mirror of
https://gitlab.com/Chill-Projet/chill-bundles.git
synced 2025-09-29 18:14:59 +00:00
Restrict export filters and aggregators for limited users
Added restrictions on export filters and aggregators based on user permissions. Introduced `ExportConfigProcessor` to handle allowed configurations and updated form components to respect these restrictions. Enhanced validation to enforce access control for unauthorized filter editing.
This commit is contained in:
@@ -16,6 +16,7 @@ use Chill\MainBundle\Entity\SavedExport;
|
||||
use Chill\MainBundle\Entity\User;
|
||||
use Chill\MainBundle\Export\DirectExportInterface;
|
||||
use Chill\MainBundle\Export\ExportConfigNormalizer;
|
||||
use Chill\MainBundle\Export\ExportConfigProcessor;
|
||||
use Chill\MainBundle\Export\ExportFormHelper;
|
||||
use Chill\MainBundle\Export\ExportInterface;
|
||||
use Chill\MainBundle\Export\ExportManager;
|
||||
@@ -24,6 +25,7 @@ use Chill\MainBundle\Form\Type\Export\ExportType;
|
||||
use Chill\MainBundle\Form\Type\Export\FormatterType;
|
||||
use Chill\MainBundle\Form\Type\Export\PickCenterType;
|
||||
use Chill\MainBundle\Repository\SavedExportOrExportGenerationRepository;
|
||||
use Chill\MainBundle\Security\Authorization\ChillExportVoter;
|
||||
use Chill\MainBundle\Security\Authorization\SavedExportVoter;
|
||||
use Doctrine\Common\Collections\Collection;
|
||||
use Doctrine\ORM\EntityManagerInterface;
|
||||
@@ -64,6 +66,7 @@ class ExportController extends AbstractController
|
||||
private readonly ClockInterface $clock,
|
||||
private readonly ExportConfigNormalizer $exportConfigNormalizer,
|
||||
private readonly SavedExportOrExportGenerationRepository $savedExportOrExportGenerationRepository,
|
||||
private readonly ExportConfigProcessor $exportConfigProcessor,
|
||||
) {
|
||||
$this->filterStatsByCenters = $parameterBag->get('chill_main')['acl']['filter_stats_by_center'];
|
||||
}
|
||||
@@ -114,11 +117,19 @@ class ExportController extends AbstractController
|
||||
/** @var ExportManager $exportManager */
|
||||
$exportManager = $this->exportManager;
|
||||
$isGenerate = str_starts_with($step, 'generate_');
|
||||
$canEditFull = $this->security->isGranted(ChillExportVoter::COMPOSE_EXPORT);
|
||||
|
||||
if (!$canEditFull && null === $savedExport) {
|
||||
throw new AccessDeniedHttpException('The user is not allowed to edit all filter, it should edit only SavedExport');
|
||||
}
|
||||
|
||||
$options = match ($step) {
|
||||
'export', 'generate_export' => [
|
||||
'export_alias' => $alias,
|
||||
'picked_centers' => $this->exportFormHelper->getPickedCenters($data),
|
||||
'can_edit_full' => $canEditFull,
|
||||
'allowed_filters' => $canEditFull ? null : $this->exportConfigProcessor->retrieveUsedFilters($savedExport->getOptions()['filters']),
|
||||
'allowed_aggregators' => $canEditFull ? null : $this->exportConfigProcessor->retrieveUsedAggregators($savedExport->getOptions()['aggregators']),
|
||||
],
|
||||
'formatter', 'generate_formatter' => [
|
||||
'export_alias' => $alias,
|
||||
|
||||
Reference in New Issue
Block a user