Continue work on ACL rewritting

* fix center resolver dispatcher * add scope resolver * tests for authorization helper
2025-08-21 07:03:49 +00:00 · 2021-09-19 20:56:20 +02:00
parent 74598ee926
commit b6c58a5c31
18 changed files with 498 additions and 29 deletions
--- a/src/Bundle/ChillPersonBundle/Repository/AccompanyingPeriodACLAwareRepository.php
+++ b/src/Bundle/ChillPersonBundle/Repository/AccompanyingPeriodACLAwareRepository.php
@@ -4,10 +4,11 @@ namespace Chill\PersonBundle\Repository;

 use Chill\MainBundle\Security\Authorization\AuthorizationHelper;
 use Chill\MainBundle\Security\Resolver\CenterResolverDispatcher;
+use Chill\PersonBundle\Entity\AccompanyingPeriod;
 use Chill\PersonBundle\Entity\Person;
 use Symfony\Component\Security\Core\Security;

-final class AccompanyingPeriodACLAwareRepository
+final class AccompanyingPeriodACLAwareRepository implements AccompanyingPeriodACLAwareRepositoryInterface
 {
    private AccompanyingPeriodRepository $accompanyingPeriodRepository;
    private Security $security;
@@ -29,7 +30,6 @@ final class AccompanyingPeriodACLAwareRepository
        int $limit = null,
        int $offset = null
    ): array {
-        dump(__METHOD__);
        $qb = $this->accompanyingPeriodRepository->createQueryBuilder('ap');
        $scopes = $this->authorizationHelper
            ->getReachableCircles($this->security->getUser(), $role,
@@ -42,12 +42,30 @@ final class AccompanyingPeriodACLAwareRepository
        $qb
            ->join('ap.participations', 'participation')
            ->where($qb->expr()->eq('participation.person', ':person'))
+            ->andWhere(
+                $qb->expr()->orX(
+                    'ap.confidential = FALSE',
+                    $qb->expr()->eq('ap.user', ':user')
+                )
+            )
+            ->andWhere(
+                $qb->expr()->orX(
+                    $qb->expr()->neq('ap.step', ':draft'),
+                    $qb->expr()->eq('ap.createdBy', ':creator')
+                )
+            )
+            ->setParameter('draft', AccompanyingPeriod::STEP_DRAFT)
            ->setParameter('person', $person)
-            ;
+            ->setParameter('user', $this->security->getUser())
+            ->setParameter('creator', $this->security->getUser())
+        ;
        // add join condition for scopes
-        $orx = $qb->expr()->orX();
+        $orx = $qb->expr()->orX(
+            $qb->expr()->eq('ap.step', ':draft')
+        );
+
        foreach ($scopes as $key => $scope) {
-            $orx->add($qb->expr()->in('ap.scopes', ':scope_'.$key));
+            $orx->add($qb->expr()->isMemberOf(':scope_'.$key, 'ap.scopes'));
            $qb->setParameter('scope_'.$key, $scope);
        }
        $qb->andWhere($orx);
--- a/src/Bundle/ChillPersonBundle/Repository/AccompanyingPeriodACLAwareRepositoryInterface.php
+++ b/src/Bundle/ChillPersonBundle/Repository/AccompanyingPeriodACLAwareRepositoryInterface.php
@@ -0,0 +1,16 @@
+<?php
+
+namespace Chill\PersonBundle\Repository;
+
+use Chill\PersonBundle\Entity\Person;
+
+interface AccompanyingPeriodACLAwareRepositoryInterface
+{
+    public function findByPerson(
+        Person $person,
+        string $role,
+        ?array $orderBy = [],
+        int $limit = null,
+        int $offset = null
+    ): array;
+}