add UserPickerType

2025-08-27 10:03:49 +00:00 · 2018-04-16 12:03:47 +02:00
parent 7fb2084506
commit f5039cc36f
4 changed files with 70 additions and 4 deletions
--- a/Security/Authorization/AuthorizationHelper.php
+++ b/Security/Authorization/AuthorizationHelper.php
@@ -26,6 +26,7 @@ use Chill\MainBundle\Entity\HasScopeInterface;
 use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
 use Symfony\Component\Security\Core\Role\Role;
 use Chill\MainBundle\Entity\Scope;
+use Chill\MainBundle\Security\RoleProvider;

 /**
 * Helper for authorizations. 
@@ -42,12 +43,23 @@ class AuthorizationHelper
     */
    protected $roleHierarchy;
    
+    /**
+     * The role in a hierarchy, given by the parameter 
+     * `security.role_hierarchy.roles` from the container.
+     *
+     * @var string[]
+     */
+    protected $hierarchy;
+    
    protected $existingRoles = array('CHILL_MASTER_ROLE', 'CHILL_PERSON_SEE', 
       'CHILL_PERSON_UPDATE',);
    
-    public function __construct(RoleHierarchyInterface $roleHierarchy)
-    {
+    public function __construct(
+        RoleHierarchyInterface $roleHierarchy,
+        $hierarchy
+    ) {
        $this->roleHierarchy = $roleHierarchy;
+        $this->hierarchy     = $hierarchy;
    }
    
    /**
@@ -223,4 +235,33 @@ class AuthorizationHelper
        
        return in_array($childRole, $reachableRoles);
    }
+    
+    /**
+     * Return all the role which give access to the given role. Only the role 
+     * which are registered into Chill are taken into account.
+     * 
+     * @param Role $role
+     * @return Role[] the role which give access to the given $role
+     */
+    public function getParentRoles(Role $role)
+    {
+        $parentRoles = [];
+        // transform the roles from role hierarchy from string to Role
+        $roles = \array_map(
+                function($string) {
+                    return new Role($string);
+                }, 
+                \array_keys($this->hierarchy)
+                );
+        
+        foreach ($roles as $r) {
+            $childRoles = $this->roleHierarchy->getReachableRoles([$r]);
+            
+            if (\in_array($role, $childRoles)) {
+                $parentRoles[] = $r;
+            }
+        }
+        
+        return $parentRoles;
+    }
 }