From f145d6c921c874c08edbaa132dff561573d06c7f Mon Sep 17 00:00:00 2001 From: Julie Lenaerts Date: Fri, 19 Nov 2021 11:29:29 +0100 Subject: [PATCH] voters adjusted --- .../Security/Authorization/ActivityVoter.php | 5 +++++ .../AccompanyingCourseDocumentVoter.php | 8 ++++++++ .../Authorization/AccompanyingPeriodVoter.php | 15 ++++++++------- .../Security/Authorization/TaskVoter.php | 6 ++++++ 4 files changed, 27 insertions(+), 7 deletions(-) diff --git a/src/Bundle/ChillActivityBundle/Security/Authorization/ActivityVoter.php b/src/Bundle/ChillActivityBundle/Security/Authorization/ActivityVoter.php index cc9cecf52..2e6f01c6e 100644 --- a/src/Bundle/ChillActivityBundle/Security/Authorization/ActivityVoter.php +++ b/src/Bundle/ChillActivityBundle/Security/Authorization/ActivityVoter.php @@ -91,6 +91,11 @@ class ActivityVoter extends AbstractChillVoter implements ProvideRoleHierarchyIn return false; } } elseif ($subject->getAccompanyingPeriod() instanceof AccompanyingPeriod) { + if (AccompanyingPeriod::STEP_CLOSED === $subject->getAccompanyingPeriod->getStep()) { + if (\in_array($attribute, [self::UPDATE, self::CREATE, self::DELETE])) { + return false; + } + } if (!$this->security->isGranted(AccompanyingPeriodVoter::SEE, $subject->getAccompanyingPeriod())) { return false; } diff --git a/src/Bundle/ChillDocStoreBundle/Security/Authorization/AccompanyingCourseDocumentVoter.php b/src/Bundle/ChillDocStoreBundle/Security/Authorization/AccompanyingCourseDocumentVoter.php index 53507d573..d93b786e2 100644 --- a/src/Bundle/ChillDocStoreBundle/Security/Authorization/AccompanyingCourseDocumentVoter.php +++ b/src/Bundle/ChillDocStoreBundle/Security/Authorization/AccompanyingCourseDocumentVoter.php @@ -76,6 +76,14 @@ class AccompanyingCourseDocumentVoter extends AbstractChillVoter implements Prov return false; } + if ($subject instanceof AccompanyingCourseDocument) { + if (AccompanyingPeriod::STEP_CLOSED === $subject->getCourse()->getStep()) { + if (\in_array($attribute, [self::UPDATE, self::CREATE, self::DELETE])) { + return false; + } + } + } + return $this->voterHelper->voteOnAttribute($attribute, $subject, $token); } diff --git a/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodVoter.php b/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodVoter.php index 9daa9ad2e..4f170b2b0 100644 --- a/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodVoter.php +++ b/src/Bundle/ChillPersonBundle/Security/Authorization/AccompanyingPeriodVoter.php @@ -68,6 +68,13 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRole } if ($subject instanceof AccompanyingPeriod) { + + if (AccompanyingPeriod::STEP_CLOSED === $subject->getStep()) { + if (\in_array($attribute, [self::EDIT, self::DELETE])) { + return false; + } + } + if (AccompanyingPeriod::STEP_DRAFT === $subject->getStep()) { // only creator can see, edit, delete, etc. if ($subject->getCreatedBy() === $token->getUser() @@ -77,13 +84,7 @@ class AccompanyingPeriodVoter extends AbstractChillVoter implements ProvideRole return false; } - - // if (AccompanyingPeriod::STEP_CLOSED === $subject->getStep()) { - // if($this->security->isGranted(self::EDIT, $subject)) { - // return false; - // } - // } - + // if confidential, only the referent can see it if ($subject->isConfidential()) { return $token->getUser() === $subject->getUser(); diff --git a/src/Bundle/ChillTaskBundle/Security/Authorization/TaskVoter.php b/src/Bundle/ChillTaskBundle/Security/Authorization/TaskVoter.php index a3f1fff92..9e5a59c01 100644 --- a/src/Bundle/ChillTaskBundle/Security/Authorization/TaskVoter.php +++ b/src/Bundle/ChillTaskBundle/Security/Authorization/TaskVoter.php @@ -112,6 +112,12 @@ final class TaskVoter extends AbstractChillVoter implements ProvideRoleHierarchy if (!$this->accessDecisionManager->decide($token, [AccompanyingPeriodVoter::SEE], $period)) { return false; } + + if (AccompanyingPeriod::STEP_CLOSED === $subject->getCourse()->getStep()) { + if (\in_array($attribute, [self::UPDATE, self::CREATE_COURSE, self::DELETE])) { + return false; + } + } } }