Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-08-28 18:43:49 +00:00
Code Issues Actions Projects Releases Wiki Activity

FIX [voter][household] only allow editing of household if user has chill_person_household_edit right linked to being able to edit persons

Browse Source
This commit is contained in:
Julie Lenaerts
2023-02-13 17:17:56 +01:00
parent eac3471cbb
commit 51681edda7
7 changed files with 124 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
src/Bundle/ChillPersonBundle/Controller/HouseholdMemberController.php
View File

@@ -19,12 +19,15 @@ use Chill\PersonBundle\Entity\Person;
use Chill\PersonBundle\Form\HouseholdMemberType;
use Chill\PersonBundle\Household\MembersEditor;
use Chill\PersonBundle\Repository\AccompanyingPeriodRepository;
use Chill\PersonBundle\Security\Authorization\HouseholdVoter;
use Chill\PersonBundle\Security\Authorization\PersonVoter;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
use Symfony\Component\Security\Core\Security;
use Symfony\Component\Serializer\Exception;
use Symfony\Contracts\Translation\TranslatorInterface;
@@ -38,14 +41,18 @@ class HouseholdMemberController extends ApiController
private TranslatorInterface $translator;
private Security $security;
public function __construct(
UrlGeneratorInterface $generator,
TranslatorInterface $translator,
AccompanyingPeriodRepository $periodRepository
AccompanyingPeriodRepository $periodRepository,
Security $security
) {
$this->generator = $generator;
$this->translator = $translator;
$this->periodRepository = $periodRepository;
$this->security = $security;
}
/**
@@ -56,7 +63,9 @@ class HouseholdMemberController extends ApiController
*/
public function editMembership(Request $request, HouseholdMember $member): Response
{
// TODO ACL
if (!$this->security->isGranted(HouseholdVoter::EDIT, $member->getHousehold())) {
throw new AccessDeniedException('You are not allowed to edit this household');
}
$form = $this->createForm(HouseholdMemberType::class, $member, [
'validation_groups' => ['household_memberships'],