From c9c29b9105604cae50729b47c8b055dfe119b472 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julien=20Fastr=C3=A9?= <julien.fastre@champs-libres.coop>
Date: Thu, 13 Mar 2025 17:53:10 +0100
Subject: [PATCH] Add ExportGenerationVoter and integrate it into
 StoredObjectVoter

Introduced ExportGenerationVoter to handle specific view permissions for ExportGeneration entities. Updated ExportGenerationStoredObjectVoter to delegate permission checks to the new voter using Symfony's security system. This improves separation of concerns and reusability of authorization logic.
---
 .../Authorization/ExportGenerationVoter.php   | 32 +++++++++++++++++++
 .../ExportGenerationStoredObjectVoter.php     |  6 ++--
 2 files changed, 36 insertions(+), 2 deletions(-)
 create mode 100644 src/Bundle/ChillMainBundle/Security/Authorization/ExportGenerationVoter.php

diff --git a/src/Bundle/ChillMainBundle/Security/Authorization/ExportGenerationVoter.php b/src/Bundle/ChillMainBundle/Security/Authorization/ExportGenerationVoter.php
new file mode 100644
index 000000000..008f76b40
--- /dev/null
+++ b/src/Bundle/ChillMainBundle/Security/Authorization/ExportGenerationVoter.php
@@ -0,0 +1,32 @@
+<?php
+
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
+namespace Chill\MainBundle\Security\Authorization;
+
+use Chill\MainBundle\Entity\ExportGeneration;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\Voter;
+
+class ExportGenerationVoter extends Voter
+{
+    public const VIEW = 'view';
+
+    protected function supports(string $attribute, $subject)
+    {
+        return self::VIEW === $attribute && $subject instanceof ExportGeneration;
+    }
+
+    protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token)
+    {
+        /* @var ExportGeneration $subject */
+        return $token->getUser()->getUserIdentifier() === $subject->getCreatedBy()->getUserIdentifier();
+    }
+}
diff --git a/src/Bundle/ChillMainBundle/Security/Authorization/StoredObject/ExportGenerationStoredObjectVoter.php b/src/Bundle/ChillMainBundle/Security/Authorization/StoredObject/ExportGenerationStoredObjectVoter.php
index 5dd1ecac8..4979ffec2 100644
--- a/src/Bundle/ChillMainBundle/Security/Authorization/StoredObject/ExportGenerationStoredObjectVoter.php
+++ b/src/Bundle/ChillMainBundle/Security/Authorization/StoredObject/ExportGenerationStoredObjectVoter.php
@@ -15,11 +15,13 @@ use Chill\DocStoreBundle\Entity\StoredObject;
 use Chill\DocStoreBundle\Security\Authorization\StoredObjectRoleEnum;
 use Chill\DocStoreBundle\Security\Authorization\StoredObjectVoterInterface;
 use Chill\MainBundle\Repository\ExportGenerationRepository;
+use Chill\MainBundle\Security\Authorization\ExportGenerationVoter;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Security;
 
 final readonly class ExportGenerationStoredObjectVoter implements StoredObjectVoterInterface
 {
-    public function __construct(private ExportGenerationRepository $repository) {}
+    public function __construct(private ExportGenerationRepository $repository, private Security $security) {}
 
     public function supports(StoredObjectRoleEnum $attribute, StoredObject $subject): bool
     {
@@ -36,6 +38,6 @@ final readonly class ExportGenerationStoredObjectVoter implements StoredObjectVo
             throw new \UnexpectedValueException('generation not found');
         }
 
-        return $token->getUser()->getUserIdentifier() === $generation->getCreatedBy()->getUserIdentifier();
+        return $this->security->isGranted(ExportGenerationVoter::VIEW, $generation);
     }
 }