Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-06-12 13:24:25 +00:00
Code Issues Actions Projects Releases Wiki Activity

take into account all reachble centers by default for authorization

Browse Source
This commit is contained in:
Julien Fastré 2016-01-26 11:24:36 +01:00
parent de27c50a5a
commit 630be1d3d2
2 changed files with 22 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Controller/ExportController.php
View File

@ -75,9 +75,8 @@ class ExportController extends Controller
// first check for ACL // first check for ACL
$exportManager = $this->get('chill.main.export_manager'); $exportManager = $this->get('chill.main.export_manager');
$export = $exportManager->getExport($alias); $export = $exportManager->getExport($alias);
$centers = $this->get('chill.main.security.authorization.helper')
->getReachableCenters($this->getUser(), $export->requiredRole()); if ($exportManager->isGrantedForElement($export) === FALSE) {
if ($exportManager->isGrantedForElement($export, $centers) === FALSE) {
throw $this->createAccessDeniedException('The user does not have access to this export'); throw $this->createAccessDeniedException('The user does not have access to this export');
} }

30
Export/ExportManager.php
View File

@ -94,9 +94,12 @@ class ExportManager
*/ */
private $user; private $user;
public function __construct(LoggerInterface $logger, EntityManagerInterface $em, public function __construct(
AuthorizationChecker $authorizationChecker, AuthorizationHelper $authorizationHelper, LoggerInterface $logger,
TokenStorageInterface $tokenStorage) EntityManagerInterface $em,
AuthorizationChecker $authorizationChecker,
AuthorizationHelper $authorizationHelper,
TokenStorageInterface $tokenStorage)
{ {
$this->logger = $logger; $this->logger = $logger;
$this->em = $em; $this->em = $em;
@ -152,9 +155,7 @@ class ExportManager
{ {
foreach ($this->exports as $alias => $export) { foreach ($this->exports as $alias => $export) {
if ($whereUserIsGranted) { if ($whereUserIsGranted) {
$centers = $this->authorizationHelper->getReachableCenters($this->user, if ($this->isGrantedForElement($export, null)) {
$export->requiredRole());
if ($this->isGrantedForElement($export, $centers)) {
yield $alias => $export; yield $alias => $export;
} }
} else { } else {
@ -265,14 +266,23 @@ class ExportManager
* center, false if the user hasn't access to element for at least one center. * center, false if the user hasn't access to element for at least one center.
* *
* @param \Chill\MainBundle\Export\ExportElementInterface $element * @param \Chill\MainBundle\Export\ExportElementInterface $element
* @param array $centers * @param array|null $centers, if null, the function take into account all the reachables centers for the current user
* @return boolean * @return boolean
*/ */
public function isGrantedForElement(ExportElementInterface $element, array $centers) public function isGrantedForElement(ExportElementInterface $element, array $centers = null)
{ {
if($centers === null) {
$centers = $this->authorizationHelper->getReachableCenters($this->user,
$element->requiredRole());
}
if (count($centers) === 0) {
return false;
}
foreach($centers as $center) { foreach($centers as $center) {
if ($this->authorizationChecker->isGranted( if ($this->authorizationChecker->isGranted(
$element->requiredRole()->getRole(), $center) === FALSE) { $element->requiredRole()->getRole(), $center) === false) {
//debugging //debugging
$this->logger->debug('user has no access to element', array( $this->logger->debug('user has no access to element', array(
'method' => __METHOD__, 'method' => __METHOD__,
@ -283,7 +293,7 @@ class ExportManager
} }
} }
return TRUE; return true;
} }
/** /**