Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-08-21 07:03:49 +00:00
Code Issues Actions Projects Releases Wiki Activity

fix some authorization check in menu

Browse Source
This commit is contained in:
Julien Fastré
2022-03-25 13:11:03 +01:00
parent b423821ae9
commit d11eebefae
4 changed files with 43 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodVoter.php
View File

@@ -34,12 +34,23 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRoleH
self::FULL,
self::TOGGLE_CONFIDENTIAL_ALL,
self::TOGGLE_INTENSITY,
self::RE_OPEN_COURSE,
];
public const CREATE = 'CHILL_PERSON_ACCOMPANYING_PERIOD_CREATE';
/**
* role to DELETE the course
*
* Will be true only for the creator, and if the course is still at DRAFT step.
*/
public const DELETE = 'CHILL_PERSON_ACCOMPANYING_PERIOD_DELETE';
/**
* role to EDIT the course.
*
* If the course is closed, it will be always false.
*/
public const EDIT = 'CHILL_PERSON_ACCOMPANYING_PERIOD_UPDATE';
/**
@@ -56,6 +67,14 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRoleH
*/
public const SEE_DETAILS = 'CHILL_PERSON_ACCOMPANYING_PERIOD_SEE_DETAILS';
/**
* Reopen a closed course.
*
* This forward to the EDIT role, without taking into account that the course
* is closed
*/
public const RE_OPEN_COURSE = 'CHILL_PERSON_ACCOMPANYING_PERIOD_REOPEN';
public const TOGGLE_CONFIDENTIAL = 'CHILL_PERSON_ACCOMPANYING_PERIOD_TOGGLE_CONFIDENTIAL';
/**
@@ -116,6 +135,10 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRoleH
if (in_array($attribute, [self::EDIT, self::DELETE], true)) {
return false;
}
if (self::RE_OPEN_COURSE === $attribute) {
return $this->voterHelper->voteOnAttribute(self::EDIT, $subject, $token);
}
}
if (AccompanyingPeriod::STEP_DRAFT === $subject->getStep()) {