Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-09-29 10:05:03 +00:00
Code Issues Actions Projects Releases Wiki Activity

Add role-based access controls for export functionality

Browse Source 
Introduced `CHILL_MAIN_COMPOSE_EXPORT` and `CHILL_MAIN_GENERATE_SAVED_EXPORT` roles for managing export creation and execution permissions. Updated access checks, menu routing, and templates to align with the new roles. Added a migration to extend existing permission groups with the `CHILL_MAIN_COMPOSE_EXPORT` role.
This commit is contained in:
Julien Fastré
2025-04-17 17:34:09 +02:00
parent fc8e3789e0
commit edeb8edbea
10 changed files with 123 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/Bundle/ChillMainBundle/Controller/ExportIndexController.php
View File

@@ -14,6 +14,7 @@ namespace Chill\MainBundle\Controller;
use Chill\MainBundle\Entity\User;
use Chill\MainBundle\Export\ExportManager;
use Chill\MainBundle\Repository\ExportGenerationRepository;
use Chill\MainBundle\Security\Authorization\ChillExportVoter;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\Routing\Annotation\Route;
@@ -40,6 +41,10 @@ final readonly class ExportIndexController
throw new AccessDeniedHttpException('Only regular user can see this page');
}
if (!$this->security->isGranted(ChillExportVoter::COMPOSE_EXPORT)) {
throw new AccessDeniedHttpException(sprintf('Require the %s role', ChillExportVoter::COMPOSE_EXPORT));
}
$exports = $this->exportManager->getExportsGrouped(true);
$lastExecutions = [];

5
src/Bundle/ChillMainBundle/Controller/SavedExportController.php
View File

@@ -20,6 +20,7 @@ use Chill\MainBundle\Export\GroupedExportInterface;
use Chill\MainBundle\Form\SavedExportType;
use Chill\MainBundle\Repository\ExportGenerationRepository;
use Chill\MainBundle\Repository\SavedExportRepositoryInterface;
use Chill\MainBundle\Security\Authorization\ChillExportVoter;
use Chill\MainBundle\Security\Authorization\ExportGenerationVoter;
use Chill\MainBundle\Security\Authorization\SavedExportVoter;
use Doctrine\ORM\EntityManagerInterface;
@@ -170,8 +171,8 @@ final readonly class SavedExportController
{
$user = $this->security->getUser();
if (!$this->security->isGranted('ROLE_USER') || !$user instanceof User) {
throw new AccessDeniedHttpException();
if (!$this->security->isGranted(ChillExportVoter::GENERATE_SAVED_EXPORT) || !$user instanceof User) {
throw new AccessDeniedHttpException(sprintf('Missing role: %s', ChillExportVoter::GENERATE_SAVED_EXPORT));
}
$exports = array_filter(