insert entries in person menu dynamically, according to acl

This commit is contained in:
Julien Fastré 2018-08-17 13:40:25 +02:00
parent 6e8982958e
commit b4c50bccb4
5 changed files with 105 additions and 10 deletions

View File

@ -52,6 +52,7 @@ class ChillActivityExtension extends Extension implements PrependExtensionInterf
$loader->load('services/export.yml');
$loader->load('services/repositories.yml');
$loader->load('services/fixtures.yml');
$loader->load('services/menu.yml');
}
public function prepend(ContainerBuilder $container)

View File

@ -0,0 +1,83 @@
<?php
/*
* Copyright (C) 2018 Julien Fastré <julien.fastre@champs-libres.coop>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
namespace Chill\ActivityBundle\Menu;
use Chill\MainBundle\Routing\LocalMenuBuilderInterface;
use Knp\Menu\MenuItem;
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
use Chill\ActivityBundle\Security\Authorization\ActivityVoter;
use Symfony\Component\Translation\TranslatorInterface;
/**
*
*
* @author Julien Fastré <julien.fastre@champs-libres.coop>
*/
class PersonMenuBuilder implements LocalMenuBuilderInterface
{
/**
*
* @var TranslatorInterface
*/
protected $translator;
/**
*
* @var AuthorizationCheckerInterface
*/
protected $authorizationChecker;
public function __construct(
AuthorizationCheckerInterface $authorizationChecker,
TranslatorInterface $translator)
{
$this->translator = $translator;
$this->authorizationChecker = $authorizationChecker;
}
public function buildMenu($menuId, MenuItem $menu, array $parameters)
{
/* @var $person \Chill\PersonBundle\Entity\Person */
$person = $parameters['person'];
if ($this->authorizationChecker->isGranted(ActivityVoter::SEE, $person)) {
$menu->addChild(
$this->translator->trans('Activity list'), [
'route' => 'chill_activity_activity_list',
'routeParameters' => [ 'person_id' => $person->getId() ],
])
->setExtra('order', 201)
;
}
if ($this->authorizationChecker->isGranted(ActivityVoter::CREATE, $person)) {
$menu->addChild(
$this->translator->trans('Add a new activity'), [
'route' => 'chill_activity_activity_new',
'routeParameters' => [ 'person_id' => $person->getId() ],
])
->setExtra('order', 200)
;
}
}
public static function getMenuIds(): array
{
return ['person'];
}
}

View File

@ -1,11 +1,6 @@
chill_activity_activity_list:
path: /{_locale}/person/{person_id}/activity/
defaults: { _controller: "ChillActivityBundle:Activity:list" }
options:
menus:
person:
order: 201
label: Activity list
chill_activity_activity_show:
path: /{_locale}/person/{person_id}/activity/{id}/show
@ -14,11 +9,6 @@ chill_activity_activity_show:
chill_activity_activity_new:
path: /{_locale}/person/{person_id}/activity/new
defaults: { _controller: "ChillActivityBundle:Activity:new" }
options:
menus:
person:
order: 200
label: Add a new activity
chill_activity_activity_create:
path: /{_locale}/person/{person_id}/activity/create

View File

@ -0,0 +1,7 @@
services:
Chill\ActivityBundle\Menu\PersonMenuBuilder:
arguments:
$authorizationChecker: '@Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface'
$translator: '@Symfony\Component\Translation\TranslatorInterface'
tags:
- { name: 'chill.menu_builder' }

View File

@ -26,6 +26,8 @@ use Chill\MainBundle\Security\Authorization\AuthorizationHelper;
use Chill\MainBundle\Security\ProvideRoleHierarchyInterface;
use Chill\MainBundle\Entity\User;
use Chill\ActivityBundle\Entity\Activity;
use Chill\PersonBundle\Entity\Person;
use Symfony\Component\Security\Core\Role\Role;
/**
*
@ -56,6 +58,10 @@ class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyIn
{
if ($subject instanceof Activity) {
return \in_array($attribute, $this->getAttributes());
} elseif ($subject instanceof Person) {
return $attribute === self::SEE
||
$attribute === self::CREATE;
} else {
return false;
}
@ -66,6 +72,14 @@ class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyIn
if (!$token->getUser() instanceof User) {
return false;
}
if ($subject instanceof Person) {
$centers = $this->helper->getReachableCenters($token->getUser(), new Role($attribute));
return \in_array($subject->getCenter(), $centers);
}
/* @var $subject Activity */
return $this->helper->userHasAccess($token->getUser(), $subject, $attribute);
}