add ScopePickerType, which allow to pick scope depending or ACL

2025-06-12 13:24:25 +00:00 · 2018-04-16 12:37:57 +02:00 · 2018-04-16 12:37:57 +02:00 · 53901e4681
commit 53901e4681
parent 5fb93b4250
1 changed files with 36 additions and 21 deletions
--- a/Form/Type/ScopePickerType.php
+++ b/Form/Type/ScopePickerType.php
@ -26,6 +26,8 @@ use Symfony\Bridge\Doctrine\Form\Type\EntityType;
 use Chill\MainBundle\Entity\Scope;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
 use Chill\MainBundle\Templating\TranslatableStringHelper;
 use Chill\MainBundle\Entity\Center;
 use Symfony\Component\Security\Core\Role\Role;
 /**
 * Allow to pick amongst available scope for the current
@ -82,10 +84,10 @@ class ScopePickerType extends AbstractType
        $resolver
            // create `center` option
            ->setRequired('center')
-            ->setAllowedTypes('center', [\Chill\MainBundle\Entity\Center::class ])
+            ->setAllowedTypes('center', [Center::class ])
            // create ``role` option
            ->setRequired('role')
-            ->setAllowedTypes('role', ['string', \Symfony\Component\Security\Core\Role\Role::class ])
+            ->setAllowedTypes('role', ['string', Role::class ])
            ;
        $resolver
@ -95,25 +97,7 @@ class ScopePickerType extends AbstractType
                return $this->translatableStringHelper->localize($c->getName());
            })
            ->setNormalizer('query_builder', function(Options $options) {
-                $qb = $this->scopeRepository->createQueryBuilder('s');
+                return $this->buildAccessibleScopeQuery($options['center'], $options['role']);
                $qb
                    // jointure to center
                    ->join('s.roleScopes', 'rs')
                    ->join('rs.permissionsGroups', 'pg')
                    ->join('pg.groupCenters', 'gc')
                    //->join('gc.users', 'user')
                    // add center constraint
                    ->where($qb->expr()->eq('IDENTITY(gc.center)', ':center'))
                    ->setParameter('center', $options['center']->getId())
                    // role constraints
                    ->andWhere($qb->expr()->eq('rs.role', ':role'))
                    ->setParameter('role', $options['role'])
                    // user contraint
                    ->andWhere(':user MEMBER OF gc.users')
                    ->setParameter('user', $this->tokenStorage->getToken()->getUser())
                    ;
                return $qb;
            })
            ;
    }
@ -122,4 +106,35 @@ class ScopePickerType extends AbstractType
    {
        return EntityType::class;
    }
    /**
     * 
     * @return \Doctrine\ORM\QueryBuilder
     */
    protected function buildAccessibleScopeQuery(Center $center, Role $role)
    {
        $qb = $this->scopeRepository->createQueryBuilder('s');
        $qb
            // jointure to center
            ->join('s.roleScopes', 'rs')
            ->join('rs.permissionsGroups', 'pg')
            ->join('pg.groupCenters', 'gc')
            // add center constraint
            ->where($qb->expr()->eq('IDENTITY(gc.center)', ':center'))
            ->setParameter('center', $center->getId())
            // role constraints
            ->andWhere($qb->expr()->in('rs.role', ':roles'))
            ->setParameter('roles', \array_map(
                    function(Role $role) {
                        return $role->getRole();
                    },
                    $this->authorizationHelper->getParentRoles($role)
                ))
            // user contraint
            ->andWhere(':user MEMBER OF gc.users')
            ->setParameter('user', $this->tokenStorage->getToken()->getUser())
            ;
        return $qb;
    }
 }