Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-06-12 13:24:25 +00:00
Code Issues Actions Projects Releases Wiki Activity

Fix checking of permissions within document_button_group

Browse Source
This commit is contained in:
Julie Lenaerts 2024-07-02 12:50:44 +02:00
parent 03800029c9
commit c19c597ba0
3 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/Bundle/ChillDocStoreBundle/Resources/views/List/list_item.html.twig
View File

@ -71,7 +71,7 @@
</li> </li>
{% if is_granted('CHILL_ACCOMPANYING_COURSE_DOCUMENT_SEE_DETAILS', document) %} {% if is_granted('CHILL_ACCOMPANYING_COURSE_DOCUMENT_SEE_DETAILS', document) %}
<li> <li>
{{ document.object|chill_document_button_group(document.title, is_granted('CHILL_ACCOMPANYING_COURSE_DOCUMENT_UPDATE', document)) }} {{ document.object|chill_document_button_group(document.title) }}
</li> </li>
<li> <li>
<a href="{{ chill_path_add_return_path('accompanying_course_document_show', {'course': accompanyingCourse.id, 'id': document.id}) }}" class="btn btn-show"></a> <a href="{{ chill_path_add_return_path('accompanying_course_document_show', {'course': accompanyingCourse.id, 'id': document.id}) }}" class="btn btn-show"></a>
@ -90,7 +90,7 @@
{% else %} {% else %}
{% if is_granted('CHILL_PERSON_DOCUMENT_SEE_DETAILS', document) %} {% if is_granted('CHILL_PERSON_DOCUMENT_SEE_DETAILS', document) %}
<li> <li>
{{ document.object|chill_document_button_group(document.title, is_granted('CHILL_PERSON_DOCUMENT_UPDATE', document)) }} {{ document.object|chill_document_button_group(document.title) }}
</li> </li>
<li> <li>
<a href="{{ path('person_document_show', {'person': person.id, 'id': document.id}) }}" class="btn btn-show"></a> <a href="{{ path('person_document_show', {'person': person.id, 'id': document.id}) }}" class="btn btn-show"></a>

2
src/Bundle/ChillDocStoreBundle/Security/Authorization/StoredObjectVoter.php
View File

@ -37,6 +37,7 @@ class StoredObjectVoter extends Voter
protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
{ {
/** @var StoredObject $subject */ /** @var StoredObject $subject */
/*
if ( if (
!$token->hasAttribute(DavTokenAuthenticationEventSubscriber::STORED_OBJECT) !$token->hasAttribute(DavTokenAuthenticationEventSubscriber::STORED_OBJECT)
|| $subject->getUuid()->toString() !== $token->getAttribute(DavTokenAuthenticationEventSubscriber::STORED_OBJECT) || $subject->getUuid()->toString() !== $token->getAttribute(DavTokenAuthenticationEventSubscriber::STORED_OBJECT)
@ -47,6 +48,7 @@ class StoredObjectVoter extends Voter
if (!$token->hasAttribute(DavTokenAuthenticationEventSubscriber::ACTIONS)) { if (!$token->hasAttribute(DavTokenAuthenticationEventSubscriber::ACTIONS)) {
return false; return false;
} }
*/
$attributeAsEnum = StoredObjectRoleEnum::from($attribute); $attributeAsEnum = StoredObjectRoleEnum::from($attribute);

4
src/Bundle/ChillDocStoreBundle/Templating/WopiEditTwigExtensionRuntime.php
View File

@ -150,9 +150,9 @@ final readonly class WopiEditTwigExtensionRuntime implements RuntimeExtensionInt
* @throws \Twig\Error\RuntimeError * @throws \Twig\Error\RuntimeError
* @throws \Twig\Error\SyntaxError * @throws \Twig\Error\SyntaxError
*/ */
public function renderButtonGroup(Environment $environment, StoredObject $document, ?string $title = null, bool $canEdit = true, array $options = []): string public function renderButtonGroup(Environment $environment, StoredObject $document, ?string $title = null, bool $showEditButtons = true, array $options = []): string
{ {
$canEdit = $this->security->isGranted(StoredObjectRoleEnum::EDIT, $document); $canEdit = $this->security->isGranted(StoredObjectRoleEnum::EDIT->value, $document) && $showEditButtons;
$accessToken = $this->davTokenProvider->createToken( $accessToken = $this->davTokenProvider->createToken(
$document, $document,