Setup AccompanyingPeriodWorkEvaluationStoredObjectVoter.php to use AccompanyingPeriodWorkRepository.php

The voter was not checking the correct permissions to\ establish whether a user can see/edit a storedObject\
The right to see/edit an AccompanyingPeriodWork has to\
be checked.

src/Bundle/ChillDocStoreBundle/Security/Authorization/StoredObjectVoters/AccompanyingPeriodWorkEvaluationStoredObjectVoter.php

@@ -6,15 +6,15 @@ use Chill\DocStoreBundle\Repository\AssociatedEntityToStoredObjectInterface;
 use Chill\DocStoreBundle\Security\Authorization\StoredObjectRoleEnum;
 use Chill\DocStoreBundle\Security\Authorization\StoredObjectVoters\AbstractStoredObjectVoter;
 use Chill\DocStoreBundle\Service\WorkflowDocumentService;
-use Chill\PersonBundle\Entity\AccompanyingPeriod\AccompanyingPeriodWorkEvaluationDocument;
+use Chill\PersonBundle\Entity\AccompanyingPeriod\AccompanyingPeriodWork;
-use Chill\PersonBundle\Repository\AccompanyingPeriod\AccompanyingPeriodWorkEvaluationDocumentRepository;
+use Chill\PersonBundle\Repository\AccompanyingPeriod\AccompanyingPeriodWorkRepository;
-use Chill\PersonBundle\Security\Authorization\AccompanyingPeriodWorkEvaluationDocumentVoter;
+use Chill\PersonBundle\Security\Authorization\AccompanyingPeriodWorkVoter;
 use Symfony\Component\Security\Core\Security;
 
 class AccompanyingPeriodWorkEvaluationStoredObjectVoter extends AbstractStoredObjectVoter
 {
     public function __construct(
-        private readonly AccompanyingPeriodWorkEvaluationDocumentRepository $repository,
+        private readonly AccompanyingPeriodWorkRepository $repository,
         Security $security,
         WorkflowDocumentService $workflowDocumentService
     ){
@@ -31,15 +31,14 @@ class AccompanyingPeriodWorkEvaluationStoredObjectVoter extends AbstractStoredOb
      */
     protected function getClass(): string
     {
-        return AccompanyingPeriodWorkEvaluationDocument::class;
+        return AccompanyingPeriodWork::class;
     }
 
     protected function attributeToRole(StoredObjectRoleEnum $attribute): string
     {
-        //Question: there is no update/edit check in AccompanyingPeriodWorkEvaluationDocumentVoter, so for both SEE and EDIT of the
-        // stored object I check with SEE right in AccompanyingPeriodWorkEvaluationDocumentVoter, correct?
         return match ($attribute) {
-            StoredObjectRoleEnum::SEE, StoredObjectRoleEnum::EDIT => AccompanyingPeriodWorkEvaluationDocumentVoter::SEE,
+            StoredObjectRoleEnum::SEE => AccompanyingPeriodWorkVoter::SEE,
+            StoredObjectRoleEnum::EDIT => AccompanyingPeriodWorkVoter::UPDATE,
         };
     }
 

src/Bundle/ChillPersonBundle/Repository/AccompanyingPeriod/AccompanyingPeriodWorkEvaluationDocumentRepository.php

@@ -18,7 +18,7 @@ use Doctrine\ORM\EntityManagerInterface;
 use Doctrine\ORM\EntityRepository;
 use Doctrine\Persistence\ObjectRepository;
 
-class AccompanyingPeriodWorkEvaluationDocumentRepository implements ObjectRepository, AssociatedEntityToStoredObjectInterface
+class AccompanyingPeriodWorkEvaluationDocumentRepository implements ObjectRepository
 {
     private readonly EntityRepository $repository;
 
@@ -61,13 +61,4 @@ class AccompanyingPeriodWorkEvaluationDocumentRepository implements ObjectReposi
         return AccompanyingPeriodWorkEvaluationDocument::class;
     }
 
-    public function findAssociatedEntityToStoredObject(StoredObject $storedObject): ?object
-    {
-        $qb = $this->repository->createQueryBuilder('ed');
-        $query = $qb->where('ed.storedObject = :storedObject')
-            ->setParameter('storedObject', $storedObject)
-            ->getQuery();
-
-        return $query->getResult();
-    }
 }

src/Bundle/ChillPersonBundle/Repository/AccompanyingPeriod/AccompanyingPeriodWorkRepository.php

@@ -11,6 +11,8 @@ declare(strict_types=1);
 
 namespace Chill\PersonBundle\Repository\AccompanyingPeriod;
 
+use Chill\DocStoreBundle\Entity\StoredObject;
+use Chill\DocStoreBundle\Repository\AssociatedEntityToStoredObjectInterface;
 use Chill\MainBundle\Entity\User;
 use Chill\PersonBundle\Entity\AccompanyingPeriod;
 use Chill\PersonBundle\Entity\AccompanyingPeriod\AccompanyingPeriodWork;
@@ -22,7 +24,7 @@ use Doctrine\ORM\Query\ResultSetMappingBuilder;
 use Doctrine\ORM\QueryBuilder;
 use Doctrine\Persistence\ObjectRepository;
 
-final readonly class AccompanyingPeriodWorkRepository implements ObjectRepository
+final readonly class AccompanyingPeriodWorkRepository implements ObjectRepository, AssociatedEntityToStoredObjectInterface
 {
     private EntityRepository $repository;
 
@@ -251,4 +253,17 @@ final readonly class AccompanyingPeriodWorkRepository implements ObjectRepositor
 
         return $qb;
     }
+
+    public function findAssociatedEntityToStoredObject(StoredObject $storedObject): ?AccompanyingPeriodWork
+    {
+        $qb = $this->repository->createQueryBuilder('acpw');
+        $query = $qb
+            ->join('acpw.evaluations', 'acpwe')
+            ->join('acpwe.documents', 'acpwed')
+            ->where('acpwed.storedObject = :storedObject')
+            ->setParameter('storedObject', $storedObject)
+            ->getQuery();
+
+        return $query->getResult();
+    }
 }