Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-08-28 02:23:51 +00:00
Code Issues Actions Projects Releases Wiki Activity

entry "task list" in person menu is dynamic - based on ACL

Browse Source
This commit is contained in:
Julien Fastré
2018-07-08 22:37:51 +02:00
parent 8976661b40
commit b4de51a601
4 changed files with 100 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
Security/Authorization/TaskVoter.php
View File

@@ -28,6 +28,7 @@ use Chill\MainBundle\Security\ProvideRoleHierarchyInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Chill\MainBundle\Entity\User;
use Chill\PersonBundle\Entity\Person;
use Symfony\Component\Security\Core\Role\Role;
/**
*
@@ -80,7 +81,10 @@ class TaskVoter extends AbstractChillVoter implements ProvideRoleHierarchyInterf
{
return ($subject instanceof AbstractTask && in_array($attribute, self::ROLES))
||
($subject instanceof Person && $attribute === self::CREATE);
($subject instanceof Person && \in_array($attribute, [ self::CREATE, self::SHOW ]))
||
(NULL === $subject && $attribute === self::SHOW )
;
}
/**
@@ -105,8 +109,13 @@ class TaskVoter extends AbstractChillVoter implements ProvideRoleHierarchyInterf
}
$person = $subject->getPerson();
} else {
} elseif ($subject instanceof Person) {
$person = $subject;
} else {
// subject is null. We check that at least one center is reachable
$centers = $this->authorizationHelper->getReachableCenters($token->getUser(), new Role($attribute));
return count($centers) > 0;
}
if (!$this->accessDecisionManager->decide($token, [PersonVoter::SEE], $person)) {