Prepare for deprecation of class Role, and add method to filter centers

2025-06-07 18:44:08 +00:00 · 2021-05-17 13:23:58 +02:00 · 2021-05-17 13:23:58 +02:00 · 73653744d7
commit 73653744d7
parent c3ef8d112c
1 changed files with 44 additions and 16 deletions
--- a/src/Bundle/ChillMainBundle/Security/Authorization/AuthorizationHelper.php
+++ b/src/Bundle/ChillMainBundle/Security/Authorization/AuthorizationHelper.php
@ -110,8 +110,6 @@ class AuthorizationHelper
            return false;
        }
        
-        $role = ($attribute instanceof Role) ? $attribute : new Role($attribute);
-        
        foreach ($user->getGroupCenters() as $groupCenter){
            //filter on center
            if ($groupCenter->getCenter()->getId() === $entity->getCenter()->getId()) {
@ -119,8 +117,7 @@ class AuthorizationHelper
                //iterate on roleScopes
                foreach($permissionGroup->getRoleScopes() as $roleScope) {
                    //check that the role allow to reach the required role
-                    if ($this->isRoleReached($role, 
-                          new Role($roleScope->getRole()))){
+                    if ($this->isRoleReached($attribute, $roleScope->getRole())) {
                        //if yes, we have a right on something...
                        // perform check on scope if necessary
                        if ($entity instanceof HasScopeInterface) {
@ -149,12 +146,15 @@ class AuthorizationHelper
     * and optionnaly Scope
     * 
     * @param User $user
-     * @param Role $role
+     * @param string|Role $role
     * @param null|Scope $scope
     * @return Center[]
     */
-    public function getReachableCenters(User $user, Role $role, Scope $scope = null)
+    public function getReachableCenters(User $user, $role, Scope $scope = null)
    {
+        if ($role instanceof Role) {
+            $role = $role->getRole();
+        }
        $centers = array();
        
        foreach ($user->getGroupCenters() as $groupCenter){
@ -162,8 +162,7 @@ class AuthorizationHelper
            //iterate on roleScopes
            foreach($permissionGroup->getRoleScopes() as $roleScope) {
                //check that the role is in the reachable roles
-                if ($this->isRoleReached($role, 
-                      new Role($roleScope->getRole()))) {
+                if ($this->isRoleReached($role, $roleScope->getRole())) {
                    if ($scope === null) {
                        $centers[] = $groupCenter->getCenter();
                        break 1;
@ -180,6 +179,30 @@ class AuthorizationHelper
        
        return $centers;
    }
+
+    /**
+     * Filter an array of centers, return only center which are reachable
+     *
+     * @param User $user The user
+     * @param array $centers a list of centers which are going to be filtered
+     * @param string|Center $role
+     */
+    public function filterReachableCenters(User $user, array $centers, $role): array
+    {
+        $results = [];
+
+        if ($role instanceof Role) {
+            $role = $role->getRole();
+        }
+
+        foreach ($centers as $center) {
+            if ($this->userCanReachCenter($user, $center, $role)) {
+                $results[] = $center;
+            }
+        }
+
+        return $results;
+    }
    
    /**
     * Return all reachable scope for a given user, center and role
@ -191,8 +214,12 @@ class AuthorizationHelper
     * @param Center $center
     * @return Scope[]
     */
-    public function getReachableScopes(User $user, Role $role, Center $center)
+    public function getReachableScopes(User $user, $role, Center $center)
    {
+        if ($role instanceof Role) {
+            $role = $role->getRole();
+        }
+
        return $this->getReachableCircles($user, $role, $center);
    }
    
@ -200,12 +227,15 @@ class AuthorizationHelper
     * Return all reachable circle for a given user, center and role
     * 
     * @param User $user
-     * @param Role $role
+     * @param string|Role $role
     * @param Center $center
     * @return Scope[]
     */
-    public function getReachableCircles(User $user, Role $role, Center $center)
+    public function getReachableCircles(User $user, $role, Center $center)
    {
+        if ($role instanceof Role) {
+            $role = $role->getRole();
+        }
        $scopes = array();
        
        foreach ($user->getGroupCenters() as $groupCenter){
@ -215,9 +245,7 @@ class AuthorizationHelper
                //iterate on roleScopes
                foreach($permissionGroup->getRoleScopes() as $roleScope) {
                    //check that the role is in the reachable roles
-                    if ($this->isRoleReached($role, 
-                          new Role($roleScope->getRole()))) {
-
+                    if ($this->isRoleReached($role, $roleScope->getRole())) {
                        $scopes[] = $roleScope->getScope();
                    }
                }
@ -269,10 +297,10 @@ class AuthorizationHelper
     * @param Role $parentRole The role which should give access to $childRole
     * @return boolean true if the child role is granted by parent role
     */
-    protected function isRoleReached(Role $childRole, Role $parentRole)
+    protected function isRoleReached($childRole, $parentRole)
    {
        $reachableRoles = $this->roleHierarchy
-                ->getReachableRoles([$parentRole]);
+                ->getReachableRoleNames([$parentRole]);
        
        return in_array($childRole, $reachableRoles);
    }