apply new role on accompanying period

2025-08-21 07:03:49 +00:00 · 2021-09-17 13:57:45 +02:00
parent cf40f38463
commit 74598ee926
19 changed files with 281 additions and 195 deletions
--- a/src/Bundle/ChillPersonBundle/DependencyInjection/ChillPersonExtension.php
+++ b/src/Bundle/ChillPersonBundle/DependencyInjection/ChillPersonExtension.php
@@ -18,6 +18,7 @@

 namespace Chill\PersonBundle\DependencyInjection;

+use Chill\PersonBundle\Security\Authorization\AccompanyingPeriodVoter;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\Config\FileLocator;
 use Symfony\Component\HttpKernel\DependencyInjection\Extension;
@@ -258,14 +259,26 @@ class ChillPersonExtension extends Extension implements PrependExtensionInterfac
     */
    protected function prependRoleHierarchy(ContainerBuilder $container)
    {
-        $container->prependExtensionConfig('security', array(
-           'role_hierarchy' => array(
-              'CHILL_PERSON_UPDATE' => array('CHILL_PERSON_SEE'),
-              'CHILL_PERSON_CREATE' => array('CHILL_PERSON_SEE'),
-              PersonVoter::LISTS => [ ChillExportVoter::EXPORT ],
-              PersonVoter::STATS => [ ChillExportVoter::EXPORT ]
-           )
-        ));
+        $container->prependExtensionConfig('security', [
+            'role_hierarchy' => [
+                PersonVoter::UPDATE => [PersonVoter::SEE],
+                PersonVoter::CREATE => [PersonVoter::SEE],
+                PersonVoter::LISTS => [ChillExportVoter::EXPORT],
+                PersonVoter::STATS => [ChillExportVoter::EXPORT],
+                // accompanying period
+                AccompanyingPeriodVoter::SEE_DETAILS => [AccompanyingPeriodVoter::SEE],
+                AccompanyingPeriodVoter::CREATE => [AccompanyingPeriodVoter::SEE_DETAILS],
+                AccompanyingPeriodVoter::DELETE => [AccompanyingPeriodVoter::SEE_DETAILS],
+                AccompanyingPeriodVoter::EDIT => [AccompanyingPeriodVoter::SEE_DETAILS],
+                // give all ACL for FULL
+                AccompanyingPeriodVoter::FULL => [
+                    AccompanyingPeriodVoter::SEE_DETAILS,
+                    AccompanyingPeriodVoter::CREATE,
+                    AccompanyingPeriodVoter::EDIT,
+                    AccompanyingPeriodVoter::DELETE
+                ]
+            ]
+        ]);
    }

    /**