Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-06-07 18:44:08 +00:00
Code Issues Actions Projects Releases Wiki Activity

Add ExportGenerationVoter and integrate it into StoredObjectVoter

Browse Source 
Introduced ExportGenerationVoter to handle specific view permissions for ExportGeneration entities. Updated ExportGenerationStoredObjectVoter to delegate permission checks to the new voter using Symfony's security system. This improves separation of concerns and reusability of authorization logic.
This commit is contained in:
Julien Fastré 2025-03-13 17:53:10 +01:00
parent fb806a9579
commit c9c29b9105
Signed by: julienfastre
GPG Key ID: BDE2190974723FCB
2 changed files with 36 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
src/Bundle/ChillMainBundle/Security/Authorization/ExportGenerationVoter.php Normal file
View File

@ -0,0 +1,32 @@
<?php
declare(strict_types=1);
/*
* Chill is a software for social workers
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace Chill\MainBundle\Security\Authorization;
use Chill\MainBundle\Entity\ExportGeneration;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
class ExportGenerationVoter extends Voter
{
public const VIEW = 'view';
protected function supports(string $attribute, $subject)
{
return self::VIEW === $attribute && $subject instanceof ExportGeneration;
}
protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token)
{
/* @var ExportGeneration $subject */
return $token->getUser()->getUserIdentifier() === $subject->getCreatedBy()->getUserIdentifier();
}
}

6
src/Bundle/ChillMainBundle/Security/Authorization/StoredObject/ExportGenerationStoredObjectVoter.php
View File

@ -15,11 +15,13 @@ use Chill\DocStoreBundle\Entity\StoredObject;
use Chill\DocStoreBundle\Security\Authorization\StoredObjectRoleEnum; use Chill\DocStoreBundle\Security\Authorization\StoredObjectRoleEnum;
use Chill\DocStoreBundle\Security\Authorization\StoredObjectVoterInterface; use Chill\DocStoreBundle\Security\Authorization\StoredObjectVoterInterface;
use Chill\MainBundle\Repository\ExportGenerationRepository; use Chill\MainBundle\Repository\ExportGenerationRepository;
use Chill\MainBundle\Security\Authorization\ExportGenerationVoter;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Security;
final readonly class ExportGenerationStoredObjectVoter implements StoredObjectVoterInterface final readonly class ExportGenerationStoredObjectVoter implements StoredObjectVoterInterface
{ {
public function __construct(private ExportGenerationRepository $repository) {} public function __construct(private ExportGenerationRepository $repository, private Security $security) {}
public function supports(StoredObjectRoleEnum $attribute, StoredObject $subject): bool public function supports(StoredObjectRoleEnum $attribute, StoredObject $subject): bool
{ {
@ -36,6 +38,6 @@ final readonly class ExportGenerationStoredObjectVoter implements StoredObjectVo
throw new \UnexpectedValueException('generation not found'); throw new \UnexpectedValueException('generation not found');
} }
return $token->getUser()->getUserIdentifier() === $generation->getCreatedBy()->getUserIdentifier(); return $this->security->isGranted(ExportGenerationVoter::VIEW, $generation);
} }
} }