From a3efae78314cdb81234e0cd9d06c3b7374fdc8ef Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julien=20Fastr=C3=A9?= <julien.fastre@champs-libres.coop>
Date: Wed, 10 Apr 2024 10:31:00 +0200
Subject: [PATCH] Update budget element voter and improve form handling in
 permissions group

The base class of BudgetElementVoter has been changed to Voter, and the form handling in PermissionsGroupController has been improved for better validation. In addition, minor changes were made for better menu building and service configuration was updated. Unnecessary date validation in AbstractElement has been removed as well.
---
 .../Entity/AbstractElement.php                |  1 -
 .../Menu/HouseholdMenuBuilder.php             | 21 ++++++++++---------
 .../Authorization/BudgetElementVoter.php      |  3 ++-
 .../config/services/security.yaml             |  3 +--
 .../Controller/PermissionsGroupController.php |  9 ++++----
 5 files changed, 19 insertions(+), 18 deletions(-)

diff --git a/src/Bundle/ChillBudgetBundle/Entity/AbstractElement.php b/src/Bundle/ChillBudgetBundle/Entity/AbstractElement.php
index d3321531a..5f39bcbc1 100644
--- a/src/Bundle/ChillBudgetBundle/Entity/AbstractElement.php
+++ b/src/Bundle/ChillBudgetBundle/Entity/AbstractElement.php
@@ -40,7 +40,6 @@ abstract class AbstractElement
     #[ORM\ManyToOne(targetEntity: Person::class)]
     private ?Person $person = null;
 
-    #[Assert\Date]
     #[ORM\Column(name: 'startDate', type: \Doctrine\DBAL\Types\Types::DATETIME_IMMUTABLE)]
     private \DateTimeImmutable $startDate;
 
diff --git a/src/Bundle/ChillBudgetBundle/Menu/HouseholdMenuBuilder.php b/src/Bundle/ChillBudgetBundle/Menu/HouseholdMenuBuilder.php
index 94583b439..6e9253c5a 100644
--- a/src/Bundle/ChillBudgetBundle/Menu/HouseholdMenuBuilder.php
+++ b/src/Bundle/ChillBudgetBundle/Menu/HouseholdMenuBuilder.php
@@ -16,25 +16,26 @@ use Chill\MainBundle\Routing\LocalMenuBuilderInterface;
 use Chill\PersonBundle\Entity\Household\Household;
 use Knp\Menu\MenuItem;
 use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
+use Symfony\Component\Security\Core\Security;
 use Symfony\Contracts\Translation\TranslatorInterface;
 
-class HouseholdMenuBuilder implements LocalMenuBuilderInterface
+final readonly class HouseholdMenuBuilder implements LocalMenuBuilderInterface
 {
-    public function __construct(protected AuthorizationCheckerInterface $authorizationChecker, protected TranslatorInterface $translator) {}
+    public function __construct(private Security $security, private TranslatorInterface $translator) {}
 
     public function buildMenu($menuId, MenuItem $menu, array $parameters)
     {
         /** @var Household $household */
         $household = $parameters['household'];
 
-        // if ($this->authorizationChecker->isGranted(BudgetElementVoter::SHOW, $household)) {
-        $menu->addChild($this->translator->trans('household.Budget'), [
-            'route' => 'chill_budget_elements_household_index',
-            'routeParameters' => [
-                'id' => $household->getId(),
-            ], ])
-            ->setExtras(['order' => 19]);
-        // }
+        if ($this->security->isGranted(BudgetElementVoter::SEE, $household)) {
+            $menu->addChild($this->translator->trans('household.Budget'), [
+                'route' => 'chill_budget_elements_household_index',
+                'routeParameters' => [
+                    'id' => $household->getId(),
+                ], ])
+                ->setExtras(['order' => 19]);
+        }
     }
 
     public static function getMenuIds(): array
diff --git a/src/Bundle/ChillBudgetBundle/Security/Authorization/BudgetElementVoter.php b/src/Bundle/ChillBudgetBundle/Security/Authorization/BudgetElementVoter.php
index f2340b8b9..522b7d01b 100644
--- a/src/Bundle/ChillBudgetBundle/Security/Authorization/BudgetElementVoter.php
+++ b/src/Bundle/ChillBudgetBundle/Security/Authorization/BudgetElementVoter.php
@@ -19,8 +19,9 @@ use Chill\MainBundle\Security\ProvideRoleHierarchyInterface;
 use Chill\PersonBundle\Entity\Household\Household;
 use Chill\PersonBundle\Entity\Person;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\Voter;
 
-class BudgetElementVoter extends AbstractChillVoter implements ProvideRoleHierarchyInterface
+class BudgetElementVoter extends Voter implements ProvideRoleHierarchyInterface
 {
     final public const CREATE = 'CHILL_BUDGET_ELEMENT_CREATE';
 
diff --git a/src/Bundle/ChillBudgetBundle/config/services/security.yaml b/src/Bundle/ChillBudgetBundle/config/services/security.yaml
index fec4e8f19..5e91cd434 100644
--- a/src/Bundle/ChillBudgetBundle/config/services/security.yaml
+++ b/src/Bundle/ChillBudgetBundle/config/services/security.yaml
@@ -1,5 +1,4 @@
 services:
     Chill\BudgetBundle\Security\Authorization\BudgetElementVoter:
         autowire: true
-        tags:
-            - { name: security.voter }
+        autoconfigure: true
diff --git a/src/Bundle/ChillMainBundle/Controller/PermissionsGroupController.php b/src/Bundle/ChillMainBundle/Controller/PermissionsGroupController.php
index 62cc7a724..fc5d7d061 100644
--- a/src/Bundle/ChillMainBundle/Controller/PermissionsGroupController.php
+++ b/src/Bundle/ChillMainBundle/Controller/PermissionsGroupController.php
@@ -49,7 +49,7 @@ final class PermissionsGroupController extends AbstractController
         private readonly RoleScopeRepository $roleScopeRepository,
     ) {}
 
-    #[\Symfony\Component\Routing\Annotation\Route(path: '/{_locale}/admin/permissionsgroup/{id}/add_link_role_scope', name: 'admin_permissionsgroup_add_role_scope', methods: ['PUT'])]
+    #[\Symfony\Component\Routing\Annotation\Route(path: '/{_locale}/admin/permissionsgroup/{id}/add_link_role_scope', name: 'admin_permissionsgroup_add_role_scope', methods: ['POST'])]
     public function addLinkRoleScopeAction(Request $request, int $id): Response
     {
         $permissionsGroup = $this->permissionsGroupRepository->find($id);
@@ -61,7 +61,9 @@ final class PermissionsGroupController extends AbstractController
         $form = $this->createAddRoleScopeForm($permissionsGroup);
         $form->handleRequest($request);
 
-        if ($form->isValid()) {
+        dump($form->isSubmitted());
+
+        if ($form->isSubmitted() && $form->isValid()) {
             $roleScope = $this->getPersistentRoleScopeBy(
                 $form['composed_role_scope']->getData()->getRole(),
                 $form['composed_role_scope']->getData()->getScope()
@@ -74,7 +76,7 @@ final class PermissionsGroupController extends AbstractController
                 $this->em->flush();
 
                 $this->addFlash(
-                    'notice',
+                    'success',
                     $this->translator->trans('The permissions have been added')
                 );
 
@@ -416,7 +418,6 @@ final class PermissionsGroupController extends AbstractController
                 'admin_permissionsgroup_add_role_scope',
                 ['id' => $permissionsGroup->getId()]
             ))
-            ->setMethod('PUT')
             ->add('composed_role_scope', ComposedRoleScopeType::class)
             ->add('submit', SubmitType::class, ['label' => 'Add permission'])
             ->getForm();