Fix event and participation voters

src/Bundle/ChillEventBundle/Security/EventVoter.php

@@ -12,15 +12,16 @@ declare(strict_types=1);
 namespace Chill\EventBundle\Security;
 
 use Chill\EventBundle\Entity\Event;
+use Chill\MainBundle\Entity\Center;
 use Chill\MainBundle\Entity\User;
 use Chill\MainBundle\Security\Authorization\AbstractChillVoter;
 use Chill\MainBundle\Security\Authorization\AuthorizationHelper;
+use Chill\MainBundle\Security\Authorization\VoterHelperFactoryInterface;
+use Chill\MainBundle\Security\Authorization\VoterHelperInterface;
 use Chill\MainBundle\Security\ProvideRoleHierarchyInterface;
 use Chill\PersonBundle\Entity\Person;
-use Chill\PersonBundle\Security\Authorization\PersonVoter;
 use Psr\Log\LoggerInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
-use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
 
 /**
  * Description of EventVoter.
@@ -42,61 +43,46 @@ class EventVoter extends AbstractChillVoter implements ProvideRoleHierarchyInter
 
     final public const UPDATE = 'CHILL_EVENT_UPDATE';
 
-    /**
+    final public const STATS = 'CHILL_EVENT_STATS';
-     * @var AccessDecisionManagerInterface
-     */
-    protected $accessDecisionManager;
 
-    /**
+    private readonly VoterHelperInterface $voterHelper;
-     * @var AuthorizationHelper
-     */
-    protected $authorizationHelper;
-
-    /**
-     * @var LoggerInterface
-     */
-    protected $logger;
 
     public function __construct(
-        AccessDecisionManagerInterface $accessDecisionManager,
+        private readonly AuthorizationHelper $authorizationHelper,
-        AuthorizationHelper $authorizationHelper,
+        private readonly LoggerInterface $logger,
-        LoggerInterface $logger
+        VoterHelperFactoryInterface $voterHelperFactory
     ) {
-        $this->accessDecisionManager = $accessDecisionManager;
+        $this->voterHelper = $voterHelperFactory
-        $this->authorizationHelper = $authorizationHelper;
+            ->generate(self::class)
-        $this->logger = $logger;
+            ->addCheckFor(null, [self::SEE])
+            ->addCheckFor(Event::class, [...self::ROLES])
+            ->addCheckFor(Person::class, [self::SEE, self::CREATE])
+            ->addCheckFor(Center::class, [self::STATS])
+            ->build();
     }
 
     public function getRoles(): array
     {
-        return self::ROLES;
+        return [...self::ROLES, self::STATS];
     }
 
     public function getRolesWithHierarchy(): array
     {
         return [
-            'Event' => self::ROLES,
+            'Event' => $this->getRoles(),
         ];
     }
 
     public function getRolesWithoutScope(): array
     {
-        return [];
+        return [self::ROLES, self::STATS];
     }
 
     public function supports($attribute, $subject)
     {
-        return ($subject instanceof Event && \in_array($attribute, self::ROLES, true))
+        return $this->voterHelper->supports($attribute, $subject);
-            || ($subject instanceof Person && \in_array($attribute, [self::CREATE, self::SEE], true))
-            || (null === $subject && self::SEE === $attribute);
     }
 
-    /**
-     * @param string $attribute
-     * @param Event  $subject
-     *
-     * @return bool
-     */
     protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
     {
         $this->logger->debug(sprintf('Voting from %s class', self::class));
@@ -118,15 +104,5 @@ class EventVoter extends AbstractChillVoter implements ProvideRoleHierarchyInter
             ->getReachableCenters($token->getUser(), $attribute);
 
         return \count($centers) > 0;
-
-        if (!$this->accessDecisionManager->decide($token, [PersonVoter::SEE], $person)) {
-            return false;
-        }
-
-        return $this->authorizationHelper->userHasAccess(
-            $token->getUser(),
-            $subject,
-            $attribute
-        );
     }
 }

src/Bundle/ChillEventBundle/Security/ParticipationVoter.php

@@ -12,15 +12,16 @@ declare(strict_types=1);
 namespace Chill\EventBundle\Security;
 
 use Chill\EventBundle\Entity\Participation;
+use Chill\MainBundle\Entity\Center;
 use Chill\MainBundle\Entity\User;
 use Chill\MainBundle\Security\Authorization\AbstractChillVoter;
 use Chill\MainBundle\Security\Authorization\AuthorizationHelper;
+use Chill\MainBundle\Security\Authorization\VoterHelperFactoryInterface;
+use Chill\MainBundle\Security\Authorization\VoterHelperInterface;
 use Chill\MainBundle\Security\ProvideRoleHierarchyInterface;
 use Chill\PersonBundle\Entity\Person;
-use Chill\PersonBundle\Security\Authorization\PersonVoter;
 use Psr\Log\LoggerInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
-use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
 
 class ParticipationVoter extends AbstractChillVoter implements ProvideRoleHierarchyInterface
 {
@@ -39,58 +40,48 @@ class ParticipationVoter extends AbstractChillVoter implements ProvideRoleHierar
 
     final public const UPDATE = 'CHILL_EVENT_PARTICIPATION_UPDATE';
 
-    /**
+    final public const STATS = 'CHILL_EVENT_PARTICIPATION_STATS';
-     * @var AccessDecisionManagerInterface
-     */
-    protected $accessDecisionManager;
 
-    /**
+    private readonly VoterHelperInterface $voterHelper;
-     * @var AuthorizationHelper
-     */
-    protected $authorizationHelper;
-
-    /**
-     * @var LoggerInterface
-     */
-    protected $logger;
 
     public function __construct(
-        AccessDecisionManagerInterface $accessDecisionManager,
+        private readonly AuthorizationHelper $authorizationHelper,
-        AuthorizationHelper $authorizationHelper,
+        private readonly LoggerInterface $logger,
-        LoggerInterface $logger
+        VoterHelperFactoryInterface $voterHelperFactory
     ) {
-        $this->accessDecisionManager = $accessDecisionManager;
+        $this->voterHelper = $voterHelperFactory
-        $this->authorizationHelper = $authorizationHelper;
+            ->generate(self::class)
-        $this->logger = $logger;
+            ->addCheckFor(null, [self::SEE])
+            ->addCheckFor(Participation::class, [...self::ROLES])
+            ->addCheckFor(Person::class, [self::SEE, self::CREATE])
+            ->addCheckFor(Center::class, [self::STATS])
+            ->build();
     }
 
     public function getRoles(): array
     {
-        return self::ROLES;
+        return [...self::ROLES, self::STATS];
     }
 
     public function getRolesWithHierarchy(): array
     {
         return [
-            'Event' => self::ROLES,
+            'Participation' => $this->getRoles(),
         ];
     }
 
     public function getRolesWithoutScope(): array
     {
-        return [];
+        return [self::ROLES, self::STATS];
     }
 
     public function supports($attribute, $subject)
     {
-        return ($subject instanceof Participation && \in_array($attribute, self::ROLES, true))
+        return $this->voterHelper->supports($attribute, $subject);
-            || ($subject instanceof Person && \in_array($attribute, [self::CREATE, self::SEE], true))
-            || (null === $subject && self::SEE === $attribute);
     }
 
     /**
      * @param string $attribute
-     * @param Participation $subject
      *
      * @return bool
      */
@@ -115,15 +106,5 @@ class ParticipationVoter extends AbstractChillVoter implements ProvideRoleHierar
             ->getReachableCenters($token->getUser(), $attribute);
 
         return \count($centers) > 0;
-
-        if (!$this->accessDecisionManager->decide($token, [PersonVoter::SEE], $person)) {
-            return false;
-        }
-
-        return $this->authorizationHelper->userHasAccess(
-            $token->getUser(),
-            $subject,
-            $attribute
-        );
     }
 }