From 551486b5eaae9b57aa1313c2203f4d2acf0493c5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julien=20Fastr=C3=A9?= Date: Wed, 24 Nov 2021 15:55:45 +0000 Subject: [PATCH] List for accompanying course for a person: filter using acl --- CHANGELOG.md | 1 + .../Controller/AccompanyingPeriodController.php | 7 ++++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8805ed944..c98d7db27 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,6 +16,7 @@ and this project adheres to * [thirdparty] link from modal to thirdparty detail page fixed (https://gitlab.com/champs-libres/departement-de-la-vendee/accent-suivi-developpement/-/issues/228) * [activity] remove the "plus" button in activity list * [activity] check ACL on activity list in person context +* [list for accompanying course in person] filter list using ACL ## Test releases diff --git a/src/Bundle/ChillPersonBundle/Controller/AccompanyingPeriodController.php b/src/Bundle/ChillPersonBundle/Controller/AccompanyingPeriodController.php index 893dda03c..55b18381e 100644 --- a/src/Bundle/ChillPersonBundle/Controller/AccompanyingPeriodController.php +++ b/src/Bundle/ChillPersonBundle/Controller/AccompanyingPeriodController.php @@ -213,9 +213,14 @@ class AccompanyingPeriodController extends AbstractController ]); $this->eventDispatcher->dispatch(PrivacyEvent::PERSON_PRIVACY_EVENT, $event); - $accompanyingPeriods = $this->accompanyingPeriodACLAwareRepository + $accompanyingPeriodsRaw = $this->accompanyingPeriodACLAwareRepository ->findByPerson($person, AccompanyingPeriodVoter::SEE); + // filter visible or not visible + $accompanyingPeriods = array_filter($accompanyingPeriodsRaw, function (AccompanyingPeriod $ap) { + return $this->isGranted(AccompanyingPeriodVoter::SEE, $ap); + }); + return $this->render('@ChillPerson/AccompanyingPeriod/list.html.twig', [ 'accompanying_periods' => $accompanyingPeriods, 'person' => $person,