Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-09-03 05:23:49 +00:00
Code Issues Actions Projects Releases Wiki Activity

cs: Fix code style (safe rules only).

Browse Source
This commit is contained in:
Pol Dellaiera
2021-11-23 14:06:38 +01:00
parent 149d7ce991
commit 8f96a1121d
1223 changed files with 65199 additions and 64625 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
src/Bundle/ChillMainBundle/Security/Authorization/AbstractChillVoter.php
View File

@@ -1,12 +1,20 @@
<?php
/**
* Chill is a software for social workers
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
declare(strict_types=1);
namespace Chill\MainBundle\Security\Authorization;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use function get_class;
use function in_array;
/**
* Voter for Chill software.
@@ -17,15 +25,17 @@ abstract class AbstractChillVoter extends Voter implements ChillVoterInterface
{
protected function supports($attribute, $subject)
{
@trigger_error('This voter should implements the new `supports` '
@trigger_error(
'This voter should implements the new `supports` '
. 'methods introduced by Symfony 3.0, and do not rely on '
. 'getSupportedAttributes and getSupportedClasses methods.',
E_USER_DEPRECATED);
E_USER_DEPRECATED
);
// @TODO: getSupportedAttributes() should be created in here and made abstract or in ChillVoterInterface.
// @TODO: getSupportedClasses() should be created in here and made abstract or in ChillVoterInterface.
return \in_array($attribute, $this->getSupportedAttributes($attribute))
&& \in_array(\get_class($subject), $this->getSupportedClasses());
return in_array($attribute, $this->getSupportedAttributes($attribute))
&& in_array(get_class($subject), $this->getSupportedClasses());
}
protected function voteOnAttribute($attribute, $subject, TokenInterface $token)

412
src/Bundle/ChillMainBundle/Security/Authorization/AuthorizationHelper.php
View File

@@ -1,19 +1,29 @@
<?php
/**
* Chill is a software for social workers
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
declare(strict_types=1);
namespace Chill\MainBundle\Security\Authorization;
use Chill\MainBundle\Entity\User;
use Chill\MainBundle\Entity\Center;
use Chill\MainBundle\Entity\Scope;
use Chill\MainBundle\Entity\User;
use Chill\MainBundle\Repository\UserACLAwareRepositoryInterface;
use Chill\MainBundle\Security\ParentRoleHelper;
use Chill\MainBundle\Security\Resolver\CenterResolverDispatcherInterface;
use Chill\MainBundle\Security\Resolver\ScopeResolverDispatcher;
use Psr\Log\LoggerInterface;
use Symfony\Component\Security\Core\Role\Role;
use Chill\MainBundle\Entity\Scope;
use Symfony\Component\Security\Core\User\UserInterface;
use Traversable;
use UnexpectedValueException;
use function array_merge;
/**
* Helper for authorizations.
@@ -24,14 +34,14 @@ class AuthorizationHelper implements AuthorizationHelperInterface
{
private CenterResolverDispatcherInterface $centerResolverDispatcher;
private ScopeResolverDispatcher $scopeResolverDispatcher;
private LoggerInterface $logger;
private UserACLAwareRepositoryInterface $userACLAwareRepository;
private ParentRoleHelper $parentRoleHelper;
private ScopeResolverDispatcher $scopeResolverDispatcher;
private UserACLAwareRepositoryInterface $userACLAwareRepository;
public function __construct(
CenterResolverDispatcherInterface $centerResolverDispatcher,
LoggerInterface $logger,
@@ -47,168 +57,11 @@ class AuthorizationHelper implements AuthorizationHelperInterface
}
/**
* Determines if a user is active on this center
*
* @param Center|Center[] $center May be an array of center
*/
public function userCanReachCenter(User $user, $center): bool
{
if ($center instanceof \Traversable) {
foreach ($center as $c) {
if ($c->userCanReachCenter($user, $c)) {
return true;
}
}
return false;
}
if ($center instanceof Center) {
foreach ($user->getGroupCenters() as $groupCenter) {
if ($center->getId() === $groupCenter->getCenter()->getId()) {
return true;
}
}
return false;
}
throw new \UnexpectedValueException(
sprintf(
'The entity given is not an instance of %s, %s given',
Center::class,
get_class($center)
)
);
}
/**
* Determines if the user has access to the given entity.
*
* if the entity implements Chill\MainBundle\Entity\HasScopeInterface,
* the scope is taken into account.
*
* @param User $user
* @param mixed $entity the entity may also implement HasScopeInterface
* @param string|Role $attribute
* @return boolean true if the user has access
*/
public function userHasAccess(User $user, $entity, $attribute)
{
$center = $this->centerResolverDispatcher->resolveCenter($entity);
if (is_iterable($center)) {
foreach ($center as $c) {
if ($this->userHasAccessForCenter($user, $c, $entity, $attribute)) {
return true;
}
}
return false;
} elseif ($center instanceof Center) {
return $this->userHasAccessForCenter($user, $center, $entity, $attribute);
} elseif (NULL === $center) {
return false;
} else {
throw new \UnexpectedValueException("could not resolver a center");
}
}
private function userHasAccessForCenter(User $user, Center $center, $entity, $attribute): bool
{
if (!$this->userCanReachCenter($user, $center)) {
$this->logger->debug("user cannot reach center of entity", [
'center_name' => $center->getName(),
'user' => $user->getUsername()
]);
return false;
}
foreach ($user->getGroupCenters() as $groupCenter){
//filter on center
if ($groupCenter->getCenter() === $center) {
$permissionGroup = $groupCenter->getPermissionsGroup();
//iterate on roleScopes
foreach($permissionGroup->getRoleScopes() as $roleScope) {
//check that the role allow to reach the required role
if ($this->isRoleReached($attribute, $roleScope->getRole())) {
//if yes, we have a right on something...
// perform check on scope if necessary
if ($this->scopeResolverDispatcher->isConcerned($entity)) {
$scope = $this->scopeResolverDispatcher->resolveScope($entity);
if (NULL === $scope) {
return true;
}
if (is_iterable($scope)) {
foreach ($scope as $s) {
if ($s === $roleScope->getScope()) {
return true;
}
}
} else {
if ($scope === $roleScope->getScope()) {
return true;
}
}
} else {
return true;
}
}
}
}
}
$this->logger->debug("user can reach center entity, but not role", [
'username' => $user->getUsername(),
'center' => $center->getName()
]);
return false;
}
/**
* Get reachable Centers for the given user, role,
* and optionally Scope
*
* @return Center[]|array
*/
public function getReachableCenters(UserInterface $user, string $role, ?Scope $scope = null): array
{
if ($role instanceof Role) {
$role = $role->getRole();
}
$centers = array();
foreach ($user->getGroupCenters() as $groupCenter){
$permissionGroup = $groupCenter->getPermissionsGroup();
//iterate on roleScopes
foreach($permissionGroup->getRoleScopes() as $roleScope) {
//check that the role is in the reachable roles
if ($this->isRoleReached($role, $roleScope->getRole())) {
if ($scope === null) {
$centers[] = $groupCenter->getCenter();
break 1;
}
if ($scope->getId() == $roleScope->getScope()->getId()){
$centers[] = $groupCenter->getCenter();
break 1;
}
}
}
}
return $centers;
}
/**
* Filter an array of centers, return only center which are reachable
* Filter an array of centers, return only center which are reachable.
*
* @param User $user The user
* @param array $centers a list of centers which are going to be filtered
* @param string|Center $role
* @param Center|string $role
*/
public function filterReachableCenters(User $user, array $centers, $role): array
{
@@ -228,27 +81,75 @@ class AuthorizationHelper implements AuthorizationHelperInterface
}
/**
* Return all reachable scope for a given user, center and role
* @deprecated use UserACLAwareRepositoryInterface::findUsersByReachedACL instead
*
* @deprecated Use getReachableCircles
* @param array|Center|Center[] $center
* @param array|Scope|Scope[]|null $scope
*
* @param Center|Center[] $center
* @return Scope[]|array
* @return User[]
*/
public function getReachableScopes(UserInterface $user, string $role, $center): array
public function findUsersReaching(string $role, $center, $scope = null, bool $onlyEnabled = true): array
{
return $this->userACLAwareRepository
->findUsersByReachedACL($role, $center, $scope, $onlyEnabled);
}
/**
* Return all the role which give access to the given role. Only the role
* which are registered into Chill are taken into account.
*
* @return string[] the role which give access to the given $role
*/
public function getParentRoles(string $role): array
{
trigger_deprecation('Chill\MainBundle', '2.0', 'use ParentRoleHelper::getParentRoles instead');
return $this->parentRoleHelper->getParentRoles($role);
}
/**
* Get reachable Centers for the given user, role,
* and optionally Scope.
*
* @return array|Center[]
*/
public function getReachableCenters(UserInterface $user, string $role, ?Scope $scope = null): array
{
if ($role instanceof Role) {
$role = $role->getRole();
}
$centers = [];
return $this->getReachableCircles($user, $role, $center);
foreach ($user->getGroupCenters() as $groupCenter) {
$permissionGroup = $groupCenter->getPermissionsGroup();
//iterate on roleScopes
foreach ($permissionGroup->getRoleScopes() as $roleScope) {
//check that the role is in the reachable roles
if ($this->isRoleReached($role, $roleScope->getRole())) {
if (null === $scope) {
$centers[] = $groupCenter->getCenter();
break;
}
if ($scope->getId() == $roleScope->getScope()->getId()) {
$centers[] = $groupCenter->getCenter();
break;
}
}
}
}
return $centers;
}
/**
* Return all reachable circle for a given user, center and role
* Return all reachable circle for a given user, center and role.
*
* @param string|Role $role
* @param Role|string $role
* @param Center|Center[] $center
*
* @return Scope[]
*/
public function getReachableCircles(UserInterface $user, $role, $center)
@@ -257,7 +158,7 @@ class AuthorizationHelper implements AuthorizationHelperInterface
if (is_iterable($center)) {
foreach ($center as $c) {
$scopes = \array_merge($scopes, $this->getReachableCircles($user, $role, $c));
$scopes = array_merge($scopes, $this->getReachableCircles($user, $role, $c));
}
return $scopes;
@@ -267,12 +168,12 @@ class AuthorizationHelper implements AuthorizationHelperInterface
$role = $role->getRole();
}
foreach ($user->getGroupCenters() as $groupCenter){
foreach ($user->getGroupCenters() as $groupCenter) {
if ($center->getId() === $groupCenter->getCenter()->getId()) {
//iterate on permissionGroup
$permissionGroup = $groupCenter->getPermissionsGroup();
//iterate on roleScopes
foreach($permissionGroup->getRoleScopes() as $roleScope) {
foreach ($permissionGroup->getRoleScopes() as $roleScope) {
//check that the role is in the reachable roles
if ($this->isRoleReached($role, $roleScope->getRole())) {
$scopes[] = $roleScope->getScope();
@@ -285,41 +186,160 @@ class AuthorizationHelper implements AuthorizationHelperInterface
}
/**
* Return all reachable scope for a given user, center and role.
*
* @deprecated use UserACLAwareRepositoryInterface::findUsersByReachedACL instead
* @param Center|Center[]|array $center
* @param Scope|Scope[]|array|null $scope
* @param bool $onlyActive true if get only active users
* @return User[]
* @deprecated Use getReachableCircles
*
* @param Center|Center[] $center
*
* @return array|Scope[]
*/
public function findUsersReaching(string $role, $center, $scope = null, bool $onlyEnabled = true): array
public function getReachableScopes(UserInterface $user, string $role, $center): array
{
return $this->userACLAwareRepository
->findUsersByReachedACL($role, $center, $scope, $onlyEnabled);
if ($role instanceof Role) {
$role = $role->getRole();
}
return $this->getReachableCircles($user, $role, $center);
}
/**
* Test if a parent role may give access to a given child role
* Determines if a user is active on this center.
*
* @param Center|Center[] $center May be an array of center
*/
public function userCanReachCenter(User $user, $center): bool
{
if ($center instanceof Traversable) {
foreach ($center as $c) {
if ($c->userCanReachCenter($user, $c)) {
return true;
}
}
return false;
}
if ($center instanceof Center) {
foreach ($user->getGroupCenters() as $groupCenter) {
if ($center->getId() === $groupCenter->getCenter()->getId()) {
return true;
}
}
return false;
}
throw new UnexpectedValueException(
sprintf(
'The entity given is not an instance of %s, %s given',
Center::class,
get_class($center)
)
);
}
/**
* Determines if the user has access to the given entity.
*
* if the entity implements Chill\MainBundle\Entity\HasScopeInterface,
* the scope is taken into account.
*
* @param mixed $entity the entity may also implement HasScopeInterface
* @param Role|string $attribute
*
* @return bool true if the user has access
*/
public function userHasAccess(User $user, $entity, $attribute)
{
$center = $this->centerResolverDispatcher->resolveCenter($entity);
if (is_iterable($center)) {
foreach ($center as $c) {
if ($this->userHasAccessForCenter($user, $c, $entity, $attribute)) {
return true;
}
}
return false;
}
if ($center instanceof Center) {
return $this->userHasAccessForCenter($user, $center, $entity, $attribute);
}
if (null === $center) {
return false;
}
throw new UnexpectedValueException('could not resolver a center');
}
/**
* Test if a parent role may give access to a given child role.
*
* @param string $childRole The role we want to test if he is reachable
* @param string $parentRole The role which should give access to $childRole
* @return boolean true if the child role is granted by parent role
*
* @return bool true if the child role is granted by parent role
*/
private function isRoleReached(string $childRole, string $parentRole)
{
return $this->parentRoleHelper->isRoleReached($childRole, $parentRole);
}
/**
* Return all the role which give access to the given role. Only the role
* which are registered into Chill are taken into account.
*
* @param string $role
* @return string[] the role which give access to the given $role
*/
public function getParentRoles(string $role): array
private function userHasAccessForCenter(User $user, Center $center, $entity, $attribute): bool
{
trigger_deprecation('Chill\MainBundle', '2.0', 'use ParentRoleHelper::getParentRoles instead');
return $this->parentRoleHelper->getParentRoles($role);
if (!$this->userCanReachCenter($user, $center)) {
$this->logger->debug('user cannot reach center of entity', [
'center_name' => $center->getName(),
'user' => $user->getUsername(),
]);
return false;
}
foreach ($user->getGroupCenters() as $groupCenter) {
//filter on center
if ($groupCenter->getCenter() === $center) {
$permissionGroup = $groupCenter->getPermissionsGroup();
//iterate on roleScopes
foreach ($permissionGroup->getRoleScopes() as $roleScope) {
//check that the role allow to reach the required role
if ($this->isRoleReached($attribute, $roleScope->getRole())) {
//if yes, we have a right on something...
// perform check on scope if necessary
if ($this->scopeResolverDispatcher->isConcerned($entity)) {
$scope = $this->scopeResolverDispatcher->resolveScope($entity);
if (null === $scope) {
return true;
}
if (is_iterable($scope)) {
foreach ($scope as $s) {
if ($roleScope->getScope() === $s) {
return true;
}
}
} else {
if ($roleScope->getScope() === $scope) {
return true;
}
}
} else {
return true;
}
}
}
}
}
$this->logger->debug('user can reach center entity, but not role', [
'username' => $user->getUsername(),
'center' => $center->getName(),
]);
return false;
}
}

14
src/Bundle/ChillMainBundle/Security/Authorization/AuthorizationHelperInterface.php
View File

@@ -1,5 +1,12 @@
<?php
/**
* Chill is a software for social workers
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace Chill\MainBundle\Security\Authorization;
use Chill\MainBundle\Entity\Center;
@@ -10,17 +17,14 @@ interface AuthorizationHelperInterface
{
/**
* Get reachable Centers for the given user, role,
* and optionnaly Scope
* and optionnaly Scope.
*
* @param null|Scope $scope
* @return Center[]
*/
public function getReachableCenters(UserInterface $user, string $role, ?Scope $scope = null): array;
/**
* @param Center|Center[]|array $center
* @return array
* @param array|Center|Center[] $center
*/
public function getReachableScopes(UserInterface $user, string $role, $center): array;
}

13
src/Bundle/ChillMainBundle/Security/Authorization/ChillExportVoter.php
View File

@@ -1,12 +1,19 @@
<?php
/**
* Chill is a software for social workers
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
declare(strict_types=1);
namespace Chill\MainBundle\Security\Authorization;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Chill\MainBundle\Entity\User;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
class ChillExportVoter extends Voter
{
@@ -21,7 +28,7 @@ class ChillExportVoter extends Voter
protected function supports($attribute, $subject): bool
{
return $attribute === self::EXPORT;
return self::EXPORT === $attribute;
}
protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool

21
src/Bundle/ChillMainBundle/Security/Authorization/ChillVoterInterface.php
View File

@@ -1,30 +1,17 @@
<?php
/*
* Copyright (C) 2015 Julien Fastré <julien.fastre@champs-libres.coop>
/**
* Chill is a software for social workers
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace Chill\MainBundle\Security\Authorization;
/**
* Provides methods for compiling voter and build admin role fields.
*
* @author Julien Fastré <julien.fastre@champs-libres.coop>
*/
interface ChillVoterInterface
{
}

28
src/Bundle/ChillMainBundle/Security/Authorization/DefaultVoterHelper.php
View File

@@ -1,24 +1,28 @@
<?php
/**
* Chill is a software for social workers
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
declare(strict_types=1);
namespace Chill\MainBundle\Security\Authorization;
use Chill\MainBundle\Entity\User;
use Chill\MainBundle\Security\Resolver\CenterResolverDispatcher;
use Chill\MainBundle\Security\Resolver\CenterResolverDispatcherInterface;
use function in_array;
final class DefaultVoterHelper implements VoterHelperInterface
{
protected AuthorizationHelper $authorizationHelper;
private AuthorizationHelper $authorizationHelper;
protected CenterResolverDispatcherInterface $centerResolverDispatcher;
private CenterResolverDispatcherInterface $centerResolverDispatcher;
protected array $configuration = [];
private array $configuration = [];
/**
* @param array $configuration
*/
public function __construct(
AuthorizationHelper $authorizationHelper,
CenterResolverDispatcherInterface $centerResolverDispatcher,
@@ -31,13 +35,13 @@ final class DefaultVoterHelper implements VoterHelperInterface
public function supports($attribute, $subject): bool
{
foreach ($this->configuration as list($attributes, $subj)) {
if ($subj === null) {
if ($subject === null && \in_array($attribute, $attributes, true)) {
foreach ($this->configuration as [$attributes, $subj]) {
if (null === $subj) {
if (null === $subject && in_array($attribute, $attributes, true)) {
return true;
}
} elseif ($subject instanceof $subj) {
return \in_array($attribute, $attributes, true);
return in_array($attribute, $attributes, true);
}
}
@@ -50,7 +54,7 @@ final class DefaultVoterHelper implements VoterHelperInterface
return false;
}
if (NULL === $subject) {
if (null === $subject) {
return [] !== $this->authorizationHelper->getReachableCenters($token->getUser(), $attribute, null);
}

8
src/Bundle/ChillMainBundle/Security/Authorization/DefaultVoterHelperFactory.php
View File

@@ -1,5 +1,12 @@
<?php
/**
* Chill is a software for social workers
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
declare(strict_types=1);
namespace Chill\MainBundle\Security\Authorization;
@@ -9,6 +16,7 @@ use Chill\MainBundle\Security\Resolver\CenterResolverDispatcherInterface;
class DefaultVoterHelperFactory implements VoterHelperFactoryInterface
{
protected AuthorizationHelper $authorizationHelper;
protected CenterResolverDispatcherInterface $centerResolverDispatcher;
public function __construct(

19
src/Bundle/ChillMainBundle/Security/Authorization/DefaultVoterHelperGenerator.php
View File

@@ -1,5 +1,12 @@
<?php
/**
* Chill is a software for social workers
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
declare(strict_types=1);
namespace Chill\MainBundle\Security\Authorization;
@@ -8,9 +15,11 @@ use Chill\MainBundle\Security\Resolver\CenterResolverDispatcherInterface;
final class DefaultVoterHelperGenerator implements VoterGeneratorInterface
{
protected AuthorizationHelper $authorizationHelper;
protected CenterResolverDispatcherInterface $centerResolverDispatcher;
protected array $configuration = [];
private AuthorizationHelper $authorizationHelper;
private CenterResolverDispatcherInterface $centerResolverDispatcher;
private array $configuration = [];
public function __construct(
AuthorizationHelper $authorizationHelper,
@@ -22,9 +31,9 @@ final class DefaultVoterHelperGenerator implements VoterGeneratorInterface
public function addCheckFor(?string $subject, array $attributes): self
{
$this->configuration[] = [$attributes, $subject];
$this->configuration[] = [$attributes, $subject];
return $this;
return $this;
}
public function build(): VoterHelperInterface

8
src/Bundle/ChillMainBundle/Security/Authorization/VoterGeneratorInterface.php
View File

@@ -1,5 +1,12 @@
<?php
/**
* Chill is a software for social workers
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace Chill\MainBundle\Security\Authorization;
interface VoterGeneratorInterface
@@ -7,6 +14,7 @@ interface VoterGeneratorInterface
/**
* @param string $class The FQDN of a class
* @param array $attributes an array of attributes
*
* @return $this
*/
public function addCheckFor(?string $class, array $attributes): self;

7
src/Bundle/ChillMainBundle/Security/Authorization/VoterHelperFactoryInterface.php
View File

@@ -1,5 +1,12 @@
<?php
/**
* Chill is a software for social workers
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace Chill\MainBundle\Security\Authorization;
interface VoterHelperFactoryInterface

7
src/Bundle/ChillMainBundle/Security/Authorization/VoterHelperInterface.php
View File

@@ -1,5 +1,12 @@
<?php
/**
* Chill is a software for social workers
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
declare(strict_types=1);
namespace Chill\MainBundle\Security\Authorization;