AuthorizationHelper: compare center and scope based on id, not on equality

For an unknown reason, in some circumstances, the use of the `===` comparator does not work when comparing Center instances and Scope instances. Then, we compare them based on the id.
2025-08-26 09:33:50 +00:00 · 2023-09-13 10:08:44 +02:00
parent 2ce29f36ff
commit d3b68f8f8f
3 changed files with 53 additions and 31 deletions
--- a/src/Bundle/ChillMainBundle/Security/Authorization/AuthorizationHelper.php
+++ b/src/Bundle/ChillMainBundle/Security/Authorization/AuthorizationHelper.php
@@ -33,7 +33,13 @@ use function get_class;
 */
 class AuthorizationHelper implements AuthorizationHelperInterface
 {
-    public function __construct(private readonly CenterResolverManagerInterface $centerResolverManager, private readonly LoggerInterface $logger, private readonly ScopeResolverDispatcher $scopeResolverDispatcher, private readonly UserACLAwareRepositoryInterface $userACLAwareRepository, private readonly ParentRoleHelper $parentRoleHelper) {}
+    public function __construct(
+        private readonly CenterResolverManagerInterface $centerResolverManager,
+        private readonly LoggerInterface $logger,
+        private readonly ScopeResolverDispatcher $scopeResolverDispatcher,
+        private readonly UserACLAwareRepositoryInterface $userACLAwareRepository,
+        private readonly ParentRoleHelper $parentRoleHelper
+    ) {}

    /**
     * Filter an array of centers, return only center which are reachable.
@@ -233,7 +239,7 @@ class AuthorizationHelper implements AuthorizationHelperInterface
        return $this->parentRoleHelper->isRoleReached($childRole, $parentRole);
    }

-    private function userHasAccessForCenter(User $user, Center $center, $entity, $attribute): bool
+    private function userHasAccessForCenter(User $user, Center $center, mixed $entity, $attribute): bool
    {
        if (!$this->userCanReachCenter($user, $center)) {
            $this->logger->debug('user cannot reach center of entity', [
@@ -243,10 +249,11 @@ class AuthorizationHelper implements AuthorizationHelperInterface

            return false;
        }
-
        foreach ($user->getGroupCenters() as $groupCenter) {
-            //filter on center
-            if ($groupCenter->getCenter() === $center) {
+            // filter on center
+            // in some case, the center can be the same, but have different object hashes,
+            // we cannot compare the objects: we must compare the ids here
+            if ($groupCenter->getCenter()->getId() === $center->getId()) {
                $permissionGroup = $groupCenter->getPermissionsGroup();
                //iterate on roleScopes
                foreach ($permissionGroup->getRoleScopes() as $roleScope) {
@@ -263,7 +270,7 @@ class AuthorizationHelper implements AuthorizationHelperInterface

                            if (is_iterable($scope)) {
                                foreach ($scope as $s) {
-                                    if ($roleScope->getScope() === $s) {
+                                    if ($roleScope->getScope()->getId() === $s->getId()) {
                                        return true;
                                    }
                                }