adapta list of tasks for a person

2025-08-29 19:13:49 +00:00 · 2021-10-29 16:26:19 +02:00
parent 4017f8db48
commit db15a3d53c
10 changed files with 224 additions and 344 deletions
--- a/src/Bundle/ChillTaskBundle/Security/Authorization/TaskVoter.php
+++ b/src/Bundle/ChillTaskBundle/Security/Authorization/TaskVoter.php
@@ -41,16 +41,18 @@ use Chill\TaskBundle\Security\Authorization\AuthorizationEvent;

 final class TaskVoter extends AbstractChillVoter implements ProvideRoleHierarchyInterface
 {
-    const CREATE = 'CHILL_TASK_TASK_CREATE';
-    const UPDATE = 'CHILL_TASK_TASK_UPDATE';
-    const SHOW   = 'CHILL_TASK_TASK_SHOW';
+    const CREATE_COURSE = 'CHILL_TASK_TASK_CREATE_FOR_COURSE';
+    const CREATE_PERSON = 'CHILL_TASK_TASK_CREATE_FOR_PERSON';
    const DELETE   = 'CHILL_TASK_TASK_DELETE';
+    const SHOW   = 'CHILL_TASK_TASK_SHOW';
+    const UPDATE = 'CHILL_TASK_TASK_UPDATE';

    const ROLES = [
-        self::CREATE,
-        self::UPDATE,
+        self::CREATE_COURSE,
+        self::CREATE_PERSON,
+        self::DELETE,
        self::SHOW,
-        self::DELETE
+        self::UPDATE,
    ];

    protected AuthorizationHelper $authorizationHelper;
@@ -84,8 +86,8 @@ final class TaskVoter extends AbstractChillVoter implements ProvideRoleHierarchy
        $this->voter = $voterFactory
            ->generate(AbstractTask::class)
            ->addCheckFor(AbstractTask::class, self::ROLES)
-            ->addCheckFor(Person::class, [self::SHOW, self::CREATE])
-            ->addCheckFor(AccompanyingPeriod::class, [self::SHOW, self::CREATE])
+            ->addCheckFor(Person::class, [self::SHOW, self::CREATE_PERSON])
+            ->addCheckFor(AccompanyingPeriod::class, [self::SHOW, self::CREATE_COURSE])
            ->addCheckFor(null, [self::SHOW])
            ->build()
            ;
@@ -147,41 +149,6 @@ final class TaskVoter extends AbstractChillVoter implements ProvideRoleHierarchy

        // do regular check.
        return $this->voter->voteOnAttribute($attribute, $subject, $token);
-
-
-        if ($subject instanceof AbstractTask) {
-            $associated = $subject->getPerson() ?? $subject->getCourse();
-            if ($associated === null) {
-                throw new \LogicException("You should associate a person with task "
-                    . "in order to check autorizations");
-            }
-            $person = $subject->getPerson();
-        } elseif ($subject instanceof Person) {
-            // subject is null. We check  that at least one center is reachable
-            $centers = $this->authorizationHelper->getReachableCenters($token->getUser(), new Role($attribute));
-
-            return count($centers) > 0;
-        }
-
-        if (!$this->accessDecisionManager->decide($token, [PersonVoter::SEE], $person)) {
-            return false;
-        }
-        $center = $this->centerResolverDispatcher->resolveCenter($subject);
-
-        if (NULL === $center) {
-            return false;
-        } elseif ($associated instanceof AccompanyingPeriod && !$this->accessDecisionManager->decide($token, [AccompanyingPeriodVoter::SEE], $associated)) {
-            return false;
-        } elseif ($associated instanceof AccompanyingPeriod && !$this->accessDecisionManager->decide($token, [AccompanyingPeriodVoter::SEE], $associated)) {
-            return false;
-        }
-
-        return $this->authorizationHelper->userHasAccess(
-            $token->getUser(),
-            $subject,
-            $attribute
-            );
-
    }

    public function getRoles()