add ScopePickerType, which allow to pick scope depending or ACL

2025-06-07 18:44:08 +00:00 · 2018-04-16 12:37:57 +02:00 · 2018-04-16 12:37:57 +02:00 · 53901e4681
commit 53901e4681
parent 5fb93b4250
1 changed files with 36 additions and 21 deletions
--- a/Form/Type/ScopePickerType.php
+++ b/Form/Type/ScopePickerType.php
@ -26,6 +26,8 @@ use Symfony\Bridge\Doctrine\Form\Type\EntityType;
 use Chill\MainBundle\Entity\Scope;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
 use Chill\MainBundle\Templating\TranslatableStringHelper;
+use Chill\MainBundle\Entity\Center;
+use Symfony\Component\Security\Core\Role\Role;

 /**
 * Allow to pick amongst available scope for the current
@ -82,10 +84,10 @@ class ScopePickerType extends AbstractType
        $resolver
            // create `center` option
            ->setRequired('center')
-            ->setAllowedTypes('center', [\Chill\MainBundle\Entity\Center::class ])
+            ->setAllowedTypes('center', [Center::class ])
            // create ``role` option
            ->setRequired('role')
-            ->setAllowedTypes('role', ['string', \Symfony\Component\Security\Core\Role\Role::class ])
+            ->setAllowedTypes('role', ['string', Role::class ])
            ;

        $resolver
@ -95,25 +97,7 @@ class ScopePickerType extends AbstractType
                return $this->translatableStringHelper->localize($c->getName());
            })
            ->setNormalizer('query_builder', function(Options $options) {
-                $qb = $this->scopeRepository->createQueryBuilder('s');
-                $qb
-                    // jointure to center
-                    ->join('s.roleScopes', 'rs')
-                    ->join('rs.permissionsGroups', 'pg')
-                    ->join('pg.groupCenters', 'gc')
-                    //->join('gc.users', 'user')
-                    // add center constraint
-                    ->where($qb->expr()->eq('IDENTITY(gc.center)', ':center'))
-                    ->setParameter('center', $options['center']->getId())
-                    // role constraints
-                    ->andWhere($qb->expr()->eq('rs.role', ':role'))
-                    ->setParameter('role', $options['role'])
-                    // user contraint
-                    ->andWhere(':user MEMBER OF gc.users')
-                    ->setParameter('user', $this->tokenStorage->getToken()->getUser())
-                    ;
-
-                return $qb;
+                return $this->buildAccessibleScopeQuery($options['center'], $options['role']);
            })
            ;
    }
@ -122,4 +106,35 @@ class ScopePickerType extends AbstractType
    {
        return EntityType::class;
    }
+    
+    /**
+     * 
+     * @return \Doctrine\ORM\QueryBuilder
+     */
+    protected function buildAccessibleScopeQuery(Center $center, Role $role)
+    {
+        $qb = $this->scopeRepository->createQueryBuilder('s');
+        $qb
+            // jointure to center
+            ->join('s.roleScopes', 'rs')
+            ->join('rs.permissionsGroups', 'pg')
+            ->join('pg.groupCenters', 'gc')
+            // add center constraint
+            ->where($qb->expr()->eq('IDENTITY(gc.center)', ':center'))
+            ->setParameter('center', $center->getId())
+            // role constraints
+            ->andWhere($qb->expr()->in('rs.role', ':roles'))
+            ->setParameter('roles', \array_map(
+                    function(Role $role) {
+                        return $role->getRole();
+                    },
+                    $this->authorizationHelper->getParentRoles($role)
+                ))
+            // user contraint
+            ->andWhere(':user MEMBER OF gc.users')
+            ->setParameter('user', $this->tokenStorage->getToken()->getUser())
+            ;
+        
+        return $qb;
+    }
 }