Fixed: do not allow to create activities when no rights to do it

The ACTIVITY_FULL role does not give anymore the roles CHILL_ACTIVITY_CREATE_PERSON and CHILL_ACTIVITY_CREATE_ACCOMPANYING_COURSE. Tags: #BC
2025-06-07 18:44:08 +00:00 · 2022-07-11 19:29:45 +02:00 · 2022-07-11 19:29:45 +02:00 · 6998043159
commit 6998043159
parent ce17c15d41
7 changed files with 458 additions and 570 deletions
--- a/grumphp.yml
+++ b/grumphp.yml
@ -24,6 +24,7 @@ parameters:
        - "/spec/"
        - "/var/"
        - "/vendor/"
+        - "/tests/app"

    # Psalm
    tasks.psalm.blocking: true
--- a/phpstan-deprecations.neon
+++ b/phpstan-deprecations.neon
--- a/phpstan-types.neon
+++ b/phpstan-types.neon
@ -25,16 +25,6 @@ parameters:
 			count: 1
 			path: src/Bundle/ChillActivityBundle/Form/ActivityType.php

-		-
-			message: "#^Only booleans are allowed in &&, mixed given on the right side\\.$#"
-			count: 3
-			path: src/Bundle/ChillActivityBundle/Form/ActivityType.php
-
-		-
-			message: "#^Only booleans are allowed in an if condition, mixed given\\.$#"
-			count: 2
-			path: src/Bundle/ChillActivityBundle/Form/ActivityType.php
-
 		-
 			message: "#^Only booleans are allowed in an if condition, mixed given\\.$#"
 			count: 3
--- a/src/Bundle/ChillActivityBundle/DependencyInjection/ChillActivityExtension.php
+++ b/src/Bundle/ChillActivityBundle/DependencyInjection/ChillActivityExtension.php
@ -61,8 +61,6 @@ class ChillActivityExtension extends Extension implements PrependExtensionInterf
                ActivityVoter::DELETE => [ActivityVoter::SEE_DETAILS],
                ActivityVoter::SEE_DETAILS => [ActivityVoter::SEE],
                ActivityVoter::FULL => [
-                    ActivityVoter::CREATE_PERSON,
-                    ActivityVoter::CREATE_ACCOMPANYING_COURSE,
                    ActivityVoter::DELETE,
                    ActivityVoter::UPDATE,
                ],
--- a/src/Bundle/ChillActivityBundle/Entity/Activity.php
+++ b/src/Bundle/ChillActivityBundle/Entity/Activity.php
@ -16,7 +16,6 @@ use Chill\DocStoreBundle\Entity\StoredObject;
 use Chill\MainBundle\Entity\Center;
 use Chill\MainBundle\Entity\Embeddable\CommentEmbeddable;
 use Chill\MainBundle\Entity\Embeddable\PrivateCommentEmbeddable;
-use Chill\MainBundle\Entity\HasCenterInterface;
 use Chill\MainBundle\Entity\HasCentersInterface;
 use Chill\MainBundle\Entity\HasScopesInterface;
 use Chill\MainBundle\Entity\Location;
@ -311,7 +310,9 @@ class Activity implements AccompanyingPeriodLinkedWithSocialIssuesEntityInterfac
    {
        if ($this->person instanceof Person) {
            return [$this->person->getCenter()];
-        } elseif ($this->getAccompanyingPeriod() instanceof AccompanyingPeriod) {
+        }
+
+        if ($this->getAccompanyingPeriod() instanceof AccompanyingPeriod) {
            return $this->getAccompanyingPeriod()->getCenters();
        }

--- a/src/Bundle/ChillActivityBundle/Form/ActivityType.php
+++ b/src/Bundle/ChillActivityBundle/Form/ActivityType.php
@ -25,9 +25,9 @@ use Chill\MainBundle\Form\Type\CommentType;
 use Chill\MainBundle\Form\Type\PickUserDynamicType;
 use Chill\MainBundle\Form\Type\PrivateCommentType;
 use Chill\MainBundle\Form\Type\ScopePickerType;
-use Chill\MainBundle\Form\Type\UserPickerType;
 use Chill\MainBundle\Security\Authorization\AuthorizationHelper;
 use Chill\MainBundle\Templating\TranslatableStringHelper;
+use Chill\PersonBundle\Entity\AccompanyingPeriod;
 use Chill\PersonBundle\Entity\Person;
 use Chill\PersonBundle\Entity\SocialWork\SocialAction;
 use Chill\PersonBundle\Entity\SocialWork\SocialIssue;
@ -113,7 +113,7 @@ class ActivityType extends AbstractType
        $activityType = $options['activityType'];

        // TODO revoir la gestion des center au niveau du form des activité.
-        if ($options['center'] && null !== $options['data']->getPerson()) {
+        if ($options['center'] instanceof Center && null !== $options['data']->getPerson()) {
            $builder->add('scope', ScopePickerType::class, [
                'center' => $options['center'],
                'role' => ActivityVoter::CREATE === (string) $options['role'] ? ActivityVoter::CREATE_PERSON : (string) $options['role'],
@ -124,7 +124,7 @@ class ActivityType extends AbstractType
        /** @var ? \Chill\PersonBundle\Entity\AccompanyingPeriod  $accompanyingPeriod */
        $accompanyingPeriod = null;

-        if ($options['accompanyingPeriod']) {
+        if ($options['accompanyingPeriod'] instanceof AccompanyingPeriod) {
            $accompanyingPeriod = $options['accompanyingPeriod'];
        }

@ -221,7 +221,7 @@ class ActivityType extends AbstractType
            ]);
        }

-        if ($activityType->isVisible('user') && $options['center']) {
+        if ($activityType->isVisible('user') && $options['center'] instanceof Center) {
            $builder->add('user', PickUserDynamicType::class, [
                'label' => $activityType->getLabel('user'),
                'required' => $activityType->isRequired('user'),
--- a/src/Bundle/ChillActivityBundle/Security/Authorization/ActivityVoter.php
+++ b/src/Bundle/ChillActivityBundle/Security/Authorization/ActivityVoter.php
@ -159,12 +159,12 @@ class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyIn

            // transform the attribute
            if (self::CREATE === $attribute) {
-                $attribute = self::CREATE_ACCOMPANYING_COURSE;
+                return $this->voterHelper->voteOnAttribute(self::CREATE_ACCOMPANYING_COURSE, $subject, $token);
            }
        } elseif ($subject instanceof Person) {
            // transform the attribute
            if (self::CREATE === $attribute) {
-                $attribute = self::CREATE_PERSON;
+                return $this->voterHelper->voteOnAttribute(self::CREATE_PERSON, $subject, $token);
            }
        }