/DocumentCategory/index.html.twig

@@ -14,7 +14,7 @@
  * You should have received a copy of the GNU Affero General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #}
-{% extends "ChillMainBundle::Admin/layout.html.twig" %}
+{% extends "@ChillMain/Admin/layout.html.twig" %}
 
 {% block title %}{{ 'Document category list' | trans }}{% endblock title %}
 

Resources/views/DocumentCategory/new.html.twig

@@ -14,7 +14,7 @@
  * You should have received a copy of the GNU Affero General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #}
-{% extends "ChillMainBundle::Admin/layout.html.twig" %}
+{% extends "@ChillMain/Admin/layout.html.twig" %}
 
 {% block title %}{{ 'Create new document category' | trans }}{% endblock title %}
 

Resources/views/DocumentCategory/show.html.twig

@@ -14,7 +14,7 @@
  * You should have received a copy of the GNU Affero General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #}
-{% extends "ChillMainBundle::Admin/layout.html.twig" %}
+{% extends "@ChillMain/Admin/layout.html.twig" %}
 
 {% block title %}{{ 'Document category show'|trans }}{% endblock title %}
 

Resources/views/PersonDocument/edit.html.twig

@@ -15,7 +15,7 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #}
 
-{% extends "ChillPersonBundle::layout.html.twig"  %}
+{% extends "@ChillPerson/layout.html.twig"  %}
 
 {% set activeRouteKey = '' %}
 

Resources/views/PersonDocument/index.html.twig

@@ -15,7 +15,7 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #}
 
-{% extends "ChillPersonBundle::layout.html.twig"  %}
+{% extends "@ChillPerson/layout.html.twig"  %}
 
 {% set activeRouteKey = '' %}
 

Resources/views/PersonDocument/new.html.twig

@@ -14,7 +14,7 @@
  * You should have received a copy of the GNU Affero General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #}
-{% extends "ChillPersonBundle::layout.html.twig"  %}
+{% extends "@ChillPerson/layout.html.twig"  %}
 
 {% set activeRouteKey = '' %}
 

Resources/views/PersonDocument/show.html.twig

@@ -14,7 +14,7 @@
  * You should have received a copy of the GNU Affero General Public License
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 #}
-{% extends "ChillPersonBundle::layout.html.twig"  %}
+{% extends "@ChillPerson/layout.html.twig"  %}
 
 {% set activeRouteKey = '' %}
 

Security/Authorization/PersonDocumentVoter.php

@@ -24,6 +24,12 @@ use Chill\MainBundle\Security\Authorization\AuthorizationHelper;
 use Chill\MainBundle\Security\ProvideRoleHierarchyInterface;
 use Chill\DocStoreBundle\Entity\PersonDocument;
 use Chill\PersonBundle\Entity\Person;
+use Chill\MainBundle\Entity\User;
+use Chill\PersonBundle\Security\Authorization\PersonVoter;
+use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Role\Role;
+use Psr\Log\LoggerInterface;
 
 /**
  *
@@ -37,16 +43,31 @@ class PersonDocumentVoter extends AbstractChillVoter implements ProvideRoleHiera
     const DELETE = 'CHILL_PERSON_DOCUMENT_DELETE';
 
     /**
-     *
      * @var AuthorizationHelper
      */
-    protected $helper;
+    protected $authorizationHelper;
 
-    public function __construct(AuthorizationHelper $helper)
+    /**
+     * @var AccessDecisionManagerInterface
+     */
+    protected $accessDecisionManager;
+
+    /**
+     * @var LoggerInterface
+     */
+    protected $logger;
+
+    public function __construct(
+        AccessDecisionManagerInterface $accessDecisionManager,
+        AuthorizationHelper $authorizationHelper,
+        LoggerInterface $logger
+    )
     {
-        $this->helper = $helper;
+        $this->accessDecisionManager = $accessDecisionManager;
+        $this->authorizationHelper = $authorizationHelper;
+        $this->logger = $logger;
     }
-    
+
     public function getRoles()
     {
         return [
@@ -71,9 +92,51 @@ class PersonDocumentVoter extends AbstractChillVoter implements ProvideRoleHiera
         return false;
     }
 
+    /**
+     *
+     * @param string $attribute
+     * @param PersonDocument $subject
+     * @param TokenInterface $token
+     * @return boolean
+     */
+    protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
+    {
+        $this->logger->debug(sprintf("Voting from %s class", self::class));
+
+        if (!$token->getUser() instanceof User) {
+            return false;
+        }
+
+        if ($subject instanceof PersonDocument) {
+            return $this->authorizationHelper->userHasAccess($token->getUser(), $subject, $attribute);
+
+        } elseif ($subject instanceof Person) {
+            return $this->authorizationHelper->userHasAccess($token->getUser(), $subject, $attribute);
+
+        } else {
+
+            // subject is null. We check that at least one center is reachable
+            $centers = $this->authorizationHelper
+                ->getReachableCenters($token->getUser(), new Role($attribute));
+
+            return count($centers) > 0;
+        }
+
+        if (!$this->accessDecisionManager->decide($token, [PersonVoter::SEE], $person)) {
+            return false;
+        }
+
+        return $this->authorizationHelper->userHasAccess(
+            $token->getUser(),
+            $subject,
+            $attribute
+        );
+
+    }
+
     protected function isGranted($attribute, $report, $user = null)
     {
-        if (! $user instanceof \Chill\MainBundle\Entity\User){
+        if (! $user instanceof User){
             return false;
         }
 

composer.json

@@ -6,8 +6,6 @@
       "psr-4": { "Chill\\DocStoreBundle\\" : "" }
     },
     "require": {
-        "chill-project/person": "~1.5.0",
-        "champs-libres/async-uploader-bundle": "~1.0"
     },
     "license": "AGPL-3.0"
 }

config/services.yaml

@@ -18,7 +18,9 @@ services:
     Chill\DocStoreBundle\Security\Authorization\PersonDocumentVoter:
         class: Chill\DocStoreBundle\Security\Authorization\PersonDocumentVoter
         arguments:
+            - "@security.access.decision_manager"
             - "@chill.main.security.authorization.helper"
+            - "@logger"
         tags:
             - { name: security.voter }
             - { name: chill.role }

config/services/controller.yaml

@@ -1,9 +1,11 @@
 services:
     Chill\DocStoreBundle\Controller\:
-        resource: '../../../Controller'
+        resource: '../../Controller'
         tags: ['controller.service_arguments']
         
     Chill\DocStoreBundle\Controller\DocumentPersonController:
-        autowire: true
         arguments:
+            $translator: '@Symfony\Component\Translation\TranslatorInterface'
             $eventDispatcher: '@Symfony\Component\EventDispatcher\EventDispatcherInterface'
+            $authorizationHelper: '@Chill\MainBundle\Security\Authorization\AuthorizationHelper'
+        tags: ['controller.service_arguments']

config/services/fixtures.yaml

@@ -1,4 +1,4 @@
 services:
     Chill\DocStoreBundle\DataFixtures\ORM\:
-        resource: ../../../DataFixtures/ORM
+        resource: ../../DataFixtures/ORM
         tags: [ 'doctrine.fixture.orm' ]

migrations/Version20180605102533.php

@@ -2,7 +2,7 @@
 
 namespace Application\Migrations;
 
-use Doctrine\DBAL\Migrations\AbstractMigration;
+use Doctrine\Migrations\AbstractMigration;
 use Doctrine\DBAL\Schema\Schema;
 
 /**
@@ -10,7 +10,7 @@ use Doctrine\DBAL\Schema\Schema;
  */
 final class Version20180605102533 extends AbstractMigration
 {
-    public function up(Schema $schema) : void
+    public function up(Schema $schema): void
     {
         $this->abortIf($this->connection->getDatabasePlatform()->getName() !== 'postgresql', 'Migration can only be executed safely on \'postgresql\'.');
 
@@ -29,7 +29,7 @@ final class Version20180605102533 extends AbstractMigration
         $this->addSql('ALTER TABLE chill_doc.person_document ADD CONSTRAINT FK_41DA53C217BBB47 FOREIGN KEY (person_id) REFERENCES chill_person_person (id) NOT DEFERRABLE INITIALLY IMMEDIATE');
     }
 
-    public function down(Schema $schema) : void
+    public function down(Schema $schema): void
     {
         $this->abortIf($this->connection->getDatabasePlatform()->getName() !== 'postgresql', 'Migration can only be executed safely on \'postgresql\'.');
 

migrations/Version20180606133338.php

@@ -2,7 +2,7 @@
 
 namespace Application\Migrations;
 
-use Doctrine\DBAL\Migrations\AbstractMigration;
+use Doctrine\Migrations\AbstractMigration;
 use Doctrine\DBAL\Schema\Schema;
 
 /**
@@ -10,7 +10,7 @@ use Doctrine\DBAL\Schema\Schema;
  */
 final class Version20180606133338 extends AbstractMigration
 {
-    public function up(Schema $schema) : void
+    public function up(Schema $schema): void
     {
         $this->abortIf($this->connection->getDatabasePlatform()->getName() !== 'postgresql', 'Migration can only be executed safely on \'postgresql\'.');
 
@@ -25,7 +25,7 @@ final class Version20180606133338 extends AbstractMigration
         $this->addSql('CREATE INDEX IDX_41DA53C232D562B ON chill_doc.person_document (object_id)');
     }
 
-    public function down(Schema $schema) : void
+    public function down(Schema $schema): void
     {
         $this->abortIf($this->connection->getDatabasePlatform()->getName() !== 'postgresql', 'Migration can only be executed safely on \'postgresql\'.');
 

translations/messages.fr.yml

@@ -1,4 +1,5 @@
 Document: Document
+Documents: Documents
 Documents for %name%: Documents de %name%
 Preparing: En préparation
 Ready to show: Prêt à être visualisé
@@ -9,7 +10,6 @@ New document for %name%: Nouveau document pour %name%
 Editing document for %name%: Modification d'un document pour %name%
 Edit Document: Modification d'un document
 Existing document: Document existant
-The document is successfully updated: Le document est mis à jour
 No document to download: Aucun document à télécharger
 'Choose a document category': Choisissez une catégorie de document
 Any document found: Aucun document trouvé