Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-06-07 18:44:08 +00:00
Code Issues Actions Projects Releases Wiki Activity

[feature] use internal services to check for acl on exports

Browse Source
This commit is contained in:
Julien Fastré 2022-09-08 13:47:35 +02:00
parent 211a80e9be
commit e379d8adb5
5 changed files with 42 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/Bundle/ChillMainBundle/Controller/ExportController.php
View File

@ -23,6 +23,7 @@ use Symfony\Component\Form\Extension\Core\Type\FormType;
use Symfony\Component\Form\Extension\Core\Type\SubmitType;
use Symfony\Component\Form\FormFactoryInterface;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpFoundation\Session\SessionInterface;
use Symfony\Contracts\Translation\TranslatorInterface;
@ -142,10 +143,8 @@ class ExportController extends AbstractController
/**
* Render the list of available exports.
*
* @return \Symfony\Component\HttpFoundation\Response
*/
public function indexAction(Request $request)
public function indexAction(): Response
{
$exportManager = $this->exportManager;

56
src/Bundle/ChillMainBundle/Export/ExportManager.php
View File

@ -14,6 +14,7 @@ namespace Chill\MainBundle\Export;
use Chill\MainBundle\Form\Type\Export\ExportType;
use Chill\MainBundle\Form\Type\Export\PickCenterType;
use Chill\MainBundle\Security\Authorization\AuthorizationHelper;
use Chill\MainBundle\Security\Authorization\AuthorizationHelperInterface;
use Doctrine\ORM\EntityManagerInterface;
use Doctrine\ORM\QueryBuilder;
use Generator;
@ -42,52 +43,38 @@ class ExportManager
/**
* The collected aggregators, injected by DI.
*
* @var AggregatorInterface[]
* @var array|AggregatorInterface[]
*/
private $aggregators = [];
private array $aggregators = [];
/**
* @var AuthorizationChecker
*/
private $authorizationChecker;
private AuthorizationCheckerInterface $authorizationChecker;
/**
* @var AuthorizationHelper
*/
private $authorizationHelper;
private AuthorizationHelperInterface $authorizationHelper;
/**
* @var EntityManagerInterface
*/
private $em;
private EntityManagerInterface $em;
/**
* Collected Exports, injected by DI.
*
* @var ExportInterface[]
* @var array|ExportInterface[]
*/
private $exports = [];
private array $exports = [];
/**
* The collected filters, injected by DI.
*
* @var FilterInterface[]
* @var array|FilterInterface[]
*/
private $filters = [];
private array $filters = [];
/**
* Collected Formatters, injected by DI.
*
* @var FormatterInterface[]
* @var array|FormatterInterface[]
*/
private $formatters = [];
private array $formatters = [];
/**
* a logger.
*
* @var LoggerInterface
*/
private $logger;
private LoggerInterface $logger;
/**
* @var \Symfony\Component\Security\Core\User\UserInterface
@ -98,7 +85,7 @@ class ExportManager
LoggerInterface $logger,
EntityManagerInterface $em,
AuthorizationCheckerInterface $authorizationChecker,
AuthorizationHelper $authorizationHelper,
AuthorizationHelperInterface $authorizationHelper,
TokenStorageInterface $tokenStorage
) {
$this->logger = $logger;
@ -547,19 +534,16 @@ class ExportManager
. 'an ExportInterface.');
}
if (null === $centers) {
$centers = $this->authorizationHelper->getReachableCenters(
if (null === $centers || [] === $centers) {
// we want to try if at least one center is reachable
return [] !== $this->authorizationHelper->getReachableCenters(
$this->user,
$role
);
}
if (count($centers) === 0) {
return false;
}
foreach ($centers as $center) {
if ($this->authorizationChecker->isGranted($role, $center) === false) {
if (false === $this->authorizationChecker->isGranted($role, $center)) {
//debugging
$this->logger->debug('user has no access to element', [
'method' => __METHOD__,
@ -568,10 +552,6 @@ class ExportManager
'role' => $role,
]);
///// Bypasse les autorisations qui empêche d'afficher les nouveaux exports
return true;
///// TODO supprimer le return true
return false;
}
}

12
src/Bundle/ChillMainBundle/Repository/CenterRepository.php
View File

@ -30,6 +30,18 @@ final class CenterRepository implements ObjectRepository
return $this->repository->find($id, $lockMode, $lockVersion);
}
/**
* Return all active centers
*
* Note: this is a teaser: active will comes later on center entity
*
* @return Center[]
*/
public function findActive(): array
{
return $this->findAll();
}
/**
* @return Center[]
*/

17
src/Bundle/ChillMainBundle/Security/Authorization/ChillExportVoter.php
View File

@ -19,24 +19,23 @@ class ChillExportVoter extends Voter
{
public const EXPORT = 'chill_export';
protected AuthorizationHelperInterface $authorizationHelper;
private VoterHelperInterface $helper;
public function __construct(AuthorizationHelperInterface $authorizationHelper)
public function __construct(VoterHelperFactoryInterface $voterHelperFactory)
{
$this->authorizationHelper = $authorizationHelper;
$this->helper = $voterHelperFactory
->generate(self::class)
->addCheckFor(null, [self::EXPORT])
->build();
}
protected function supports($attribute, $subject): bool
{
return self::EXPORT === $attribute;
return $this->helper->supports($attribute, $subject);
}
protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
{
if (!$token->getUser() instanceof User) {
return false;
}
return [] !== $this->authorizationHelper->getReachableCenters($token->getUser(), $attribute);
return $this->helper->voteOnAttribute($attribute, $subject, $token);
}
}

8
src/Bundle/ChillMainBundle/config/services.yaml
View File

@ -88,12 +88,8 @@ services:
- { name: validator.constraint_validator, alias: 'role_scope_scope_presence' }
Chill\MainBundle\Export\ExportManager:
arguments:
- "@logger"
- "@doctrine.orm.entity_manager"
- "@security.authorization_checker"
- "@chill.main.security.authorization.helper"
- "@security.token_storage"
autoconfigure: true
autowire: true
Chill\MainBundle\Security\Resolver\CenterResolverDispatcherInterface: '@Chill\MainBundle\Security\Resolver\CenterResolverDispatcher'