From cf40f3846352c59e14cb7fa12a246acfb70ead1b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julien=20Fastr=C3=A9?= <julien.fastre@champs-libres.coop>
Date: Fri, 17 Sep 2021 10:08:33 +0200
Subject: [PATCH] rename voter helepers

---
 ...efaultVoter.php => DefaultVoterHelper.php} | 11 +----
 ...tory.php => DefaultVoterHelperFactory.php} |  4 +-
 ...or.php => DefaultVoterHelperGenerator.php} |  6 +--
 .../Authorization/VoterFactoryInterface.php   |  7 ---
 .../Authorization/VoterGeneratorInterface.php |  8 ++++
 .../VoterHelperFactoryInterface.php           |  8 ++++
 .../Authorization/VoterHelperInterface.php    | 12 +++++
 .../Security/Authorization/VoterInterface.php |  7 ---
 .../Security/Authorization/PersonVoter.php    | 48 ++++++-------------
 .../Security/Authorization/TaskVoter.php      |  8 ++--
 10 files changed, 54 insertions(+), 65 deletions(-)
 rename src/Bundle/ChillMainBundle/Security/Authorization/{DefaultVoter.php => DefaultVoterHelper.php} (83%)
 rename src/Bundle/ChillMainBundle/Security/Authorization/{DefaultVoterFactory.php => DefaultVoterHelperFactory.php} (85%)
 rename src/Bundle/ChillMainBundle/Security/Authorization/{VoterGenerator.php => DefaultVoterHelperGenerator.php} (84%)
 delete mode 100644 src/Bundle/ChillMainBundle/Security/Authorization/VoterFactoryInterface.php
 create mode 100644 src/Bundle/ChillMainBundle/Security/Authorization/VoterHelperFactoryInterface.php
 create mode 100644 src/Bundle/ChillMainBundle/Security/Authorization/VoterHelperInterface.php
 delete mode 100644 src/Bundle/ChillMainBundle/Security/Authorization/VoterInterface.php

diff --git a/src/Bundle/ChillMainBundle/Security/Authorization/DefaultVoter.php b/src/Bundle/ChillMainBundle/Security/Authorization/DefaultVoterHelper.php
similarity index 83%
rename from src/Bundle/ChillMainBundle/Security/Authorization/DefaultVoter.php
rename to src/Bundle/ChillMainBundle/Security/Authorization/DefaultVoterHelper.php
index 98882b876..bd1e0e1cb 100644
--- a/src/Bundle/ChillMainBundle/Security/Authorization/DefaultVoter.php
+++ b/src/Bundle/ChillMainBundle/Security/Authorization/DefaultVoterHelper.php
@@ -5,7 +5,7 @@ namespace Chill\MainBundle\Security\Authorization;
 use Chill\MainBundle\Entity\User;
 use Chill\MainBundle\Security\Resolver\CenterResolverDispatcher;
 
-class DefaultVoter implements VoterInterface
+class DefaultVoterHelper implements VoterHelperInterface
 {
     protected AuthorizationHelper $authorizationHelper;
 
@@ -50,14 +50,7 @@ class DefaultVoter implements VoterInterface
         }
 
         if (NULL === $subject) {
-           if (NULL === $center = $this->centerResolverDispatcher
-               ->resolveCenter($subject)) {
-               return false;
-           }
-           return $this->authorizationHelper->userCanReachCenter(
-               $token->getUser(),
-               $center
-           );
+            return 0 < count($this->authorizationHelper->getReachableCenters($token->getUser(), $attribute, null));
         }
 
         return $this->authorizationHelper->userHasAccess(
diff --git a/src/Bundle/ChillMainBundle/Security/Authorization/DefaultVoterFactory.php b/src/Bundle/ChillMainBundle/Security/Authorization/DefaultVoterHelperFactory.php
similarity index 85%
rename from src/Bundle/ChillMainBundle/Security/Authorization/DefaultVoterFactory.php
rename to src/Bundle/ChillMainBundle/Security/Authorization/DefaultVoterHelperFactory.php
index 4f3f232d9..9349eaed2 100644
--- a/src/Bundle/ChillMainBundle/Security/Authorization/DefaultVoterFactory.php
+++ b/src/Bundle/ChillMainBundle/Security/Authorization/DefaultVoterHelperFactory.php
@@ -4,7 +4,7 @@ namespace Chill\MainBundle\Security\Authorization;
 
 use Chill\MainBundle\Security\Resolver\CenterResolverDispatcher;
 
-class DefaultVoterFactory implements VoterFactoryInterface
+class DefaultVoterHelperFactory implements VoterHelperFactoryInterface
 {
     protected AuthorizationHelper $authorizationHelper;
     protected CenterResolverDispatcher $centerResolverDispatcher;
@@ -19,7 +19,7 @@ class DefaultVoterFactory implements VoterFactoryInterface
 
     public function generate($context): VoterGeneratorInterface
     {
-        return new VoterGenerator(
+        return new DefaultVoterHelperGenerator(
             $this->authorizationHelper,
             $this->centerResolverDispatcher
         );
diff --git a/src/Bundle/ChillMainBundle/Security/Authorization/VoterGenerator.php b/src/Bundle/ChillMainBundle/Security/Authorization/DefaultVoterHelperGenerator.php
similarity index 84%
rename from src/Bundle/ChillMainBundle/Security/Authorization/VoterGenerator.php
rename to src/Bundle/ChillMainBundle/Security/Authorization/DefaultVoterHelperGenerator.php
index e3b517f99..753586270 100644
--- a/src/Bundle/ChillMainBundle/Security/Authorization/VoterGenerator.php
+++ b/src/Bundle/ChillMainBundle/Security/Authorization/DefaultVoterHelperGenerator.php
@@ -4,7 +4,7 @@ namespace Chill\MainBundle\Security\Authorization;
 
 use Chill\MainBundle\Security\Resolver\CenterResolverDispatcher;
 
-final class VoterGenerator implements VoterGeneratorInterface
+final class DefaultVoterHelperGenerator implements VoterGeneratorInterface
 {
     protected AuthorizationHelper $authorizationHelper;
     protected CenterResolverDispatcher $centerResolverDispatcher;
@@ -25,9 +25,9 @@ final class VoterGenerator implements VoterGeneratorInterface
        return $this;
     }
 
-    public function build(): VoterInterface
+    public function build(): VoterHelperInterface
     {
-        return new DefaultVoter(
+        return new DefaultVoterHelper(
             $this->authorizationHelper,
             $this->centerResolverDispatcher,
             $this->configuration
diff --git a/src/Bundle/ChillMainBundle/Security/Authorization/VoterFactoryInterface.php b/src/Bundle/ChillMainBundle/Security/Authorization/VoterFactoryInterface.php
deleted file mode 100644
index b12739674..000000000
--- a/src/Bundle/ChillMainBundle/Security/Authorization/VoterFactoryInterface.php
+++ /dev/null
@@ -1,7 +0,0 @@
-<?php
-
-namespace Chill\MainBundle\Security\Authorization;
-
-interface VoterFactoryInterface
-{
-}
diff --git a/src/Bundle/ChillMainBundle/Security/Authorization/VoterGeneratorInterface.php b/src/Bundle/ChillMainBundle/Security/Authorization/VoterGeneratorInterface.php
index 0aaf04ecd..306427238 100644
--- a/src/Bundle/ChillMainBundle/Security/Authorization/VoterGeneratorInterface.php
+++ b/src/Bundle/ChillMainBundle/Security/Authorization/VoterGeneratorInterface.php
@@ -4,4 +4,12 @@ namespace Chill\MainBundle\Security\Authorization;
 
 interface VoterGeneratorInterface
 {
+    /**
+     * @param string $class The FQDN of a class
+     * @param array $attributes an array of attributes
+     * @return $this
+     */
+    public function addCheckFor(string $class, array $attributes): self;
+
+    public function build(): VoterHelperInterface;
 }
diff --git a/src/Bundle/ChillMainBundle/Security/Authorization/VoterHelperFactoryInterface.php b/src/Bundle/ChillMainBundle/Security/Authorization/VoterHelperFactoryInterface.php
new file mode 100644
index 000000000..5b16a10ef
--- /dev/null
+++ b/src/Bundle/ChillMainBundle/Security/Authorization/VoterHelperFactoryInterface.php
@@ -0,0 +1,8 @@
+<?php
+
+namespace Chill\MainBundle\Security\Authorization;
+
+interface VoterHelperFactoryInterface
+{
+    public function generate($context): VoterGeneratorInterface;
+}
diff --git a/src/Bundle/ChillMainBundle/Security/Authorization/VoterHelperInterface.php b/src/Bundle/ChillMainBundle/Security/Authorization/VoterHelperInterface.php
new file mode 100644
index 000000000..fc08bcb40
--- /dev/null
+++ b/src/Bundle/ChillMainBundle/Security/Authorization/VoterHelperInterface.php
@@ -0,0 +1,12 @@
+<?php
+
+namespace Chill\MainBundle\Security\Authorization;
+
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+
+interface VoterHelperInterface
+{
+    public function supports($attribute, $subject): bool;
+
+    public function voteOnAttribute($attribute, $subject, TokenInterface $token);
+}
diff --git a/src/Bundle/ChillMainBundle/Security/Authorization/VoterInterface.php b/src/Bundle/ChillMainBundle/Security/Authorization/VoterInterface.php
deleted file mode 100644
index 848d22190..000000000
--- a/src/Bundle/ChillMainBundle/Security/Authorization/VoterInterface.php
+++ /dev/null
@@ -1,7 +0,0 @@
-<?php
-
-namespace Chill\MainBundle\Security\Authorization;
-
-interface VoterInterface
-{
-}
diff --git a/src/Bundle/ChillPersonBundle/Security/Authorization/PersonVoter.php b/src/Bundle/ChillPersonBundle/Security/Authorization/PersonVoter.php
index e68d90365..6338f5f45 100644
--- a/src/Bundle/ChillPersonBundle/Security/Authorization/PersonVoter.php
+++ b/src/Bundle/ChillPersonBundle/Security/Authorization/PersonVoter.php
@@ -22,6 +22,8 @@ namespace Chill\PersonBundle\Security\Authorization;
 use Chill\MainBundle\Security\Authorization\AbstractChillVoter;
 use Chill\MainBundle\Entity\User;
 use Chill\MainBundle\Security\Authorization\AuthorizationHelper;
+use Chill\MainBundle\Security\Authorization\VoterHelperFactoryInterface;
+use Chill\MainBundle\Security\Authorization\VoterHelperInterface;
 use Chill\MainBundle\Security\ProvideRoleHierarchyInterface;
 use Chill\MainBundle\Security\Resolver\CenterResolverDispatcher;
 use Chill\PersonBundle\Entity\Person;
@@ -42,52 +44,32 @@ class PersonVoter extends AbstractChillVoter implements ProvideRoleHierarchyInte
 
     protected CenterResolverDispatcher $centerResolverDispatcher;
 
+    protected VoterHelperInterface $voter;
+
     public function __construct(
         AuthorizationHelper $helper,
-        CenterResolverDispatcher $centerResolverDispatcher
+        CenterResolverDispatcher $centerResolverDispatcher,
+        VoterHelperFactoryInterface $voterFactory
     ) {
         $this->helper = $helper;
         $this->centerResolverDispatcher = $centerResolverDispatcher;
+        $this->voter = $voterFactory
+            ->generate(self::class)
+            ->addCheckFor(Center::class, [self::STATS, self::LISTS, self::DUPLICATE])
+            ->addCheckFor(Person::class, [self::CREATE, self::UPDATE, self::SEE, self::DUPLICATE])
+            ->addCheckFor(null, [self::CREATE] )
+            ->build()
+            ;
     }
 
     protected function supports($attribute, $subject)
     {
-        if ($subject instanceof Person) {
-            return \in_array($attribute, [
-                self::CREATE, self::UPDATE, self::SEE, self::DUPLICATE
-            ]);
-        } elseif ($subject instanceof Center) {
-            return \in_array($attribute, [
-                self::STATS, self::LISTS, self::DUPLICATE
-            ]);
-        } elseif ($subject === null) {
-            return $attribute === self::CREATE;
-        } else {
-            return false;
-        }
+        return $this->voter->supports($attribute, $subject);
     }
 
     protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
     {
-        if (!$token->getUser() instanceof User) {
-            return false;
-        }
-
-        if ($subject === null) {
-            $centers = $this->helper->getReachableCenters($token->getUser(),
-                new Role($attribute));
-
-            return count($centers) > 0;
-        }
-
-        $center = $this->centerResolverDispatcher->resolveCenter($subject);
-
-        if (NULL === $center && $subject instanceof Person) {
-            // person without any center are seen by everybody
-            return true;
-        }
-
-        return $this->helper->userHasAccess($token->getUser(), $subject, $attribute);
+        return $this->voter->voteOnAttribute($attribute, $subject, $token);
     }
 
     private function getAttributes()
diff --git a/src/Bundle/ChillTaskBundle/Security/Authorization/TaskVoter.php b/src/Bundle/ChillTaskBundle/Security/Authorization/TaskVoter.php
index 7c4f2d4d9..2f760a84b 100644
--- a/src/Bundle/ChillTaskBundle/Security/Authorization/TaskVoter.php
+++ b/src/Bundle/ChillTaskBundle/Security/Authorization/TaskVoter.php
@@ -21,8 +21,8 @@ namespace Chill\TaskBundle\Security\Authorization;
 use Chill\EventBundle\Entity\Event;
 use Chill\MainBundle\Entity\Center;
 use Chill\MainBundle\Security\Authorization\AbstractChillVoter;
-use Chill\MainBundle\Security\Authorization\VoterFactoryInterface;
-use Chill\MainBundle\Security\Authorization\VoterInterface;
+use Chill\MainBundle\Security\Authorization\VoterHelperFactoryInterface;
+use Chill\MainBundle\Security\Authorization\VoterHelperInterface;
 use Chill\MainBundle\Security\Resolver\CenterResolverDispatcher;
 use Chill\TaskBundle\Entity\AbstractTask;
 use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
@@ -61,7 +61,7 @@ final class TaskVoter extends AbstractChillVoter implements ProvideRoleHierarchy
 
     protected CenterResolverDispatcher $centerResolverDispatcher;
 
-    protected VoterInterface $voter;
+    protected VoterHelperInterface $voter;
 
     public function __construct(
         AccessDecisionManagerInterface $accessDecisionManager,
@@ -69,7 +69,7 @@ final class TaskVoter extends AbstractChillVoter implements ProvideRoleHierarchy
         EventDispatcherInterface $eventDispatcher,
         LoggerInterface $logger,
         CenterResolverDispatcher $centerResolverDispatcher,
-        VoterFactoryInterface $voterFactory
+        VoterHelperFactoryInterface $voterFactory
     ) {
         $this->accessDecisionManager = $accessDecisionManager;
         $this->authorizationHelper = $authorizationHelper;