FEATURE [voter][confidential] voter adapted. repository changes left to do

2025-06-07 18:44:08 +00:00 · 2023-02-10 19:15:09 +01:00 · 2023-02-10 19:15:09 +01:00 · a7dbdc2b9d
commit a7dbdc2b9d
parent b3d993165d
3 changed files with 11 additions and 19 deletions
--- a/src/Bundle/ChillPersonBundle/Controller/ReassignAccompanyingPeriodController.php
+++ b/src/Bundle/ChillPersonBundle/Controller/ReassignAccompanyingPeriodController.php
@ -20,6 +20,7 @@ use Chill\MainBundle\Repository\UserRepository;
 use Chill\MainBundle\Templating\Entity\UserRender;
 use Chill\PersonBundle\Repository\AccompanyingPeriodACLAwareRepositoryInterface;
 use Chill\PersonBundle\Repository\AccompanyingPeriodRepository;
+use Chill\PersonBundle\Security\Authorization\AccompanyingPeriodVoter;
 use Doctrine\ORM\EntityManagerInterface;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\Form\CallbackTransformer;
@ -30,6 +31,7 @@ use Symfony\Component\Form\FormFactoryInterface;
 use Symfony\Component\Form\FormInterface;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
 use Symfony\Component\Routing\Annotation\Route;
 use Symfony\Component\Security\Core\Exception\AccessDeniedException;
 use Symfony\Component\Security\Core\Security;
@ -85,8 +87,8 @@ class ReassignAccompanyingPeriodController extends AbstractController
     */
    public function listAction(Request $request): Response
    {
-        if (!$this->security->isGranted('ROLE_USER') || !$this->security->getUser() instanceof User) {
-            throw new AccessDeniedException();
+        if (!$this->security->isGranted(AccompanyingPeriodVoter::REASSIGN_BULK)) {
+            throw new AccessDeniedHttpException('no right to reassign bulk');
        }

        $form = $this->buildFilterForm();
--- a/src/Bundle/ChillPersonBundle/DependencyInjection/ChillPersonExtension.php
+++ b/src/Bundle/ChillPersonBundle/DependencyInjection/ChillPersonExtension.php
@ -984,11 +984,11 @@ class ChillPersonExtension extends Extension implements PrependExtensionInterfac
                    AccompanyingPeriodVoter::DELETE,
                ],
                AccompanyingPeriodVoter::REASSIGN_BULK => [
-                    AccompanyingPeriodVoter::CONFIDENTIAL_CRUD,
-                    AccompanyingPeriodVoter::SEE_CONFIDENTIAL,
+                    AccompanyingPeriodVoter::SEE_CONFIDENTIAL_ALL,
+                    AccompanyingPeriodVoter::TOGGLE_CONFIDENTIAL_ALL,
                ],
-                AccompanyingPeriodVoter::TOGGLE_CONFIDENTIAL => [
-                    AccompanyingPeriodVoter::CONFIDENTIAL_CRUD,
+                AccompanyingPeriodVoter::TOGGLE_CONFIDENTIAL_ALL => [
+                    AccompanyingPeriodVoter::SEE_CONFIDENTIAL_ALL,
                ],
            ],
        ]);
--- a/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodVoter.php
+++ b/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodVoter.php
@ -42,11 +42,6 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRoleH
        self::RE_OPEN_COURSE,
    ];

-    /**
-     * Give the ability to see all confidential courses.
-     */
-    public const CONFIDENTIAL_CRUD = 'CHILL_PERSON_ACCOMPANYING_PERIOD_CRUD_CONFIDENTIAL';
-
    public const CREATE = 'CHILL_PERSON_ACCOMPANYING_PERIOD_CREATE';

    /**
@ -110,7 +105,7 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRoleH
    /**
     * Right to see confidential period even if not referrer
     */
-    public const SEE_CONFIDENTIAL = 'CHILL_PERSON_ACCOMPANYING_PERIOD_SEE_CONFIDENTIAL';
+    public const SEE_CONFIDENTIAL_ALL = 'CHILL_PERSON_ACCOMPANYING_PERIOD_SEE_CONFIDENTIAL';

    private Security $security;

@ -136,7 +131,6 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRoleH
        return [
            self::SEE,
            self::SEE_DETAILS,
-            self::CONFIDENTIAL_CRUD,
            self::CREATE,
            self::EDIT,
            self::DELETE,
@ -154,7 +148,7 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRoleH

    public function getRolesWithoutScope(): array
    {
-        return [self::REASSIGN_BULK];
+        return [];
    }

    protected function supports($attribute, $subject)
@ -221,14 +215,10 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRoleH

            // if confidential, only the referent can see it
            if ($subject->isConfidential()) {
-                if ($this->voterHelper->voteOnAttribute(self::CONFIDENTIAL_CRUD, $subject, $token)) {
+                if ($this->voterHelper->voteOnAttribute(self::SEE_CONFIDENTIAL_ALL, $subject, $token)) {
                    return true;
                }

-/*                if ($this->voterHelper->voteOnAttribute(self::REASSIGN_BULK, null, $token)) {
-                    return true;
-                }*/
-
                return $token->getUser() === $subject->getUser();
            }
        }