Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-06-14 14:24:24 +00:00
Code Issues Actions Projects Releases Wiki Activity

Merge branch 'EventVoter' into sf3

Browse Source
This commit is contained in:
Tchama 2019-01-25 18:19:29 +01:00
commit e2be8f119d
5 changed files with 133 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
Menu/PersonMenuBuilder.php
View File

@ -2,21 +2,14 @@
namespace Chill\EventBundle\Menu;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
use Symfony\Component\Translation\TranslatorInterface;
use Symfony\Component\Security\Core\Role\Role;
use Knp\Menu\MenuItem;
use Chill\MainBundle\Routing\LocalMenuBuilderInterface;
use Chill\MainBundle\Security\Authorization\AuthorizationHelper;
use Chill\EventBundle\Security\Authorization\EventVoter;
class PersonMenuBuilder implements LocalMenuBuilderInterface
{
/**
*
* @var TokenStorageInterface
*/
protected $tokenStorage;
/**
*
@ -26,31 +19,25 @@ class PersonMenuBuilder implements LocalMenuBuilderInterface
/**
*
* @var AuthorizationHelper
* @var AuthorizationCheckerInterface
*/
protected $authorizationHelper;
protected $authorizationChecker;
public function __construct(
AuthorizationHelper $authorizationHelper,
TokenStorageInterface $tokenStorage,
AuthorizationCheckerInterface $authorizationChecker,
TranslatorInterface $translator
) {
$this->tokenStorage = $tokenStorage;
$this->authorizationChecker = $authorizationChecker;
$this->translator = $translator;
$this->authorizationHelper = $authorizationHelper;
}
public function buildMenu($menuId, MenuItem $menu, array $parameters)
{
/* @var $person \Chill\PersonBundle\Entity\Person */
$person = $parameters['person'];
$person = $parameters['person'] ?? null;
$user = $this->tokenStorage->getToken()->getUser();
$roleSee = new Role(EventVoter::SEE);
// ASK use authorizationHelper or authorizationChecker ??
if ($this->authorizationHelper->userHasAccess($user, $person, $roleSee)) {
if ($this->authorizationChecker->isGranted(EventVoter::SEE, $person)) {
$menu->addChild($this->translator->trans('Events participation'), [
'route' => 'chill_event__list_by_person',

2
Resources/config/services/authorization.yml
View File

@ -2,7 +2,9 @@ services:
chill_event.event_voter:
class: Chill\EventBundle\Security\Authorization\EventVoter
arguments:
- "@security.access.decision_manager"
- "@chill.main.security.authorization.helper"
- "@logger"
tags:
- { name: chill.role }
- { name: security.voter }

3
Resources/config/services/menu.yml
View File

@ -1,8 +1,7 @@
services:
Chill\EventBundle\Menu\PersonMenuBuilder:
arguments:
$authorizationHelper: '@Chill\MainBundle\Security\Authorization\AuthorizationHelper'
$tokenStorage: '@Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface'
$authorizationChecker: '@Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface'
$translator: '@Symfony\Component\Translation\TranslatorInterface'
tags:
- { name: 'chill.menu_builder' }

75
Resources/views/Event/listByPerson.html.twig
View File

@ -46,46 +46,13 @@
<td>
<ul class="record_actions">
<li>
{% set currentPath = path(app.request.attributes.get('_route'), app.request.attributes.get('_route_params')) %}
{% set returnLabel = 'Back to %person% events'|trans({ '%person%' : currentPerson } ) %}
{# temporaire --
TODO corriger EventVoter.php pour régler les autorisations sur les boutons, puis remplacer ci-dessous par le code commenté #}
<a href="{{ path('chill_event__event_show', {
'event_id' : participation.event.id,
'return_path' : currentPath,
'return_label' : returnLabel
}) }}" class="sc-button bt-show" title="{{ 'See details of the event'|trans }}"></a>
<div class="bt-dropdown">
<a href="" class="sc-button bt-update"></a>
<div class="bt-dropdown-content">
<a href="{{ path('chill_event__event_edit', {
'event_id' : participation.event.id,
'return_path' : currentPath,
'return_label' : returnLabel
}) }}" class="sc-button bt-update">{{ 'Edit the event'|trans }}
</a>
<a href="{{ path('chill_event_participation_edit', {
'participation_id' : participation.id,
'return_path' : currentPath,
'return_label' : returnLabel
}) }}" class="sc-button bt-update">{{ 'Edit the participation'|trans }}
</a>
</div>
</div>
{#
{% if is_granted('CHILL_EVENT_SEE_DETAILS', participation.event) %}
<a href="{{ path('chill_event__event_show', {
'event_id' : participation.event.id,
'return_path' : currentPath,
'return_label' : returnLabel
} ) }}" class="sc-button bt-show"></a>
<a href="{{ path('chill_event__event_show', { 'event_id' : participation.event.id, 'return_path' : currentPath, 'return_label' : returnLabel } ) }}"
class="sc-button bt-show" title="{{ 'See details of the event'|trans }}"></a>
{% endif %}
{% if is_granted('CHILL_EVENT_UPDATE', participation.event)
@ -95,18 +62,13 @@
<a href="" class="sc-button bt-update"></a>
<div class="bt-dropdown-content">
<a href="{{ path('chill_event__event_edit', {
'event_id' : participation.event.id,
'return_path' : currentPath,
'return_label' : returnLabel
}) }}" class="sc-button bt-update">{{ 'Event edit'|trans }}
<a href="{{ path('chill_event__event_edit', { 'event_id' : participation.event.id, 'return_path' : currentPath, 'return_label' : returnLabel }) }}"
class="sc-button bt-update">
{{ 'Edit the event'|trans }}
</a>
<a href="{{ path('chill_event_participation_edit', {
'participation_id' : participation.id,
'return_path' : currentPath,
'return_label' : returnLabel
}) }}" class="sc-button bt-update">{{ 'Participation Edit'|trans }}
<a href="{{ path('chill_event_participation_edit', { 'participation_id' : participation.id, 'return_path' : currentPath, 'return_label' : returnLabel }) }}"
class="sc-button bt-update">
{{ 'Edit the participation'|trans }}
</a>
</div>
@ -114,25 +76,20 @@
{% else %}
{% if is_granted('CHILL_EVENT_UPDATE', participation.event) %}
<a href="{{ path('chill_event__event_edit', {
'event_id' : participation.event.id,
'return_path' : currentPath,
'return_label' : returnLabel
}) }}" class="sc-button bt-update">{{ 'Event edit'|trans }}
<a href="{{ path('chill_event__event_edit', { 'event_id' : participation.event.id, 'return_path' : currentPath, 'return_label' : returnLabel }) }}"
class="sc-button bt-update">
{{ 'Edit the event'|trans }}
</a>
{% endif %}
{% if is_granted('CHILL_EVENT_PARTICIPATION_UPDATE', participation) %}
<a href="{{ path('chill_event_participation_edit', {
'participation_id' : participation.id,
'return_path' : currentPath,
'return_label' : returnLabel
}) }}" class="sc-button bt-update">{{ 'Participation Edit'|trans }}
<a href="{{ path('chill_event_participation_edit', { 'participation_id' : participation.id, 'return_path' : currentPath, 'return_label' : returnLabel }) }}"
class="sc-button bt-update">
{{ 'Edit the participation'|trans }}
</a>
{% endif %}
{% endif %}
#}
</li>
</ul>
</td>

126
Security/Authorization/EventVoter.php
View File

@ -1,6 +1,20 @@
<?php
/*
* Copyright (C) 2018 Champs Libres Cooperative <info@champs-libres.coop>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
namespace Chill\EventBundle\Security\Authorization;
@ -9,62 +23,126 @@ use Chill\MainBundle\Security\ProvideRoleHierarchyInterface;
use Chill\EventBundle\Entity\Event;
use Chill\MainBundle\Security\Authorization\AuthorizationHelper;
use Chill\MainBundle\Entity\User;
use Chill\PersonBundle\Entity\Person;
use Chill\PersonBundle\Security\Authorization\PersonVoter;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
use Psr\Log\LoggerInterface;
/**
* Description of EventVoter
*
* @author Julien Fastré <julien.fastre@champs-libres.coop>
* @author Mathieu Jaumotte <jaum_mathieu@collectifs.net>
* @author Champs Libres <info@champs-libres.coop>
*/
class EventVoter extends AbstractChillVoter implements ProvideRoleHierarchyInterface
{
const SEE = 'CHILL_EVENT_SEE';
const SEE_DETAILS = 'CHILL_EVENT_SEE_DETAILS';
const CREATE = 'CHILL_EVENT_CREATE';
const UPDATE = 'CHILL_EVENT_UPDATE';
const ROLES = [
self::SEE,
self::SEE_DETAILS,
self::CREATE,
self::UPDATE
];
/**
* @var AuthorizationHelper
*/
protected $authorizationHelper;
public function __construct(AuthorizationHelper $helper)
/**
* @var AccessDecisionManagerInterface
*/
protected $accessDecisionManager;
/**
* @var LoggerInterface
*/
protected $logger;
public function __construct(
AccessDecisionManagerInterface $accessDecisionManager,
AuthorizationHelper $authorizationHelper,
LoggerInterface $logger
)
{
$this->authorizationHelper = $helper;
$this->accessDecisionManager = $accessDecisionManager;
$this->authorizationHelper = $authorizationHelper;
$this->logger = $logger;
}
protected function getSupportedAttributes()
public function supports($attribute, $subject)
{
return array(self::SEE, self::SEE_DETAILS,
self::CREATE, self::UPDATE);
return ($subject instanceof Event && in_array($attribute, self::ROLES))
||
($subject instanceof Person && \in_array($attribute, [ self::CREATE, self::SEE ]))
||
(NULL === $subject && $attribute === self::SEE )
;
}
protected function getSupportedClasses()
/**
*
* @param string $attribute
* @param Event $subject
* @param TokenInterface $token
* @return boolean
*/
protected function voteOnAttribute($attribute, $subject, TokenInterface $token)
{
return array(Event::class);
}
$this->logger->debug(sprintf("Voting from %s class", self::class));
protected function isGranted($attribute, $event, $user = null)
{
if (!$user instanceof User) {
if (!$token->getUser() instanceof User) {
return false;
}
return $this->authorizationHelper->userHasAccess($user, $event, $attribute);
if ($subject instanceof Event) {
return $this->authorizationHelper->userHasAccess($token->getUser(), $subject, $attribute);
} elseif ($subject instanceof Person) {
return $this->authorizationHelper->userHasAccess($token->getUser(), $subject, $attribute);
} else {
// subject is null. We check that at least one center is reachable
$centers = $this->authorizationHelper
->getReachableCenters($token->getUser(), new Role($attribute));
return count($centers) > 0;
}
if (!$this->accessDecisionManager->decide($token, [PersonVoter::SEE], $person)) {
return false;
}
return $this->authorizationHelper->userHasAccess(
$token->getUser(),
$subject,
$attribute
);
}
public function getRoles()
{
return $this->getSupportedAttributes();
return self::ROLES;
}
public function getRolesWithHierarchy()
{
return [
'Event' => self::ROLES
];
}
public function getRolesWithoutScope()
{
return null;
}
public function getRolesWithHierarchy()
{
return [ 'Event' => $this->getRoles() ];
return [];
}
}