Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-06-12 13:24:25 +00:00
Code Issues Actions Projects Releases Wiki Activity

Merge branch '111_exports_acl' into '111_exports_suite'

Browse Source 
Adapt ACL to allow the usage of global ACL

See merge request Chill-Projet/chill-bundles!452
This commit is contained in:
Julien Fastré 2022-09-17 06:25:09 +00:00
commit d285e7f875
13 changed files with 117 additions and 120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
src/Bundle/ChillActivityBundle/Security/Authorization/ActivityStatsVoter.php
View File

@ -13,10 +13,10 @@ namespace Chill\ActivityBundle\Security\Authorization;
use Chill\MainBundle\Entity\Center; use Chill\MainBundle\Entity\Center;
use Chill\MainBundle\Security\Authorization\AbstractChillVoter; use Chill\MainBundle\Security\Authorization\AbstractChillVoter;
use Chill\MainBundle\Security\Authorization\AuthorizationHelper; use Chill\MainBundle\Security\Authorization\VoterHelperFactoryInterface;
use Chill\MainBundle\Security\Authorization\VoterHelperInterface;
use Chill\MainBundle\Security\ProvideRoleHierarchyInterface; use Chill\MainBundle\Security\ProvideRoleHierarchyInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use function in_array;
class ActivityStatsVoter extends AbstractChillVoter implements ProvideRoleHierarchyInterface class ActivityStatsVoter extends AbstractChillVoter implements ProvideRoleHierarchyInterface
{ {
@ -24,14 +24,14 @@ class ActivityStatsVoter extends AbstractChillVoter implements ProvideRoleHierar
public const STATS = 'CHILL_ACTIVITY_STATS'; public const STATS = 'CHILL_ACTIVITY_STATS';
/** protected VoterHelperInterface $helper;
* @var AuthorizationHelper
*/
protected $helper;
public function __construct(AuthorizationHelper $helper) public function __construct(VoterHelperFactoryInterface $voterHelperFactory)
{ {
$this->helper = $helper; $this->helper = $voterHelperFactory
->generate(self::class)
->addCheckFor(Center::class, [self::STATS, self::LISTS])
->build();
} }
public function getRoles(): array public function getRoles(): array
@ -49,30 +49,14 @@ class ActivityStatsVoter extends AbstractChillVoter implements ProvideRoleHierar
return $this->getAttributes(); return $this->getAttributes();
} }
protected function getSupportedClasses() protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
{ {
return [Center::class]; return $this->helper->voteOnAttribute($attribute, $subject, $token);
}
protected function isGranted($attribute, $object, $user = null)
{
if (!$user instanceof \Symfony\Component\Security\Core\User\UserInterface) {
return false;
}
return $this->helper->userHasAccess($user, $object, $attribute);
} }
protected function supports($attribute, $subject) protected function supports($attribute, $subject)
{ {
if ( return $this->helper->supports($attribute, $subject);
$subject instanceof Center
&& in_array($attribute, $this->getAttributes(), true)
) {
return true;
}
return false;
} }
private function getAttributes() private function getAttributes()

5
src/Bundle/ChillMainBundle/Controller/ExportController.php
View File

@ -23,6 +23,7 @@ use Symfony\Component\Form\Extension\Core\Type\FormType;
use Symfony\Component\Form\Extension\Core\Type\SubmitType; use Symfony\Component\Form\Extension\Core\Type\SubmitType;
use Symfony\Component\Form\FormFactoryInterface; use Symfony\Component\Form\FormFactoryInterface;
use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpFoundation\Session\SessionInterface; use Symfony\Component\HttpFoundation\Session\SessionInterface;
use Symfony\Contracts\Translation\TranslatorInterface; use Symfony\Contracts\Translation\TranslatorInterface;
@ -142,10 +143,8 @@ class ExportController extends AbstractController
/** /**
* Render the list of available exports. * Render the list of available exports.
*
* @return \Symfony\Component\HttpFoundation\Response
*/ */
public function indexAction(Request $request) public function indexAction(): Response
{ {
$exportManager = $this->exportManager; $exportManager = $this->exportManager;

56
src/Bundle/ChillMainBundle/Export/ExportManager.php
View File

@ -14,6 +14,7 @@ namespace Chill\MainBundle\Export;
use Chill\MainBundle\Form\Type\Export\ExportType; use Chill\MainBundle\Form\Type\Export\ExportType;
use Chill\MainBundle\Form\Type\Export\PickCenterType; use Chill\MainBundle\Form\Type\Export\PickCenterType;
use Chill\MainBundle\Security\Authorization\AuthorizationHelper; use Chill\MainBundle\Security\Authorization\AuthorizationHelper;
use Chill\MainBundle\Security\Authorization\AuthorizationHelperInterface;
use Doctrine\ORM\EntityManagerInterface; use Doctrine\ORM\EntityManagerInterface;
use Doctrine\ORM\QueryBuilder; use Doctrine\ORM\QueryBuilder;
use Generator; use Generator;
@ -42,52 +43,38 @@ class ExportManager
/** /**
* The collected aggregators, injected by DI. * The collected aggregators, injected by DI.
* *
* @var AggregatorInterface[] * @var array|AggregatorInterface[]
*/ */
private $aggregators = []; private array $aggregators = [];
/** private AuthorizationCheckerInterface $authorizationChecker;
* @var AuthorizationChecker
*/
private $authorizationChecker;
/** private AuthorizationHelperInterface $authorizationHelper;
* @var AuthorizationHelper
*/
private $authorizationHelper;
/** private EntityManagerInterface $em;
* @var EntityManagerInterface
*/
private $em;
/** /**
* Collected Exports, injected by DI. * Collected Exports, injected by DI.
* *
* @var ExportInterface[] * @var array|ExportInterface[]
*/ */
private $exports = []; private array $exports = [];
/** /**
* The collected filters, injected by DI. * The collected filters, injected by DI.
* *
* @var FilterInterface[] * @var array|FilterInterface[]
*/ */
private $filters = []; private array $filters = [];
/** /**
* Collected Formatters, injected by DI. * Collected Formatters, injected by DI.
* *
* @var FormatterInterface[] * @var array|FormatterInterface[]
*/ */
private $formatters = []; private array $formatters = [];
/** private LoggerInterface $logger;
* a logger.
*
* @var LoggerInterface
*/
private $logger;
/** /**
* @var \Symfony\Component\Security\Core\User\UserInterface * @var \Symfony\Component\Security\Core\User\UserInterface
@ -98,7 +85,7 @@ class ExportManager
LoggerInterface $logger, LoggerInterface $logger,
EntityManagerInterface $em, EntityManagerInterface $em,
AuthorizationCheckerInterface $authorizationChecker, AuthorizationCheckerInterface $authorizationChecker,
AuthorizationHelper $authorizationHelper, AuthorizationHelperInterface $authorizationHelper,
TokenStorageInterface $tokenStorage TokenStorageInterface $tokenStorage
) { ) {
$this->logger = $logger; $this->logger = $logger;
@ -547,19 +534,16 @@ class ExportManager
. 'an ExportInterface.'); . 'an ExportInterface.');
} }
if (null === $centers) { if (null === $centers || [] === $centers) {
$centers = $this->authorizationHelper->getReachableCenters( // we want to try if at least one center is reachable
return [] !== $this->authorizationHelper->getReachableCenters(
$this->user, $this->user,
$role $role
); );
} }
if (count($centers) === 0) {
return false;
}
foreach ($centers as $center) { foreach ($centers as $center) {
if ($this->authorizationChecker->isGranted($role, $center) === false) { if (false === $this->authorizationChecker->isGranted($role, $center)) {
//debugging //debugging
$this->logger->debug('user has no access to element', [ $this->logger->debug('user has no access to element', [
'method' => __METHOD__, 'method' => __METHOD__,
@ -568,10 +552,6 @@ class ExportManager
'role' => $role, 'role' => $role,
]); ]);
///// Bypasse les autorisations qui empêche d'afficher les nouveaux exports
return true;
///// TODO supprimer le return true
return false; return false;
} }
} }

36
src/Bundle/ChillMainBundle/Form/Type/Export/PickCenterType.php
View File

@ -15,6 +15,7 @@ use Chill\MainBundle\Center\GroupingCenterInterface;
use Chill\MainBundle\Entity\Center; use Chill\MainBundle\Entity\Center;
use Chill\MainBundle\Export\ExportManager; use Chill\MainBundle\Export\ExportManager;
use Chill\MainBundle\Security\Authorization\AuthorizationHelper; use Chill\MainBundle\Security\Authorization\AuthorizationHelper;
use Chill\MainBundle\Security\Authorization\AuthorizationHelperInterface;
use Doctrine\ORM\EntityRepository; use Doctrine\ORM\EntityRepository;
use Symfony\Bridge\Doctrine\Form\Type\EntityType; use Symfony\Bridge\Doctrine\Form\Type\EntityType;
use Symfony\Component\Form\AbstractType; use Symfony\Component\Form\AbstractType;
@ -24,6 +25,7 @@ use Symfony\Component\Form\FormBuilderInterface;
use Symfony\Component\OptionsResolver\OptionsResolver; use Symfony\Component\OptionsResolver\OptionsResolver;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Symfony\Component\Security\Core\User\UserInterface;
use function array_intersect; use function array_intersect;
use function array_key_exists; use function array_key_exists;
use function array_merge; use function array_merge;
@ -38,30 +40,24 @@ class PickCenterType extends AbstractType
{ {
public const CENTERS_IDENTIFIERS = 'c'; public const CENTERS_IDENTIFIERS = 'c';
/** protected AuthorizationHelperInterface $authorizationHelper;
* @var AuthorizationHelper
*/ protected ExportManager $exportManager;
protected $authorizationHelper;
/** /**
* @var ExportManager * @var array|GroupingCenterInterface[]
*/ */
protected $exportManager; protected array $groupingCenters = [];
/**
* @var GroupingCenterInterface[]
*/
protected $groupingCenters = [];
/** /**
* @var \Symfony\Component\Security\Core\User\UserInterface * @var \Symfony\Component\Security\Core\User\UserInterface
*/ */
protected $user; protected UserInterface $user;
public function __construct( public function __construct(
TokenStorageInterface $tokenStorage, TokenStorageInterface $tokenStorage,
ExportManager $exportManager, ExportManager $exportManager,
AuthorizationHelper $authorizationHelper AuthorizationHelperInterface $authorizationHelper
) { ) {
$this->exportManager = $exportManager; $this->exportManager = $exportManager;
$this->user = $tokenStorage->getToken()->getUser(); $this->user = $tokenStorage->getToken()->getUser();
@ -78,22 +74,12 @@ class PickCenterType extends AbstractType
$export = $this->exportManager->getExport($options['export_alias']); $export = $this->exportManager->getExport($options['export_alias']);
$centers = $this->authorizationHelper->getReachableCenters( $centers = $this->authorizationHelper->getReachableCenters(
$this->user, $this->user,
(string) $export->requiredRole() $export->requiredRole()
); );
$builder->add(self::CENTERS_IDENTIFIERS, EntityType::class, [ $builder->add(self::CENTERS_IDENTIFIERS, EntityType::class, [
'class' => Center::class, 'class' => Center::class,
'query_builder' => static function (EntityRepository $er) use ($centers) { 'choices' => $centers,
$qb = $er->createQueryBuilder('c');
$ids = array_map(
static function (Center $el) {
return $el->getId();
},
$centers
);
return $qb->where($qb->expr()->in('c.id', $ids));
},
'multiple' => true, 'multiple' => true,
'expanded' => true, 'expanded' => true,
'choice_label' => static function (Center $c) { 'choice_label' => static function (Center $c) {

7
src/Bundle/ChillMainBundle/Repository/CenterRepository.php
View File

@ -16,7 +16,7 @@ use Doctrine\ORM\EntityManagerInterface;
use Doctrine\ORM\EntityRepository; use Doctrine\ORM\EntityRepository;
use Doctrine\Persistence\ObjectRepository; use Doctrine\Persistence\ObjectRepository;
final class CenterRepository implements ObjectRepository final class CenterRepository implements CenterRepositoryInterface
{ {
private EntityRepository $repository; private EntityRepository $repository;
@ -30,6 +30,11 @@ final class CenterRepository implements ObjectRepository
return $this->repository->find($id, $lockMode, $lockVersion); return $this->repository->find($id, $lockMode, $lockVersion);
} }
public function findActive(): array
{
return $this->findAll();
}
/** /**
* @return Center[] * @return Center[]
*/ */

18
src/Bundle/ChillMainBundle/Repository/CenterRepositoryInterface.php Normal file
View File

@ -0,0 +1,18 @@
<?php
namespace Chill\MainBundle\Repository;
use Chill\MainBundle\Entity\Center;
use Doctrine\Persistence\ObjectRepository;
interface CenterRepositoryInterface extends ObjectRepository
{
/**
* Return all active centers
*
* Note: this is a teaser: active will comes later on center entity
*
* @return Center[]
*/
public function findActive(): array;
}

17
src/Bundle/ChillMainBundle/Security/Authorization/ChillExportVoter.php
View File

@ -19,24 +19,23 @@ class ChillExportVoter extends Voter
{ {
public const EXPORT = 'chill_export'; public const EXPORT = 'chill_export';
protected AuthorizationHelperInterface $authorizationHelper; private VoterHelperInterface $helper;
public function __construct(AuthorizationHelperInterface $authorizationHelper) public function __construct(VoterHelperFactoryInterface $voterHelperFactory)
{ {
$this->authorizationHelper = $authorizationHelper; $this->helper = $voterHelperFactory
->generate(self::class)
->addCheckFor(null, [self::EXPORT])
->build();
} }
protected function supports($attribute, $subject): bool protected function supports($attribute, $subject): bool
{ {
return self::EXPORT === $attribute; return $this->helper->supports($attribute, $subject);
} }
protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
{ {
if (!$token->getUser() instanceof User) { return $this->helper->voteOnAttribute($attribute, $subject, $token);
return false;
}
return [] !== $this->authorizationHelper->getReachableCenters($token->getUser(), $attribute);
} }
} }

1
src/Bundle/ChillMainBundle/Test/ProphecyTrait.php
View File

@ -18,6 +18,7 @@ namespace Chill\MainBundle\Test;
* and use tearDownTrait after usage. * and use tearDownTrait after usage.
* *
* @codeCoverageIgnore * @codeCoverageIgnore
* @deprecated use @class{Prophecy\PhpUnit\ProphecyTrait} instead
*/ */
trait ProphecyTrait trait ProphecyTrait
{ {

8
src/Bundle/ChillMainBundle/config/services.yaml
View File

@ -88,12 +88,8 @@ services:
- { name: validator.constraint_validator, alias: 'role_scope_scope_presence' } - { name: validator.constraint_validator, alias: 'role_scope_scope_presence' }
Chill\MainBundle\Export\ExportManager: Chill\MainBundle\Export\ExportManager:
arguments: autoconfigure: true
- "@logger" autowire: true
- "@doctrine.orm.entity_manager"
- "@security.authorization_checker"
- "@chill.main.security.authorization.helper"
- "@security.token_storage"
Chill\MainBundle\Security\Resolver\CenterResolverDispatcherInterface: '@Chill\MainBundle\Security\Resolver\CenterResolverDispatcher' Chill\MainBundle\Security\Resolver\CenterResolverDispatcherInterface: '@Chill\MainBundle\Security\Resolver\CenterResolverDispatcher'

8
src/Bundle/ChillMainBundle/config/services/form.yaml
View File

@ -81,12 +81,8 @@ services:
chill.main.form.pick_centers_type: chill.main.form.pick_centers_type:
class: Chill\MainBundle\Form\Type\Export\PickCenterType class: Chill\MainBundle\Form\Type\Export\PickCenterType
arguments: autowire: true
- "@security.token_storage" autoconfigure: true
- '@Chill\MainBundle\Export\ExportManager'
- "@chill.main.security.authorization.helper"
tags:
- { name: form.type }
chill.main.form.formatter_type: chill.main.form.formatter_type:
class: Chill\MainBundle\Form\Type\Export\FormatterType class: Chill\MainBundle\Form\Type\Export\FormatterType

2
src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodVoter.php
View File

@ -11,6 +11,7 @@ declare(strict_types=1);
namespace Chill\PersonBundle\Security\Authorization; namespace Chill\PersonBundle\Security\Authorization;
use Chill\MainBundle\Entity\Center;
use Chill\MainBundle\Entity\User; use Chill\MainBundle\Entity\User;
use Chill\MainBundle\Security\Authorization\AbstractChillVoter; use Chill\MainBundle\Security\Authorization\AbstractChillVoter;
use Chill\MainBundle\Security\Authorization\VoterHelperFactoryInterface; use Chill\MainBundle\Security\Authorization\VoterHelperFactoryInterface;
@ -119,6 +120,7 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRoleH
->addCheckFor(null, [self::CREATE, self::REASSIGN_BULK]) ->addCheckFor(null, [self::CREATE, self::REASSIGN_BULK])
->addCheckFor(AccompanyingPeriod::class, [self::TOGGLE_CONFIDENTIAL, ...self::ALL]) ->addCheckFor(AccompanyingPeriod::class, [self::TOGGLE_CONFIDENTIAL, ...self::ALL])
->addCheckFor(Person::class, [self::SEE, self::CREATE]) ->addCheckFor(Person::class, [self::SEE, self::CREATE])
->addCheckFor(Center::class, [self::STATS])
->build(); ->build();
} }

38
src/Bundle/ChillPersonBundle/Security/Authorization/HouseholdVoter.php
View File

@ -11,6 +11,10 @@ declare(strict_types=1);
namespace Chill\PersonBundle\Security\Authorization; namespace Chill\PersonBundle\Security\Authorization;
use Chill\MainBundle\Entity\Center;
use Chill\MainBundle\Security\Authorization\VoterHelperFactoryInterface;
use Chill\MainBundle\Security\Authorization\VoterHelperInterface;
use Chill\MainBundle\Security\ProvideRoleHierarchyInterface;
use Chill\PersonBundle\Entity\Household\Household; use Chill\PersonBundle\Entity\Household\Household;
use Chill\PersonBundle\Entity\Household\HouseholdMember; use Chill\PersonBundle\Entity\Household\HouseholdMember;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
@ -19,7 +23,7 @@ use Symfony\Component\Security\Core\Security;
use UnexpectedValueException; use UnexpectedValueException;
use function in_array; use function in_array;
class HouseholdVoter extends Voter class HouseholdVoter extends Voter implements ProvideRoleHierarchyInterface
{ {
public const EDIT = 'CHILL_PERSON_HOUSEHOLD_EDIT'; public const EDIT = 'CHILL_PERSON_HOUSEHOLD_EDIT';
@ -36,17 +40,40 @@ class HouseholdVoter extends Voter
self::EDIT, self::SEE, self::EDIT, self::SEE,
]; ];
private VoterHelperInterface $helper;
private Security $security; private Security $security;
public function __construct(Security $security) public function __construct(Security $security, VoterHelperFactoryInterface $voterHelperFactory)
{ {
$this->security = $security; $this->security = $security;
$this->helper = $voterHelperFactory
->generate(self::class)
->addCheckFor(Center::class, [self::STATS])
->build();
}
public function getRolesWithHierarchy(): array
{
return [ 'Person' => $this->getRoles() ];
}
public function getRoles(): array
{
return [self::STATS];
}
public function getRolesWithoutScope(): array
{
return $this->getRoles();
} }
protected function supports($attribute, $subject) protected function supports($attribute, $subject)
{ {
return $subject instanceof Household return ($subject instanceof Household
&& in_array($attribute, self::ALL, true); && in_array($attribute, self::ALL, true))
|| $this->helper->supports($attribute, $subject)
;
} }
protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
@ -58,6 +85,9 @@ class HouseholdVoter extends Voter
case self::EDIT: case self::EDIT:
return $this->checkAssociatedMembersRole($subject, PersonVoter::UPDATE); return $this->checkAssociatedMembersRole($subject, PersonVoter::UPDATE);
case self::STATS:
return $this->voteOnAttribute($attribute, $subject, $token);
default: default:
throw new UnexpectedValueException('attribute not supported'); throw new UnexpectedValueException('attribute not supported');
} }

1
src/Bundle/ChillPersonBundle/translations/messages.fr.yml
View File

@ -318,6 +318,7 @@ CHILL_PERSON_ACCOMPANYING_PERIOD_FULL: Voir les détails, créer, supprimer et m
CHILL_PERSON_ACCOMPANYING_COURSE_REASSIGN_BULK: Réassigner les parcours en lot CHILL_PERSON_ACCOMPANYING_COURSE_REASSIGN_BULK: Réassigner les parcours en lot
CHILL_PERSON_ACCOMPANYING_PERIOD_SEE_DETAILS: Voir les détails d'une période d'accompagnement CHILL_PERSON_ACCOMPANYING_PERIOD_SEE_DETAILS: Voir les détails d'une période d'accompagnement
CHILL_PERSON_ACCOMPANYING_PERIOD_STATS: Statistiques sur les parcours d'accompagnement CHILL_PERSON_ACCOMPANYING_PERIOD_STATS: Statistiques sur les parcours d'accompagnement
CHILL_PERSON_HOUSEHOLD_STATS: Statistiques sur les ménages
#period #period
Period closed!: Période clôturée! Period closed!: Période clôturée!