From fdbaa8cbef9b64ab2ef96acb6d0ec25389daa2a9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julien=20Fastr=C3=A9?= <julien.fastre@champs-libres.coop>
Date: Tue, 23 Nov 2021 23:04:29 +0100
Subject: [PATCH 1/3] add endpoint for getting permissions info

---
 .../Controller/PermissionApiController.php    | 67 +++++++++++++++++++
 .../PermissionApiControllerTest.php           | 36 ++++++++++
 .../ChillMainBundle/chill.api.specs.yaml      | 37 ++++++++++
 3 files changed, 140 insertions(+)
 create mode 100644 src/Bundle/ChillMainBundle/Controller/PermissionApiController.php
 create mode 100644 src/Bundle/ChillMainBundle/Tests/Controller/PermissionApiControllerTest.php

diff --git a/src/Bundle/ChillMainBundle/Controller/PermissionApiController.php b/src/Bundle/ChillMainBundle/Controller/PermissionApiController.php
new file mode 100644
index 000000000..beeb76089
--- /dev/null
+++ b/src/Bundle/ChillMainBundle/Controller/PermissionApiController.php
@@ -0,0 +1,67 @@
+<?php
+
+namespace Chill\MainBundle\Controller;
+
+use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+use Symfony\Component\HttpFoundation\JsonResponse;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
+use Symfony\Component\Routing\Annotation\Route;
+use Symfony\Component\Security\Core\Security;
+use Symfony\Component\Serializer\Normalizer\DenormalizerInterface;
+
+class PermissionApiController extends AbstractController
+{
+    private DenormalizerInterface $denormalizer;
+    private Security $security;
+
+    public function __construct(
+        DenormalizerInterface $denormalizer,
+        Security $security
+    ) {
+        $this->denormalizer = $denormalizer;
+        $this->security = $security;
+    }
+
+    /**
+     * @Route("/api/1.0/main/permissions/info.json", methods={"POST"})
+     * @throws \Symfony\Component\Serializer\Exception\ExceptionInterface
+     */
+    public function getPermissions(Request $request): JsonResponse
+    {
+        $this->denyAccessUnlessGranted('ROLE_USER');
+
+        $data = \json_decode($request->getContent(), true);
+
+        if (null === $data) {
+            throw new BadRequestHttpException(sprintf(
+                "Could not decode json received, or data invalid: %s, %s", \json_last_error(), \json_last_error_msg()
+            ));
+        }
+
+        if (!\array_key_exists('object', $data)) {
+            throw new BadRequestHttpException("the object key is not present");
+        }
+        if (!\array_key_exists('class', $data)) {
+            throw new BadRequestHttpException("the class key is not present");
+        }
+
+        if (null !== $data['object']) {
+            $object = $this->denormalizer->denormalize($data['object'], $data['class'], 'json');
+        } else {
+            $object = null;
+        }
+        $roles = [];
+
+        foreach (($data['roles'] ?? []) as $role) {
+           $roles[$role] = $this->security->isGranted($role, $object);
+        }
+
+        return $this->json(
+            ['roles' => $roles, ],
+            200,
+            [],
+        );
+    }
+
+}
diff --git a/src/Bundle/ChillMainBundle/Tests/Controller/PermissionApiControllerTest.php b/src/Bundle/ChillMainBundle/Tests/Controller/PermissionApiControllerTest.php
new file mode 100644
index 000000000..0eac990ec
--- /dev/null
+++ b/src/Bundle/ChillMainBundle/Tests/Controller/PermissionApiControllerTest.php
@@ -0,0 +1,36 @@
+<?php
+
+namespace Controller;
+
+use Chill\MainBundle\Test\PrepareClientTrait;
+use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
+
+class PermissionApiControllerTest extends WebTestCase
+{
+    use PrepareClientTrait;
+
+    public function testNullObject()
+    {
+        $client = $this->getClientAuthenticated();
+
+        $client->request(
+            'POST',
+            '/api/1.0/main/permissions/info.json',
+            [], // parameters
+            [], // files
+            [], // server
+            \json_encode([
+                'object' => null,
+                'class' => null,
+                'roles' => ['ROLE_USER', 'ROLE_ADMIN']
+            ])
+        );
+
+        $this->assertResponseIsSuccessful();
+
+        $data = \json_decode($client->getResponse()->getContent(), true);
+        $this->assertTrue($data['roles']['ROLE_USER']);
+        $this->assertFalse($data['roles']['ROLE_ADMIN']);
+    }
+
+}
diff --git a/src/Bundle/ChillMainBundle/chill.api.specs.yaml b/src/Bundle/ChillMainBundle/chill.api.specs.yaml
index 110547201..ff0c844df 100644
--- a/src/Bundle/ChillMainBundle/chill.api.specs.yaml
+++ b/src/Bundle/ChillMainBundle/chill.api.specs.yaml
@@ -624,3 +624,40 @@ paths:
                 401:
                     description: "Unauthorized"
 
+    /1.0/main/permissions/info.json:
+        post:
+            tags:
+                - permissions
+            summary: Return info about permissions on entity
+            responses:
+                200:
+                    description: "ok"
+                401:
+                    description: "Unauthorized"
+                400:
+                    description: "Bad request"
+            requestBody:
+                required: true
+                content:
+                    application/json:
+                        schema:
+                            type: object
+                            properties:
+                                object:
+                                    type: object
+                                class:
+                                    type: string
+                                roles:
+                                    type: array
+                                    items:
+                                        type: string
+                        examples:
+                            an-accompanying-period:
+                                value:
+                                    object:
+                                        type: accompanying_period
+                                        id: 1
+                                    class: 'Chill\PersonBundle\Entity\AccompanyingPeriod'
+                                    roles:
+                                        - 'CHILL_PERSON_ACCOMPANYING_PERIOD_SEE'
+

From 9993bfc96f1b8b1d444f8b1a01e0d518fe6a9c75 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julien=20Fastr=C3=A9?= <julien.fastre@champs-libres.coop>
Date: Tue, 23 Nov 2021 23:28:56 +0100
Subject: [PATCH 2/3] fix cs and add test

---
 .../Controller/PermissionApiController.php    | 31 +++++++++----
 .../PermissionApiControllerTest.php           | 44 +++++++++++++++++--
 2 files changed, 62 insertions(+), 13 deletions(-)

diff --git a/src/Bundle/ChillMainBundle/Controller/PermissionApiController.php b/src/Bundle/ChillMainBundle/Controller/PermissionApiController.php
index beeb76089..3476c4bbe 100644
--- a/src/Bundle/ChillMainBundle/Controller/PermissionApiController.php
+++ b/src/Bundle/ChillMainBundle/Controller/PermissionApiController.php
@@ -1,5 +1,12 @@
 <?php
 
+/**
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
 namespace Chill\MainBundle\Controller;
 
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
@@ -9,10 +16,13 @@ use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
 use Symfony\Component\Routing\Annotation\Route;
 use Symfony\Component\Security\Core\Security;
 use Symfony\Component\Serializer\Normalizer\DenormalizerInterface;
+use function array_key_exists;
+use function json_decode;
 
 class PermissionApiController extends AbstractController
 {
     private DenormalizerInterface $denormalizer;
+
     private Security $security;
 
     public function __construct(
@@ -25,25 +35,29 @@ class PermissionApiController extends AbstractController
 
     /**
      * @Route("/api/1.0/main/permissions/info.json", methods={"POST"})
+     *
      * @throws \Symfony\Component\Serializer\Exception\ExceptionInterface
      */
     public function getPermissions(Request $request): JsonResponse
     {
         $this->denyAccessUnlessGranted('ROLE_USER');
 
-        $data = \json_decode($request->getContent(), true);
+        $data = json_decode($request->getContent(), true);
 
         if (null === $data) {
             throw new BadRequestHttpException(sprintf(
-                "Could not decode json received, or data invalid: %s, %s", \json_last_error(), \json_last_error_msg()
+                'Could not decode json received, or data invalid: %s, %s',
+                json_last_error(),
+                json_last_error_msg()
             ));
         }
 
-        if (!\array_key_exists('object', $data)) {
-            throw new BadRequestHttpException("the object key is not present");
+        if (!array_key_exists('object', $data)) {
+            throw new BadRequestHttpException('the object key is not present');
         }
-        if (!\array_key_exists('class', $data)) {
-            throw new BadRequestHttpException("the class key is not present");
+
+        if (!array_key_exists('class', $data)) {
+            throw new BadRequestHttpException('the class key is not present');
         }
 
         if (null !== $data['object']) {
@@ -54,14 +68,13 @@ class PermissionApiController extends AbstractController
         $roles = [];
 
         foreach (($data['roles'] ?? []) as $role) {
-           $roles[$role] = $this->security->isGranted($role, $object);
+            $roles[$role] = $this->security->isGranted($role, $object);
         }
 
         return $this->json(
-            ['roles' => $roles, ],
+            ['roles' => $roles],
             200,
             [],
         );
     }
-
 }
diff --git a/src/Bundle/ChillMainBundle/Tests/Controller/PermissionApiControllerTest.php b/src/Bundle/ChillMainBundle/Tests/Controller/PermissionApiControllerTest.php
index 0eac990ec..f267421bf 100644
--- a/src/Bundle/ChillMainBundle/Tests/Controller/PermissionApiControllerTest.php
+++ b/src/Bundle/ChillMainBundle/Tests/Controller/PermissionApiControllerTest.php
@@ -1,14 +1,51 @@
 <?php
 
+/**
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
 namespace Controller;
 
 use Chill\MainBundle\Test\PrepareClientTrait;
+use DateTime;
 use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
 
+/**
+ * @internal
+ * @coversNothing
+ */
 class PermissionApiControllerTest extends WebTestCase
 {
     use PrepareClientTrait;
 
+    public function testDenormalizingObject()
+    {
+        $client = $this->getClientAuthenticated();
+
+        $client->request(
+            'POST',
+            '/api/1.0/main/permissions/info.json',
+            [], // parameters
+            [], // files
+            [], // server
+            json_encode([
+                'object' => [
+                    'datetime' => '1969-07-09T00:00:00+0100',
+                ],
+                'class' => DateTime::class,
+                'roles' => ['FOO_ROLE'],
+            ])
+        );
+
+        $this->assertResponseIsSuccessful();
+
+        $data = json_decode($client->getResponse()->getContent(), true);
+        $this->assertFalse($data['roles']['FOO_ROLE']);
+    }
+
     public function testNullObject()
     {
         $client = $this->getClientAuthenticated();
@@ -19,18 +56,17 @@ class PermissionApiControllerTest extends WebTestCase
             [], // parameters
             [], // files
             [], // server
-            \json_encode([
+            json_encode([
                 'object' => null,
                 'class' => null,
-                'roles' => ['ROLE_USER', 'ROLE_ADMIN']
+                'roles' => ['ROLE_USER', 'ROLE_ADMIN'],
             ])
         );
 
         $this->assertResponseIsSuccessful();
 
-        $data = \json_decode($client->getResponse()->getContent(), true);
+        $data = json_decode($client->getResponse()->getContent(), true);
         $this->assertTrue($data['roles']['ROLE_USER']);
         $this->assertFalse($data['roles']['ROLE_ADMIN']);
     }
-
 }

From 09a96df6a48983d6b8ef80735261645936cc9a17 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julien=20Fastr=C3=A9?= <julien.fastre@champs-libres.coop>
Date: Wed, 24 Nov 2021 16:16:40 +0100
Subject: [PATCH 3/3] update changelog

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 8805ed944..a54cee2e3 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -16,6 +16,7 @@ and this project adheres to
 * [thirdparty] link from modal to thirdparty detail page fixed (https://gitlab.com/champs-libres/departement-de-la-vendee/accent-suivi-developpement/-/issues/228)
 * [activity] remove the "plus" button in activity list
 * [activity] check ACL on activity list in person context
+* add an endpoint for checking permissions. See https://gitlab.com/Chill-Projet/chill-bundles/-/merge_requests/232
 
 ## Test releases