Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-06-07 18:44:08 +00:00
Code Issues Actions Projects Releases Wiki Activity

Prepare for deprecation of class Role, and add method to filter centers

Browse Source
This commit is contained in:
Julien Fastré 2021-05-17 13:23:58 +02:00
parent c3ef8d112c
commit 73653744d7
1 changed files with 44 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
src/Bundle/ChillMainBundle/Security/Authorization/AuthorizationHelper.php
View File

@ -110,8 +110,6 @@ class AuthorizationHelper
return false; return false;
} }
$role = ($attribute instanceof Role) ? $attribute : new Role($attribute);
foreach ($user->getGroupCenters() as $groupCenter){ foreach ($user->getGroupCenters() as $groupCenter){
//filter on center //filter on center
if ($groupCenter->getCenter()->getId() === $entity->getCenter()->getId()) { if ($groupCenter->getCenter()->getId() === $entity->getCenter()->getId()) {
@ -119,8 +117,7 @@ class AuthorizationHelper
//iterate on roleScopes //iterate on roleScopes
foreach($permissionGroup->getRoleScopes() as $roleScope) { foreach($permissionGroup->getRoleScopes() as $roleScope) {
//check that the role allow to reach the required role //check that the role allow to reach the required role
if ($this->isRoleReached($role, if ($this->isRoleReached($attribute, $roleScope->getRole())) {
new Role($roleScope->getRole()))){
//if yes, we have a right on something... //if yes, we have a right on something...
// perform check on scope if necessary // perform check on scope if necessary
if ($entity instanceof HasScopeInterface) { if ($entity instanceof HasScopeInterface) {
@ -149,12 +146,15 @@ class AuthorizationHelper
* and optionnaly Scope * and optionnaly Scope
* *
* @param User $user * @param User $user
* @param Role $role * @param string|Role $role
* @param null|Scope $scope * @param null|Scope $scope
* @return Center[] * @return Center[]
*/ */
public function getReachableCenters(User $user, Role $role, Scope $scope = null) public function getReachableCenters(User $user, $role, Scope $scope = null)
{ {
if ($role instanceof Role) {
$role = $role->getRole();
}
$centers = array(); $centers = array();
foreach ($user->getGroupCenters() as $groupCenter){ foreach ($user->getGroupCenters() as $groupCenter){
@ -162,8 +162,7 @@ class AuthorizationHelper
//iterate on roleScopes //iterate on roleScopes
foreach($permissionGroup->getRoleScopes() as $roleScope) { foreach($permissionGroup->getRoleScopes() as $roleScope) {
//check that the role is in the reachable roles //check that the role is in the reachable roles
if ($this->isRoleReached($role, if ($this->isRoleReached($role, $roleScope->getRole())) {
new Role($roleScope->getRole()))) {
if ($scope === null) { if ($scope === null) {
$centers[] = $groupCenter->getCenter(); $centers[] = $groupCenter->getCenter();
break 1; break 1;
@ -180,6 +179,30 @@ class AuthorizationHelper
return $centers; return $centers;
} }
/**
* Filter an array of centers, return only center which are reachable
*
* @param User $user The user
* @param array $centers a list of centers which are going to be filtered
* @param string|Center $role
*/
public function filterReachableCenters(User $user, array $centers, $role): array
{
$results = [];
if ($role instanceof Role) {
$role = $role->getRole();
}
foreach ($centers as $center) {
if ($this->userCanReachCenter($user, $center, $role)) {
$results[] = $center;
}
}
return $results;
}
/** /**
* Return all reachable scope for a given user, center and role * Return all reachable scope for a given user, center and role
@ -191,8 +214,12 @@ class AuthorizationHelper
* @param Center $center * @param Center $center
* @return Scope[] * @return Scope[]
*/ */
public function getReachableScopes(User $user, Role $role, Center $center) public function getReachableScopes(User $user, $role, Center $center)
{ {
if ($role instanceof Role) {
$role = $role->getRole();
}
return $this->getReachableCircles($user, $role, $center); return $this->getReachableCircles($user, $role, $center);
} }
@ -200,12 +227,15 @@ class AuthorizationHelper
* Return all reachable circle for a given user, center and role * Return all reachable circle for a given user, center and role
* *
* @param User $user * @param User $user
* @param Role $role * @param string|Role $role
* @param Center $center * @param Center $center
* @return Scope[] * @return Scope[]
*/ */
public function getReachableCircles(User $user, Role $role, Center $center) public function getReachableCircles(User $user, $role, Center $center)
{ {
if ($role instanceof Role) {
$role = $role->getRole();
}
$scopes = array(); $scopes = array();
foreach ($user->getGroupCenters() as $groupCenter){ foreach ($user->getGroupCenters() as $groupCenter){
@ -215,9 +245,7 @@ class AuthorizationHelper
//iterate on roleScopes //iterate on roleScopes
foreach($permissionGroup->getRoleScopes() as $roleScope) { foreach($permissionGroup->getRoleScopes() as $roleScope) {
//check that the role is in the reachable roles //check that the role is in the reachable roles
if ($this->isRoleReached($role, if ($this->isRoleReached($role, $roleScope->getRole())) {
new Role($roleScope->getRole()))) {
$scopes[] = $roleScope->getScope(); $scopes[] = $roleScope->getScope();
} }
} }
@ -269,10 +297,10 @@ class AuthorizationHelper
* @param Role $parentRole The role which should give access to $childRole * @param Role $parentRole The role which should give access to $childRole
* @return boolean true if the child role is granted by parent role * @return boolean true if the child role is granted by parent role
*/ */
protected function isRoleReached(Role $childRole, Role $parentRole) protected function isRoleReached($childRole, $parentRole)
{ {
$reachableRoles = $this->roleHierarchy $reachableRoles = $this->roleHierarchy
->getReachableRoles([$parentRole]); ->getReachableRoleNames([$parentRole]);
return in_array($childRole, $reachableRoles); return in_array($childRole, $reachableRoles);
} }