Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-07-03 07:26:12 +00:00
Code Issues Actions Projects Releases Wiki Activity

Merge branch 'feature/add-api-endpoint-for-permission'

Browse Source 
See https://gitlab.com/Chill-Projet/chill-bundles/-/merge_requests/232
This commit is contained in:
Julien Fastré 2021-11-25 14:15:08 +01:00
commit 6d67f2706d
4 changed files with 190 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@ -18,6 +18,7 @@ and this project adheres to
* [activity] check ACL on activity list in person context
* [list for accompanying course in person] filter list using ACL
* [validation] toasts are displayed for errors when modifying accompanying course (generalization required).
* add an endpoint for checking permissions. See https://gitlab.com/Chill-Projet/chill-bundles/-/merge_requests/232
## Test releases

80
src/Bundle/ChillMainBundle/Controller/PermissionApiController.php Normal file
View File

@ -0,0 +1,80 @@
<?php
/**
* Chill is a software for social workers
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace Chill\MainBundle\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Core\Security;
use Symfony\Component\Serializer\Normalizer\DenormalizerInterface;
use function array_key_exists;
use function json_decode;
class PermissionApiController extends AbstractController
{
private DenormalizerInterface $denormalizer;
private Security $security;
public function __construct(
DenormalizerInterface $denormalizer,
Security $security
) {
$this->denormalizer = $denormalizer;
$this->security = $security;
}
/**
* @Route("/api/1.0/main/permissions/info.json", methods={"POST"})
*
* @throws \Symfony\Component\Serializer\Exception\ExceptionInterface
*/
public function getPermissions(Request $request): JsonResponse
{
$this->denyAccessUnlessGranted('ROLE_USER');
$data = json_decode($request->getContent(), true);
if (null === $data) {
throw new BadRequestHttpException(sprintf(
'Could not decode json received, or data invalid: %s, %s',
json_last_error(),
json_last_error_msg()
));
}
if (!array_key_exists('object', $data)) {
throw new BadRequestHttpException('the object key is not present');
}
if (!array_key_exists('class', $data)) {
throw new BadRequestHttpException('the class key is not present');
}
if (null !== $data['object']) {
$object = $this->denormalizer->denormalize($data['object'], $data['class'], 'json');
} else {
$object = null;
}
$roles = [];
foreach (($data['roles'] ?? []) as $role) {
$roles[$role] = $this->security->isGranted($role, $object);
}
return $this->json(
['roles' => $roles],
200,
[],
);
}
}

72
src/Bundle/ChillMainBundle/Tests/Controller/PermissionApiControllerTest.php Normal file
View File

@ -0,0 +1,72 @@
<?php
/**
* Chill is a software for social workers
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace Controller;
use Chill\MainBundle\Test\PrepareClientTrait;
use DateTime;
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
/**
* @internal
* @coversNothing
*/
class PermissionApiControllerTest extends WebTestCase
{
use PrepareClientTrait;
public function testDenormalizingObject()
{
$client = $this->getClientAuthenticated();
$client->request(
'POST',
'/api/1.0/main/permissions/info.json',
[], // parameters
[], // files
[], // server
json_encode([
'object' => [
'datetime' => '1969-07-09T00:00:00+0100',
],
'class' => DateTime::class,
'roles' => ['FOO_ROLE'],
])
);
$this->assertResponseIsSuccessful();
$data = json_decode($client->getResponse()->getContent(), true);
$this->assertFalse($data['roles']['FOO_ROLE']);
}
public function testNullObject()
{
$client = $this->getClientAuthenticated();
$client->request(
'POST',
'/api/1.0/main/permissions/info.json',
[], // parameters
[], // files
[], // server
json_encode([
'object' => null,
'class' => null,
'roles' => ['ROLE_USER', 'ROLE_ADMIN'],
])
);
$this->assertResponseIsSuccessful();
$data = json_decode($client->getResponse()->getContent(), true);
$this->assertTrue($data['roles']['ROLE_USER']);
$this->assertFalse($data['roles']['ROLE_ADMIN']);
}
}

37
src/Bundle/ChillMainBundle/chill.api.specs.yaml
View File

@ -624,3 +624,40 @@ paths:
401:
description: "Unauthorized"
/1.0/main/permissions/info.json:
post:
tags:
- permissions
summary: Return info about permissions on entity
responses:
200:
description: "ok"
401:
description: "Unauthorized"
400:
description: "Bad request"
requestBody:
required: true
content:
application/json:
schema:
type: object
properties:
object:
type: object
class:
type: string
roles:
type: array
items:
type: string
examples:
an-accompanying-period:
value:
object:
type: accompanying_period
id: 1
class: 'Chill\PersonBundle\Entity\AccompanyingPeriod'
roles:
- 'CHILL_PERSON_ACCOMPANYING_PERIOD_SEE'