Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-06-07 18:44:08 +00:00
Code Issues Actions Projects Releases Wiki Activity

FEATURE [voter][confidential] voter adapted. repository changes left to do

Browse Source
This commit is contained in:
Julie Lenaerts 2023-02-10 19:15:09 +01:00 committed by Julien Fastré
parent b3d993165d
commit a7dbdc2b9d
Signed by: julienfastre
GPG Key ID: BDE2190974723FCB
3 changed files with 11 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/Bundle/ChillPersonBundle/Controller/ReassignAccompanyingPeriodController.php
View File

@ -20,6 +20,7 @@ use Chill\MainBundle\Repository\UserRepository;
use Chill\MainBundle\Templating\Entity\UserRender; use Chill\MainBundle\Templating\Entity\UserRender;
use Chill\PersonBundle\Repository\AccompanyingPeriodACLAwareRepositoryInterface; use Chill\PersonBundle\Repository\AccompanyingPeriodACLAwareRepositoryInterface;
use Chill\PersonBundle\Repository\AccompanyingPeriodRepository; use Chill\PersonBundle\Repository\AccompanyingPeriodRepository;
use Chill\PersonBundle\Security\Authorization\AccompanyingPeriodVoter;
use Doctrine\ORM\EntityManagerInterface; use Doctrine\ORM\EntityManagerInterface;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\Form\CallbackTransformer; use Symfony\Component\Form\CallbackTransformer;
@ -30,6 +31,7 @@ use Symfony\Component\Form\FormFactoryInterface;
use Symfony\Component\Form\FormInterface; use Symfony\Component\Form\FormInterface;
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\Routing\Annotation\Route; use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\Security\Core\Exception\AccessDeniedException; use Symfony\Component\Security\Core\Exception\AccessDeniedException;
use Symfony\Component\Security\Core\Security; use Symfony\Component\Security\Core\Security;
@ -85,8 +87,8 @@ class ReassignAccompanyingPeriodController extends AbstractController
*/ */
public function listAction(Request $request): Response public function listAction(Request $request): Response
{ {
if (!$this->security->isGranted('ROLE_USER') || !$this->security->getUser() instanceof User) { if (!$this->security->isGranted(AccompanyingPeriodVoter::REASSIGN_BULK)) {
throw new AccessDeniedException(); throw new AccessDeniedHttpException('no right to reassign bulk');
} }
$form = $this->buildFilterForm(); $form = $this->buildFilterForm();

8
src/Bundle/ChillPersonBundle/DependencyInjection/ChillPersonExtension.php
View File

@ -984,11 +984,11 @@ class ChillPersonExtension extends Extension implements PrependExtensionInterfac
AccompanyingPeriodVoter::DELETE, AccompanyingPeriodVoter::DELETE,
], ],
AccompanyingPeriodVoter::REASSIGN_BULK => [ AccompanyingPeriodVoter::REASSIGN_BULK => [
AccompanyingPeriodVoter::CONFIDENTIAL_CRUD, AccompanyingPeriodVoter::SEE_CONFIDENTIAL_ALL,
AccompanyingPeriodVoter::SEE_CONFIDENTIAL, AccompanyingPeriodVoter::TOGGLE_CONFIDENTIAL_ALL,
], ],
AccompanyingPeriodVoter::TOGGLE_CONFIDENTIAL => [ AccompanyingPeriodVoter::TOGGLE_CONFIDENTIAL_ALL => [
AccompanyingPeriodVoter::CONFIDENTIAL_CRUD, AccompanyingPeriodVoter::SEE_CONFIDENTIAL_ALL,
], ],
], ],
]); ]);

16
src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodVoter.php
View File

@ -42,11 +42,6 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRoleH
self::RE_OPEN_COURSE, self::RE_OPEN_COURSE,
]; ];
/**
* Give the ability to see all confidential courses.
*/
public const CONFIDENTIAL_CRUD = 'CHILL_PERSON_ACCOMPANYING_PERIOD_CRUD_CONFIDENTIAL';
public const CREATE = 'CHILL_PERSON_ACCOMPANYING_PERIOD_CREATE'; public const CREATE = 'CHILL_PERSON_ACCOMPANYING_PERIOD_CREATE';
/** /**
@ -110,7 +105,7 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRoleH
/** /**
* Right to see confidential period even if not referrer * Right to see confidential period even if not referrer
*/ */
public const SEE_CONFIDENTIAL = 'CHILL_PERSON_ACCOMPANYING_PERIOD_SEE_CONFIDENTIAL'; public const SEE_CONFIDENTIAL_ALL = 'CHILL_PERSON_ACCOMPANYING_PERIOD_SEE_CONFIDENTIAL';
private Security $security; private Security $security;
@ -136,7 +131,6 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRoleH
return [ return [
self::SEE, self::SEE,
self::SEE_DETAILS, self::SEE_DETAILS,
self::CONFIDENTIAL_CRUD,
self::CREATE, self::CREATE,
self::EDIT, self::EDIT,
self::DELETE, self::DELETE,
@ -154,7 +148,7 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRoleH
public function getRolesWithoutScope(): array public function getRolesWithoutScope(): array
{ {
return [self::REASSIGN_BULK]; return [];
} }
protected function supports($attribute, $subject) protected function supports($attribute, $subject)
@ -221,14 +215,10 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRoleH
// if confidential, only the referent can see it // if confidential, only the referent can see it
if ($subject->isConfidential()) { if ($subject->isConfidential()) {
if ($this->voterHelper->voteOnAttribute(self::CONFIDENTIAL_CRUD, $subject, $token)) { if ($this->voterHelper->voteOnAttribute(self::SEE_CONFIDENTIAL_ALL, $subject, $token)) {
return true; return true;
} }
/* if ($this->voterHelper->voteOnAttribute(self::REASSIGN_BULK, null, $token)) {
return true;
}*/
return $token->getUser() === $subject->getUser(); return $token->getUser() === $subject->getUser();
} }
} }