Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-06-12 13:24:25 +00:00
Code Issues Actions Projects Releases Wiki Activity

Attempt to make voter work

Browse Source
This commit is contained in:
Julie Lenaerts 2022-02-23 18:07:54 +01:00
parent de0be15fff
commit 7067d4b5bd
4 changed files with 26 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/Bundle/ChillBudgetBundle/Controller/AbstractElementController.php
View File

@ -19,6 +19,7 @@ use Psr\Log\LoggerInterface;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route; use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Symfony\Bundle\FrameworkBundle\Controller\Controller; use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\Form\Extension\Core\Type\SubmitType; use Symfony\Component\Form\Extension\Core\Type\SubmitType;
use Symfony\Component\Form\Form;
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\Response;
use Symfony\Contracts\Translation\TranslatorInterface; use Symfony\Contracts\Translation\TranslatorInterface;
@ -54,8 +55,8 @@ abstract class AbstractElementController extends Controller
*/ */
protected function _delete(AbstractElement $element, Request $request, $template, $flashMessage): Response protected function _delete(AbstractElement $element, Request $request, $template, $flashMessage): Response
{ {
// $this->denyAccessUnlessGranted(BudgetElementVoter::DELETE, $element, 'You are not ' $this->denyAccessUnlessGranted(BudgetElementVoter::DELETE, $element, 'You are not '
// . 'allowed to delete this family membership'); . 'allowed to delete this family membership');
$form = $this->createDeleteForm(); $form = $this->createDeleteForm();
@ -96,7 +97,7 @@ abstract class AbstractElementController extends Controller
*/ */
protected function _edit(AbstractElement $element, Request $request, $template, $flashOnSuccess): Response protected function _edit(AbstractElement $element, Request $request, $template, $flashOnSuccess): Response
{ {
// $this->denyAccessUnlessGranted(BudgetElementVoter::UPDATE, $element); $this->denyAccessUnlessGranted(BudgetElementVoter::UPDATE, $element);
$form = $this->createForm($this->getType(), $element); $form = $this->createForm($this->getType(), $element);
$form->add('submit', SubmitType::class); $form->add('submit', SubmitType::class);
@ -131,7 +132,7 @@ abstract class AbstractElementController extends Controller
$element = $this->createNewElement() $element = $this->createNewElement()
->setPerson($person); ->setPerson($person);
// $this->denyAccessUnlessGranted(BudgetElementVoter::CREATE, $element); $this->denyAccessUnlessGranted(BudgetElementVoter::CREATE, $element);
$form = $this->createForm($this->getType(), $element); $form = $this->createForm($this->getType(), $element);
$form->add('submit', SubmitType::class); $form->add('submit', SubmitType::class);
@ -171,7 +172,7 @@ abstract class AbstractElementController extends Controller
*/ */
protected function _view(AbstractElement $element, $template) protected function _view(AbstractElement $element, $template)
{ {
// $this->denyAccessUnlessGranted(BudgetElementVoter::SHOW, $element); $this->denyAccessUnlessGranted(BudgetElementVoter::SEE, $element);
return $this->render($template, [ return $this->render($template, [
'element' => $element, 'element' => $element,
@ -187,10 +188,8 @@ abstract class AbstractElementController extends Controller
/** /**
* Creates a form to delete a help request entity by id. * Creates a form to delete a help request entity by id.
*
* @return \Symfony\Component\Form\Form The form
*/ */
private function createDeleteForm() private function createDeleteForm(): Form
{ {
return $this->createFormBuilder() return $this->createFormBuilder()
->setMethod(Request::METHOD_DELETE) ->setMethod(Request::METHOD_DELETE)

4
src/Bundle/ChillBudgetBundle/DependencyInjection/ChillBudgetExtension.php
View File

@ -68,8 +68,8 @@ class ChillBudgetExtension extends Extension implements PrependExtensionInterfac
{ {
$container->prependExtensionConfig('security', [ $container->prependExtensionConfig('security', [
'role_hierarchy' => [ 'role_hierarchy' => [
BudgetElementVoter::UPDATE => [BudgetElementVoter::SHOW], BudgetElementVoter::UPDATE => [BudgetElementVoter::SEE],
BudgetElementVoter::CREATE => [BudgetElementVoter::SHOW], BudgetElementVoter::CREATE => [BudgetElementVoter::SEE],
], ],
]); ]);
} }

33
src/Bundle/ChillBudgetBundle/Security/Authorization/BudgetElementVoter.php
View File

@ -15,9 +15,11 @@ use Chill\BudgetBundle\Entity\AbstractElement;
use Chill\MainBundle\Entity\User; use Chill\MainBundle\Entity\User;
use Chill\MainBundle\Security\Authorization\AbstractChillVoter; use Chill\MainBundle\Security\Authorization\AbstractChillVoter;
use Chill\MainBundle\Security\Authorization\AuthorizationHelper; use Chill\MainBundle\Security\Authorization\AuthorizationHelper;
use Chill\MainBundle\Security\Authorization\VoterHelperFactoryInterface;
use Chill\MainBundle\Security\Authorization\VoterHelperInterface;
use Chill\MainBundle\Security\ProvideRoleHierarchyInterface; use Chill\MainBundle\Security\ProvideRoleHierarchyInterface;
use Chill\PersonBundle\Entity\Person; use Chill\PersonBundle\Entity\Person;
use Symfony\Component\Security\Core\Role\Role; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use function in_array; use function in_array;
@ -30,22 +32,24 @@ class BudgetElementVoter extends AbstractChillVoter implements ProvideRoleHierar
public const ROLES = [ public const ROLES = [
self::CREATE, self::CREATE,
self::DELETE, self::DELETE,
self::SHOW, self::SEE,
self::UPDATE, self::UPDATE,
]; ];
public const SHOW = 'CHILL_BUDGET_ELEMENT_SHOW'; public const SEE = 'CHILL_BUDGET_ELEMENT_SEE';
public const UPDATE = 'CHILL_BUDGET_ELEMENT_UPDATE'; public const UPDATE = 'CHILL_BUDGET_ELEMENT_UPDATE';
/** protected VoterHelperInterface $voter;
* @var AuthorizationHelper
*/
protected $authorizationHelper;
public function __construct(AuthorizationHelper $authorizationHelper) public function __construct(VoterHelperFactoryInterface $voterFactory)
{ {
$this->authorizationHelper = $authorizationHelper; $this->voter = $voterFactory
->generate(self::class)
->addCheckFor(AbstractElement::class, self::ROLES)
->addCheckFor(null, [self::CREATE])
->build();
} }
public function getRoles(): array public function getRoles(): array
@ -66,18 +70,13 @@ class BudgetElementVoter extends AbstractChillVoter implements ProvideRoleHierar
protected function supports($attribute, $subject) protected function supports($attribute, $subject)
{ {
return (in_array($attribute, self::ROLES, true) && $subject instanceof AbstractElement) return (in_array($attribute, self::ROLES, true) && $subject instanceof AbstractElement)
|| ($subject instanceof Person && in_array($attribute, [self::SHOW, self::CREATE], true)); || ($subject instanceof Person && in_array($attribute, [self::SEE, self::CREATE], true));
} }
protected function voteOnAttribute($attribute, $subject, \Symfony\Component\Security\Core\Authentication\Token\TokenInterface $token) protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
{ {
$user = $token->getUser();
if (false === $user instanceof User) { return $this->voter->voteOnAttribute($attribute, $subject, $token);
return false;
}
return $this->authorizationHelper
->userHasAccess($user, $subject, new Role($attribute));
} }
} }

3
src/Bundle/ChillBudgetBundle/config/services/security.yaml
View File

@ -1,7 +1,6 @@
services: services:
Chill\BudgetBundle\Security\Authorization\BudgetElementVoter: Chill\BudgetBundle\Security\Authorization\BudgetElementVoter:
arguments: autowire: true
$authorizationHelper: '@Chill\MainBundle\Security\Authorization\AuthorizationHelper'
tags: tags:
- { name: chill.role } - { name: chill.role }
- { name: security.voter } - { name: security.voter }