mirror of
https://gitlab.com/Chill-Projet/chill-bundles.git
synced 2025-08-31 12:03:48 +00:00
apply more cs rules for php-cs
This commit is contained in:
@@ -11,14 +11,8 @@ declare(strict_types=1);
|
||||
|
||||
namespace Chill\MainBundle\Security\Authorization;
|
||||
|
||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
|
||||
|
||||
use function get_class;
|
||||
use function in_array;
|
||||
|
||||
use const E_USER_DEPRECATED;
|
||||
|
||||
/**
|
||||
* Voter for Chill software.
|
||||
*
|
||||
|
||||
@@ -20,11 +20,6 @@ use Chill\MainBundle\Security\Resolver\CenterResolverManagerInterface;
|
||||
use Chill\MainBundle\Security\Resolver\ScopeResolverDispatcher;
|
||||
use Psr\Log\LoggerInterface;
|
||||
use Symfony\Component\Security\Core\User\UserInterface;
|
||||
use Traversable;
|
||||
use UnexpectedValueException;
|
||||
|
||||
use function array_merge;
|
||||
use function get_class;
|
||||
|
||||
/**
|
||||
* Helper for authorizations.
|
||||
@@ -44,7 +39,7 @@ class AuthorizationHelper implements AuthorizationHelperInterface
|
||||
/**
|
||||
* Filter an array of centers, return only center which are reachable.
|
||||
*
|
||||
* @param User $user The user
|
||||
* @param User $user The user
|
||||
* @param array $centers a list of centers which are going to be filtered
|
||||
*/
|
||||
public function filterReachableCenters(User $user, array $centers, mixed $role): array
|
||||
@@ -63,10 +58,9 @@ class AuthorizationHelper implements AuthorizationHelperInterface
|
||||
/**
|
||||
* @deprecated use UserACLAwareRepositoryInterface::findUsersByReachedACL instead
|
||||
*
|
||||
*
|
||||
* @return User[]
|
||||
*/
|
||||
public function findUsersReaching(string $role, array|\Chill\MainBundle\Entity\Center $center, null|array|\Chill\MainBundle\Entity\Scope $scope = null, bool $onlyEnabled = true): array
|
||||
public function findUsersReaching(string $role, array|\Chill\MainBundle\Entity\Center $center, array|\Chill\MainBundle\Entity\Scope $scope = null, bool $onlyEnabled = true): array
|
||||
{
|
||||
return $this->userACLAwareRepository
|
||||
->findUsersByReachedACL($role, $center, $scope, $onlyEnabled);
|
||||
@@ -91,7 +85,7 @@ class AuthorizationHelper implements AuthorizationHelperInterface
|
||||
*
|
||||
* @return list<Center>
|
||||
*/
|
||||
public function getReachableCenters(UserInterface $user, string $role, ?Scope $scope = null): array
|
||||
public function getReachableCenters(UserInterface $user, string $role, Scope $scope = null): array
|
||||
{
|
||||
if (!$user instanceof User) {
|
||||
return [];
|
||||
@@ -102,9 +96,9 @@ class AuthorizationHelper implements AuthorizationHelperInterface
|
||||
|
||||
foreach ($user->getGroupCenters() as $groupCenter) {
|
||||
$permissionGroup = $groupCenter->getPermissionsGroup();
|
||||
//iterate on roleScopes
|
||||
// iterate on roleScopes
|
||||
foreach ($permissionGroup->getRoleScopes() as $roleScope) {
|
||||
//check that the role is in the reachable roles
|
||||
// check that the role is in the reachable roles
|
||||
if ($this->isRoleReached($role, $roleScope->getRole())) {
|
||||
if (null === $scope) {
|
||||
$centers[spl_object_hash($groupCenter->getCenter())] = $groupCenter->getCenter();
|
||||
@@ -128,6 +122,7 @@ class AuthorizationHelper implements AuthorizationHelperInterface
|
||||
* Return all reachable circle for a given user, center and role.
|
||||
*
|
||||
* @param Center|Center[] $center
|
||||
*
|
||||
* @return Scope[]
|
||||
*/
|
||||
public function getReachableCircles(UserInterface $user, string $role, array|\Chill\MainBundle\Entity\Center $center)
|
||||
@@ -136,7 +131,7 @@ class AuthorizationHelper implements AuthorizationHelperInterface
|
||||
|
||||
if (is_iterable($center)) {
|
||||
foreach ($center as $c) {
|
||||
$scopes = array_merge($scopes, $this->getReachableCircles($user, $role, $c));
|
||||
$scopes = \array_merge($scopes, $this->getReachableCircles($user, $role, $c));
|
||||
}
|
||||
|
||||
return $scopes;
|
||||
@@ -144,11 +139,11 @@ class AuthorizationHelper implements AuthorizationHelperInterface
|
||||
|
||||
foreach ($user->getGroupCenters() as $groupCenter) {
|
||||
if ($center->getId() === $groupCenter->getCenter()->getId()) {
|
||||
//iterate on permissionGroup
|
||||
// iterate on permissionGroup
|
||||
$permissionGroup = $groupCenter->getPermissionsGroup();
|
||||
//iterate on roleScopes
|
||||
// iterate on roleScopes
|
||||
foreach ($permissionGroup->getRoleScopes() as $roleScope) {
|
||||
//check that the role is in the reachable roles
|
||||
// check that the role is in the reachable roles
|
||||
if ($this->isRoleReached($role, $roleScope->getRole())) {
|
||||
$scopes[] = $roleScope->getScope();
|
||||
}
|
||||
@@ -174,7 +169,7 @@ class AuthorizationHelper implements AuthorizationHelperInterface
|
||||
*/
|
||||
public function userCanReachCenter(User $user, array|\Chill\MainBundle\Entity\Center $center): bool
|
||||
{
|
||||
if ($center instanceof Traversable) {
|
||||
if ($center instanceof \Traversable) {
|
||||
foreach ($center as $c) {
|
||||
if ($c->userCanReachCenter($user, $c)) {
|
||||
return true;
|
||||
@@ -194,13 +189,7 @@ class AuthorizationHelper implements AuthorizationHelperInterface
|
||||
return false;
|
||||
}
|
||||
|
||||
throw new UnexpectedValueException(
|
||||
sprintf(
|
||||
'The entity given is not an instance of %s or an array of centers, %s given',
|
||||
Center::class,
|
||||
gettype($center)
|
||||
)
|
||||
);
|
||||
throw new \UnexpectedValueException(sprintf('The entity given is not an instance of %s or an array of centers, %s given', Center::class, gettype($center)));
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -229,7 +218,7 @@ class AuthorizationHelper implements AuthorizationHelperInterface
|
||||
/**
|
||||
* Test if a parent role may give access to a given child role.
|
||||
*
|
||||
* @param string $childRole The role we want to test if he is reachable
|
||||
* @param string $childRole The role we want to test if he is reachable
|
||||
* @param string $parentRole The role which should give access to $childRole
|
||||
*
|
||||
* @return bool true if the child role is granted by parent role
|
||||
@@ -255,11 +244,11 @@ class AuthorizationHelper implements AuthorizationHelperInterface
|
||||
// we cannot compare the objects: we must compare the ids here
|
||||
if ($groupCenter->getCenter()->getId() === $center->getId()) {
|
||||
$permissionGroup = $groupCenter->getPermissionsGroup();
|
||||
//iterate on roleScopes
|
||||
// iterate on roleScopes
|
||||
foreach ($permissionGroup->getRoleScopes() as $roleScope) {
|
||||
//check that the role allow to reach the required role
|
||||
// check that the role allow to reach the required role
|
||||
if ($this->isRoleReached($attribute, $roleScope->getRole())) {
|
||||
//if yes, we have a right on something...
|
||||
// if yes, we have a right on something...
|
||||
// perform check on scope if necessary
|
||||
if ($this->scopeResolverDispatcher->isConcerned($entity)) {// here, we should also check that the role need a scope
|
||||
$scope = $this->scopeResolverDispatcher->resolveScope($entity);
|
||||
|
||||
@@ -19,7 +19,7 @@ class AuthorizationHelperForCurrentUser implements AuthorizationHelperForCurrent
|
||||
{
|
||||
public function __construct(private readonly AuthorizationHelperInterface $authorizationHelper, private readonly Security $security) {}
|
||||
|
||||
public function getReachableCenters(string $role, ?Scope $scope = null): array
|
||||
public function getReachableCenters(string $role, Scope $scope = null): array
|
||||
{
|
||||
if (!$this->security->getUser() instanceof User) {
|
||||
return [];
|
||||
|
||||
@@ -22,10 +22,11 @@ interface AuthorizationHelperForCurrentUserInterface
|
||||
*
|
||||
* @return Center[]
|
||||
*/
|
||||
public function getReachableCenters(string $role, ?Scope $scope = null): array;
|
||||
public function getReachableCenters(string $role, Scope $scope = null): array;
|
||||
|
||||
/**
|
||||
* @param list<Center>|Center $center
|
||||
*
|
||||
* @return list<Scope>
|
||||
*/
|
||||
public function getReachableScopes(string $role, array|Center $center): array;
|
||||
|
||||
@@ -23,10 +23,11 @@ interface AuthorizationHelperInterface
|
||||
*
|
||||
* @return list<Center>
|
||||
*/
|
||||
public function getReachableCenters(UserInterface $user, string $role, ?Scope $scope = null): array;
|
||||
public function getReachableCenters(UserInterface $user, string $role, Scope $scope = null): array;
|
||||
|
||||
/**
|
||||
* @param Center|array<Center> $center
|
||||
*
|
||||
* @return list<Scope>
|
||||
*/
|
||||
public function getReachableScopes(UserInterface $user, string $role, array|Center $center): array;
|
||||
|
||||
@@ -12,9 +12,6 @@ declare(strict_types=1);
|
||||
namespace Chill\MainBundle\Security\Authorization;
|
||||
|
||||
use Chill\MainBundle\Entity\User;
|
||||
use Chill\MainBundle\Security\Resolver\CenterResolverDispatcherInterface;
|
||||
|
||||
use function in_array;
|
||||
|
||||
final readonly class DefaultVoterHelper implements VoterHelperInterface
|
||||
{
|
||||
@@ -27,11 +24,11 @@ final readonly class DefaultVoterHelper implements VoterHelperInterface
|
||||
{
|
||||
foreach ($this->configuration as [$attributes, $subj]) {
|
||||
if (null === $subj) {
|
||||
if (null === $subject && in_array($attribute, $attributes, true)) {
|
||||
if (null === $subject && \in_array($attribute, $attributes, true)) {
|
||||
return true;
|
||||
}
|
||||
} elseif ($subject instanceof $subj) {
|
||||
return in_array($attribute, $attributes, true);
|
||||
return \in_array($attribute, $attributes, true);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -11,8 +11,6 @@ declare(strict_types=1);
|
||||
|
||||
namespace Chill\MainBundle\Security\Authorization;
|
||||
|
||||
use Chill\MainBundle\Security\Resolver\CenterResolverDispatcherInterface;
|
||||
|
||||
class DefaultVoterHelperFactory implements VoterHelperFactoryInterface
|
||||
{
|
||||
public function __construct(protected AuthorizationHelper $authorizationHelper) {}
|
||||
|
||||
@@ -16,8 +16,6 @@ use Chill\MainBundle\Workflow\EntityWorkflowManager;
|
||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
|
||||
use Symfony\Component\Security\Core\Security;
|
||||
use UnexpectedValueException;
|
||||
use function in_array;
|
||||
|
||||
class EntityWorkflowVoter extends Voter
|
||||
{
|
||||
@@ -33,12 +31,11 @@ class EntityWorkflowVoter extends Voter
|
||||
|
||||
protected function supports($attribute, $subject)
|
||||
{
|
||||
return $subject instanceof EntityWorkflow && in_array($attribute, self::getRoles(), true);
|
||||
return $subject instanceof EntityWorkflow && \in_array($attribute, self::getRoles(), true);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param EntityWorkflow $subject
|
||||
* @param mixed $attribute
|
||||
*/
|
||||
protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
|
||||
{
|
||||
@@ -72,10 +69,10 @@ class EntityWorkflowVoter extends Voter
|
||||
return false;
|
||||
|
||||
case self::DELETE:
|
||||
return $subject->getStep() === 'initial';
|
||||
return 'initial' === $subject->getStep();
|
||||
|
||||
case self::SHOW_ENTITY_LINK:
|
||||
if ($subject->getStep() === 'initial') {
|
||||
if ('initial' === $subject->getStep()) {
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -88,7 +85,7 @@ class EntityWorkflowVoter extends Voter
|
||||
return $currentStep->getPrevious()->getTransitionBy() === $this->security->getUser();
|
||||
|
||||
default:
|
||||
throw new UnexpectedValueException("attribute {$attribute} not supported");
|
||||
throw new \UnexpectedValueException("attribute {$attribute} not supported");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -16,7 +16,6 @@ use Chill\MainBundle\Entity\NotificationComment;
|
||||
use Chill\MainBundle\Entity\User;
|
||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
|
||||
use UnexpectedValueException;
|
||||
|
||||
final class NotificationVoter extends Voter
|
||||
{
|
||||
@@ -42,7 +41,6 @@ final class NotificationVoter extends Voter
|
||||
|
||||
/**
|
||||
* @param string $attribute
|
||||
* @param mixed $subject
|
||||
*/
|
||||
protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
|
||||
{
|
||||
@@ -59,7 +57,7 @@ final class NotificationVoter extends Voter
|
||||
),
|
||||
self::NOTIFICATION_SEE, self::NOTIFICATION_TOGGLE_READ_STATUS => $subject->getSender() === $user || $subject->getAddressees()->contains($user),
|
||||
self::NOTIFICATION_UPDATE => $subject->getSender() === $user && false === $subject->isSystem(),
|
||||
default => throw new UnexpectedValueException("this subject {$attribute} is not implemented"),
|
||||
default => throw new \UnexpectedValueException("this subject {$attribute} is not implemented"),
|
||||
};
|
||||
} elseif ($subject instanceof NotificationComment) {
|
||||
return match ($attribute) {
|
||||
@@ -67,10 +65,10 @@ final class NotificationVoter extends Voter
|
||||
$subject->getNotification()->getAddressees()->contains($user) || $subject->getNotification()->getSender() === $user
|
||||
),
|
||||
self::COMMENT_EDIT => $subject->getCreatedBy() === $user && false === $subject->getNotification()->isSystem(),
|
||||
default => throw new UnexpectedValueException("this subject {$attribute} is not implemented"),
|
||||
default => throw new \UnexpectedValueException("this subject {$attribute} is not implemented"),
|
||||
};
|
||||
}
|
||||
|
||||
throw new UnexpectedValueException();
|
||||
throw new \UnexpectedValueException();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -14,8 +14,6 @@ namespace Chill\MainBundle\Security\Authorization;
|
||||
use Chill\MainBundle\Entity\SavedExport;
|
||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
|
||||
use UnexpectedValueException;
|
||||
use function in_array;
|
||||
|
||||
class SavedExportVoter extends Voter
|
||||
{
|
||||
@@ -33,14 +31,14 @@ class SavedExportVoter extends Voter
|
||||
|
||||
protected function supports($attribute, $subject): bool
|
||||
{
|
||||
return $subject instanceof SavedExport && in_array($attribute, self::ALL, true);
|
||||
return $subject instanceof SavedExport && \in_array($attribute, self::ALL, true);
|
||||
}
|
||||
|
||||
protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
|
||||
{
|
||||
return match ($attribute) {
|
||||
self::DELETE, self::EDIT, self::GENERATE => $subject->getUser() === $token->getUser(),
|
||||
default => throw new UnexpectedValueException('attribute not supported: ' . $attribute),
|
||||
default => throw new \UnexpectedValueException('attribute not supported: '.$attribute),
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
@@ -14,8 +14,8 @@ namespace Chill\MainBundle\Security\Authorization;
|
||||
interface VoterGeneratorInterface
|
||||
{
|
||||
/**
|
||||
* @param string $class The FQDN of a class
|
||||
* @param array $attributes an array of attributes
|
||||
* @param string $class The FQDN of a class
|
||||
* @param array $attributes an array of attributes
|
||||
*
|
||||
* @return $this
|
||||
*/
|
||||
|
||||
@@ -12,12 +12,8 @@ declare(strict_types=1);
|
||||
namespace Chill\MainBundle\Security\Authorization;
|
||||
|
||||
use Chill\MainBundle\Repository\Workflow\EntityWorkflowRepository;
|
||||
use Chill\MainBundle\Workflow\EntityWorkflowHandlerInterface;
|
||||
use RuntimeException;
|
||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
|
||||
use function in_array;
|
||||
use function is_object;
|
||||
|
||||
class WorkflowEntityDeletionVoter extends Voter
|
||||
{
|
||||
@@ -28,13 +24,13 @@ class WorkflowEntityDeletionVoter extends Voter
|
||||
|
||||
protected function supports($attribute, $subject)
|
||||
{
|
||||
if (!is_object($subject)) {
|
||||
if (!\is_object($subject)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
foreach ($this->handlers as $handler) {
|
||||
if ($handler->isObjectSupported($subject)
|
||||
&& in_array($attribute, $handler->getDeletionRoles($subject), true)) {
|
||||
&& \in_array($attribute, $handler->getDeletionRoles($subject), true)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
@@ -52,6 +48,6 @@ class WorkflowEntityDeletionVoter extends Voter
|
||||
}
|
||||
}
|
||||
|
||||
throw new RuntimeException('no handlers found');
|
||||
throw new \RuntimeException('no handlers found');
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user