Implement security checks for menu options

The changes in this commit add security checks before displaying menu options for creating new objects on Accompanying Period.
2025-08-20 22:53:49 +00:00 · 2024-06-13 12:08:24 +02:00
parent cc0030c1cd
commit 90bfd87ec6
3 changed files with 80 additions and 42 deletions
--- a/src/Bundle/ChillPersonBundle/Menu/PersonQuickMenuBuilder.php
+++ b/src/Bundle/ChillPersonBundle/Menu/PersonQuickMenuBuilder.php
@@ -1,5 +1,14 @@
 <?php

+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
 namespace Chill\PersonBundle\Menu;

 use Chill\MainBundle\Routing\LocalMenuBuilderInterface;
@@ -7,13 +16,10 @@ use Chill\PersonBundle\Security\Authorization\AccompanyingPeriodVoter;
 use Knp\Menu\MenuItem;
 use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;

-class PersonQuickMenuBuilder implements LocalMenuBuilderInterface
+final readonly class PersonQuickMenuBuilder implements LocalMenuBuilderInterface
 {
-    private AuthorizationCheckerInterface $authorizationChecker;
-
-    public function __construct(AuthorizationCheckerInterface $authorizationChecker)
+    public function __construct(private AuthorizationCheckerInterface $authorizationChecker)
    {
-        $this->authorizationChecker = $authorizationChecker;
    }

    public static function getMenuIds(): array
@@ -28,18 +34,18 @@ class PersonQuickMenuBuilder implements LocalMenuBuilderInterface

        if ($this->authorizationChecker->isGranted(AccompanyingPeriodVoter::CREATE, $person)) {
            $menu->addChild(
-            'Create Accompanying Course', [
+                'Create Accompanying Course',
+                [
                    'route' => 'chill_person_accompanying_course_new',
                    'routeParameters' => [
-                        'person_id' => [ $person->getId() ],
+                        'person_id' => [$person->getId()],
                    ],
                ]
            )
-            ->setExtras([
-                'order' => 10,
-                'icon' => 'plus'
-            ]);
+                ->setExtras([
+                    'order' => 10,
+                    'icon' => 'plus',
+                ]);
        }
    }
-
-}
+}