Fix phpstan issues

2025-09-02 13:03:50 +00:00 · 2023-12-12 22:34:26 +01:00
parent af663cf27c
commit da997badd9
26 changed files with 275 additions and 261 deletions
--- a/src/Bundle/ChillPersonBundle/Controller/HouseholdMemberController.php
+++ b/src/Bundle/ChillPersonBundle/Controller/HouseholdMemberController.php
@@ -14,23 +14,37 @@ namespace Chill\PersonBundle\Controller;
 use Chill\MainBundle\CRUD\Controller\ApiController;
 use Chill\PersonBundle\Entity\Household\Household;
 use Chill\PersonBundle\Entity\Household\HouseholdMember;
-use Chill\PersonBundle\Entity\Household\Position;
 use Chill\PersonBundle\Entity\Person;
 use Chill\PersonBundle\Form\HouseholdMemberType;
 use Chill\PersonBundle\Household\MembersEditor;
 use Chill\PersonBundle\Repository\AccompanyingPeriodRepository;
+use Chill\PersonBundle\Repository\Household\HouseholdRepository;
+use Chill\PersonBundle\Repository\Household\PositionRepository;
+use Chill\PersonBundle\Repository\PersonRepository;
+use Chill\PersonBundle\Security\Authorization\HouseholdVoter;
 use Chill\PersonBundle\Security\Authorization\PersonVoter;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
 use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 use Symfony\Component\Routing\Annotation\Route;
 use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
+use Symfony\Component\Security\Core\Security;
 use Symfony\Component\Serializer\Exception;
 use Symfony\Contracts\Translation\TranslatorInterface;

 class HouseholdMemberController extends ApiController
 {
-    public function __construct(private readonly UrlGeneratorInterface $generator, private readonly TranslatorInterface $translator, private readonly AccompanyingPeriodRepository $periodRepository) {}
+    public function __construct(
+        private readonly UrlGeneratorInterface $generator,
+        private readonly TranslatorInterface $translator,
+        private readonly AccompanyingPeriodRepository $periodRepository,
+        private readonly PersonRepository $personRepository,
+        private readonly HouseholdRepository $householdRepository,
+        private readonly Security $security,
+        private readonly PositionRepository $positionRepository,
+    ) {}

    /**
     * @Route(
@@ -83,43 +97,50 @@ class HouseholdMemberController extends ApiController
     */
    public function editor(Request $request)
    {
-        $em = $this->getDoctrine()->getManager();
+        $ids = $request->query->all('persons');

-        if ($request->query->has('persons')) {
-            $ids = $request->query->get('persons', []);
+        if ([] !== $ids) {
+            $persons = [];

-            if (0 === \count($ids)) {
-                throw new BadRequestHttpException('parameters persons in query is not an array or empty');
-            }
+            foreach ($ids as $id) {
+                if (!is_numeric($id)) {
+                    throw new BadRequestHttpException(sprintf('persons with id %s is not numeric', $id));
+                }

-            $persons = $em->getRepository(Person::class)
-                ->findById($ids);
+                $person = $this->personRepository->find((int) $id);
+
+                if (null === $person) {
+                    throw new NotFoundHttpException(sprintf('person with id %d not found', $id));
+                }

-            foreach ($persons as $person) {
                $this->denyAccessUnlessGranted(
                    PersonVoter::SEE,
                    $person,
                    "You are not allowed to see person with id {$person->getId()}"
                );
+
+                $persons[] = $person;
            }
        }

        if ($request->query->has('household')) {
            $householdId = $request->query->get('household', false);
-            $household = $em->getRepository(Household::class)
+            $household = $this->householdRepository
                ->find($householdId);
            $allowHouseholdCreate = false;
            $allowHouseholdSearch = false;
            $allowLeaveWithoutHousehold = false;

            if (null === $household) {
-                throw $this->createNotFoundException('household not found');
+                throw new NotFoundHttpException('household not found');
+            }
+
+            if (!$this->security->isGranted(HouseholdVoter::EDIT, $household)) {
+                throw new AccessDeniedHttpException('not allowed to edit this household');
            }
-            // TODO ACL on household
        }

-        $positions = $this->getDoctrine()->getManager()
-            ->getRepository(Position::class)
+        $positions = $this->positionRepository
            ->findAll();

        $data = [
@@ -140,10 +161,8 @@ class HouseholdMemberController extends ApiController
            );

            if (null === $period) {
-                throw $this->createNotFoundException('period not found');
+                throw new NotFoundHttpException('accompanying period not found');
            }
-
-            // TODO add acl on accompanying Course
        }

        return $this->render('@ChillPerson/Household/members_editor.html.twig', [