From 09503768f56f9e014fc94b232b154bc838e9996b Mon Sep 17 00:00:00 2001 From: Julie Lenaerts Date: Mon, 25 Apr 2022 10:28:51 +0200 Subject: [PATCH 1/6] unpin comment is possible + delete and edit by all users that can edit period --- .../AccompanyingCourseCommentController.php | 22 +++++++++++++++++-- .../Comment/index.html.twig | 15 +++++++++++-- .../translations/messages.fr.yml | 2 ++ 3 files changed, 35 insertions(+), 4 deletions(-) diff --git a/src/Bundle/ChillPersonBundle/Controller/AccompanyingCourseCommentController.php b/src/Bundle/ChillPersonBundle/Controller/AccompanyingCourseCommentController.php index be6bcab07..3a77434d2 100644 --- a/src/Bundle/ChillPersonBundle/Controller/AccompanyingCourseCommentController.php +++ b/src/Bundle/ChillPersonBundle/Controller/AccompanyingCourseCommentController.php @@ -84,7 +84,7 @@ class AccompanyingCourseCommentController extends AbstractController } if (isset($commentEdited)) { - $this->denyAccessUnlessGranted(AccompanyingPeriodCommentVoter::EDIT, $commentEdited); + $this->denyAccessUnlessGranted(AccompanyingPeriodVoter::EDIT, $commentEdited->getAccompanyingPeriod()); } else { throw new LogicException('at this step, commentEdited should be set'); } @@ -135,7 +135,7 @@ class AccompanyingCourseCommentController extends AbstractController */ public function deleteAction(AccompanyingPeriod\Comment $comment, Request $request): Response { - $this->denyAccessUnlessGranted(AccompanyingPeriodCommentVoter::DELETE, $comment); + $this->denyAccessUnlessGranted(AccompanyingPeriodVoter::EDIT, $comment->getAccompanyingPeriod()); $form = $this->createForm(FormType::class, []); $form->add('submit', SubmitType::class, ['label' => 'Confirm']); @@ -186,6 +186,24 @@ class AccompanyingCourseCommentController extends AbstractController ]); } + /** + * @Route("/{_locale}/parcours/comment/{id}/unpin", name="chill_person_accompanying_period_comment_unpin") + */ + public function unpinComment(AccompanyingPeriod\Comment $comment): Response + { + $this->denyAccessUnlessGranted(AccompanyingPeriodVoter::EDIT, $comment->getAccompanyingPeriod()); + + $comment->getAccompanyingPeriod()->setPinnedComment(null); + + $this->getDoctrine()->getManager()->flush(); + + $this->addFlash('success', $this->translator->trans('accompanying_course.comment is unpinned')); + + return $this->redirectToRoute('chill_person_accompanying_period_comment_list', [ + 'accompanying_period_id' => $comment->getAccompanyingPeriod()->getId(), + ]); + } + private function createCommentForm(AccompanyingPeriod\Comment $comment, string $step): FormInterface { return $this->formFactory->createNamed($step, AccompanyingCourseCommentType::class, $comment); diff --git a/src/Bundle/ChillPersonBundle/Resources/views/AccompanyingCourse/Comment/index.html.twig b/src/Bundle/ChillPersonBundle/Resources/views/AccompanyingCourse/Comment/index.html.twig index d5ece68a9..47238fa9d 100644 --- a/src/Bundle/ChillPersonBundle/Resources/views/AccompanyingCourse/Comment/index.html.twig +++ b/src/Bundle/ChillPersonBundle/Resources/views/AccompanyingCourse/Comment/index.html.twig @@ -8,6 +8,17 @@ {% macro recordAction(comment, isPinned) %} {% if isPinned is defined and isPinned == true %} +
  • +
    + +
    +
    • {% else %}
  • @@ -17,7 +28,7 @@
    • {% endif %} - {% if is_granted('CHILL_PERSON_ACCOMPANYING_PERIOD_COMMENT_EDIT', comment) %} + {% if is_granted('CHILL_PERSON_ACCOMPANYING_PERIOD_UPDATE', comment.accompanyingPeriod) %}
    • {% endif %} - {% if is_granted('CHILL_PERSON_ACCOMPANYING_PERIOD_COMMENT_DELETE', comment) %} + {% if is_granted('CHILL_PERSON_ACCOMPANYING_PERIOD_UPDATE', comment.accompanyingPeriod) %}
    • diff --git a/src/Bundle/ChillPersonBundle/translations/messages.fr.yml b/src/Bundle/ChillPersonBundle/translations/messages.fr.yml index 2a4077e1c..985804f6c 100644 --- a/src/Bundle/ChillPersonBundle/translations/messages.fr.yml +++ b/src/Bundle/ChillPersonBundle/translations/messages.fr.yml @@ -465,12 +465,14 @@ fix it: Compléter accompanying_course: administrative_location: Localisation administrative comment is pinned: Le commentaire est épinglé + comment is unpinned: Le commentaire est désépinglé # Accompanying Course comments Accompanying Course Comment: Commentaire Accompanying Course Comment list: Commentaires du parcours pinned: épinglé Pin comment: Épingler +Unpin comment: Désépingler Post a new comment: Poster un nouveau commentaire Write a new comment: Écrire un nouveau commentaire Edit a comment: Modifier le commentaire From 79e46c7fe801e058cf0e49c5851ea794ec9b3468 Mon Sep 17 00:00:00 2001 From: Julie Lenaerts Date: Mon, 25 Apr 2022 10:30:44 +0200 Subject: [PATCH 2/6] changelog updated --- CHANGELOG.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index f7c1c3d1f..b99d776ad 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -24,7 +24,8 @@ and this project adheres to * [Accompanying period work evaluations] list documents associated to a work by creation date, and then by id, from the most recent to older * [Course comment] add validationConstraint NotNull and NotBlank on comment content, to avoid sql error * [Notifications] delay the sending of notificaiton to kernel.terminate -* [Notifications / Period user change] fix the sending of notification when user changes +* [Notifications / Period user change] fix the sending of notification when user changes +* [parcours]: Comments can be unpinned + edit/delete for all users that are allowed to edit parcours (https://gitlab.com/champs-libres/departement-de-la-vendee/chill/-/issues/566) ## Test releases From f5efb07e3cbd559344f968833aa4e2884e5d690c Mon Sep 17 00:00:00 2001 From: Julie Lenaerts Date: Mon, 25 Apr 2022 10:32:02 +0200 Subject: [PATCH 3/6] csfixes --- .../Controller/AccompanyingCourseCommentController.php | 1 - 1 file changed, 1 deletion(-) diff --git a/src/Bundle/ChillPersonBundle/Controller/AccompanyingCourseCommentController.php b/src/Bundle/ChillPersonBundle/Controller/AccompanyingCourseCommentController.php index 3a77434d2..06bfe95ff 100644 --- a/src/Bundle/ChillPersonBundle/Controller/AccompanyingCourseCommentController.php +++ b/src/Bundle/ChillPersonBundle/Controller/AccompanyingCourseCommentController.php @@ -13,7 +13,6 @@ namespace Chill\PersonBundle\Controller; use Chill\PersonBundle\Entity\AccompanyingPeriod; use Chill\PersonBundle\Form\AccompanyingCourseCommentType; -use Chill\PersonBundle\Security\Authorization\AccompanyingPeriodCommentVoter; use Chill\PersonBundle\Security\Authorization\AccompanyingPeriodVoter; use Doctrine\ORM\EntityManagerInterface; use LogicException; From 51d1e5422b1a027d19f4000ab5ac4b203bc298fe Mon Sep 17 00:00:00 2001 From: Julie Lenaerts Date: Tue, 26 Apr 2022 10:27:45 +0200 Subject: [PATCH 4/6] remove unnecessary code --- src/Bundle/ChillPersonBundle/Entity/AccompanyingPeriod.php | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/Bundle/ChillPersonBundle/Entity/AccompanyingPeriod.php b/src/Bundle/ChillPersonBundle/Entity/AccompanyingPeriod.php index 7615e59fe..20156e4c4 100644 --- a/src/Bundle/ChillPersonBundle/Entity/AccompanyingPeriod.php +++ b/src/Bundle/ChillPersonBundle/Entity/AccompanyingPeriod.php @@ -1258,9 +1258,6 @@ class AccompanyingPeriod implements */ public function setPinnedComment(?Comment $comment = null): self { - if (null !== $this->pinnedComment) { - $this->removeComment($this->pinnedComment); - } if (null !== $this->pinnedComment) { $this->addComment($this->pinnedComment); From 2684345981cd2b3a724767bc804184b132f9b984 Mon Sep 17 00:00:00 2001 From: Julie Lenaerts Date: Tue, 26 Apr 2022 11:34:49 +0200 Subject: [PATCH 5/6] voter updates --- .../AccompanyingCourseCommentController.php | 5 +++-- .../Authorization/AccompanyingPeriodCommentVoter.php | 12 ++++++++++-- 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/src/Bundle/ChillPersonBundle/Controller/AccompanyingCourseCommentController.php b/src/Bundle/ChillPersonBundle/Controller/AccompanyingCourseCommentController.php index 06bfe95ff..09af4a3cf 100644 --- a/src/Bundle/ChillPersonBundle/Controller/AccompanyingCourseCommentController.php +++ b/src/Bundle/ChillPersonBundle/Controller/AccompanyingCourseCommentController.php @@ -13,6 +13,7 @@ namespace Chill\PersonBundle\Controller; use Chill\PersonBundle\Entity\AccompanyingPeriod; use Chill\PersonBundle\Form\AccompanyingCourseCommentType; +use Chill\PersonBundle\Security\Authorization\AccompanyingPeriodCommentVoter; use Chill\PersonBundle\Security\Authorization\AccompanyingPeriodVoter; use Doctrine\ORM\EntityManagerInterface; use LogicException; @@ -83,7 +84,7 @@ class AccompanyingCourseCommentController extends AbstractController } if (isset($commentEdited)) { - $this->denyAccessUnlessGranted(AccompanyingPeriodVoter::EDIT, $commentEdited->getAccompanyingPeriod()); + $this->denyAccessUnlessGranted(AccompanyingPeriodCommentVoter::EDIT, $commentEdited); } else { throw new LogicException('at this step, commentEdited should be set'); } @@ -134,7 +135,7 @@ class AccompanyingCourseCommentController extends AbstractController */ public function deleteAction(AccompanyingPeriod\Comment $comment, Request $request): Response { - $this->denyAccessUnlessGranted(AccompanyingPeriodVoter::EDIT, $comment->getAccompanyingPeriod()); + $this->denyAccessUnlessGranted(AccompanyingPeriodCommentVoter::DELETE, $comment); $form = $this->createForm(FormType::class, []); $form->add('submit', SubmitType::class, ['label' => 'Confirm']); diff --git a/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodCommentVoter.php b/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodCommentVoter.php index 37a6ec6ac..64fdbb796 100644 --- a/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodCommentVoter.php +++ b/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodCommentVoter.php @@ -14,6 +14,7 @@ namespace Chill\PersonBundle\Security\Authorization; use Chill\PersonBundle\Entity\AccompanyingPeriod\Comment; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Authorization\Voter\Voter; +use Symfony\Component\Security\Core\Security; use UnexpectedValueException; class AccompanyingPeriodCommentVoter extends Voter @@ -22,6 +23,13 @@ class AccompanyingPeriodCommentVoter extends Voter public const EDIT = 'CHILL_PERSON_ACCOMPANYING_PERIOD_COMMENT_EDIT'; + private Security $security; + + public function __construct(Security $security) + { + $this->security = $security; + } + protected function supports($attribute, $subject) { return $subject instanceof Comment; @@ -32,9 +40,9 @@ class AccompanyingPeriodCommentVoter extends Voter /** @var Comment $subject */ switch ($attribute) { case self::EDIT: + return $this->security->isGranted(AccompanyingPeriodVoter::EDIT, $subject->getAccompanyingPeriod()); case self::DELETE: - return $subject->getCreator() === $token->getUser(); - + return $this->security->isGranted(AccompanyingPeriodVoter::EDIT, $subject->getAccompanyingPeriod()); default: throw new UnexpectedValueException("This attribute {$attribute} is not supported"); } From 9244040d7b5f462ab7e9d31d9bc8b27e4e284d57 Mon Sep 17 00:00:00 2001 From: Julie Lenaerts Date: Wed, 27 Apr 2022 14:51:37 +0200 Subject: [PATCH 6/6] csfixes --- src/Bundle/ChillPersonBundle/Entity/AccompanyingPeriod.php | 1 - .../Security/Authorization/AccompanyingPeriodCommentVoter.php | 2 ++ 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/Bundle/ChillPersonBundle/Entity/AccompanyingPeriod.php b/src/Bundle/ChillPersonBundle/Entity/AccompanyingPeriod.php index 20156e4c4..8495afa89 100644 --- a/src/Bundle/ChillPersonBundle/Entity/AccompanyingPeriod.php +++ b/src/Bundle/ChillPersonBundle/Entity/AccompanyingPeriod.php @@ -1258,7 +1258,6 @@ class AccompanyingPeriod implements */ public function setPinnedComment(?Comment $comment = null): self { - if (null !== $this->pinnedComment) { $this->addComment($this->pinnedComment); } diff --git a/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodCommentVoter.php b/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodCommentVoter.php index 64fdbb796..6e326b990 100644 --- a/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodCommentVoter.php +++ b/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodCommentVoter.php @@ -41,8 +41,10 @@ class AccompanyingPeriodCommentVoter extends Voter switch ($attribute) { case self::EDIT: return $this->security->isGranted(AccompanyingPeriodVoter::EDIT, $subject->getAccompanyingPeriod()); + case self::DELETE: return $this->security->isGranted(AccompanyingPeriodVoter::EDIT, $subject->getAccompanyingPeriod()); + default: throw new UnexpectedValueException("This attribute {$attribute} is not supported"); }