mirror of
https://gitlab.com/Chill-Projet/chill-bundles.git
synced 2025-06-22 10:14:24 +00:00
add UserPickerType
This commit is contained in:
parent
7fb2084506
commit
f5039cc36f
@ -25,6 +25,8 @@ use Symfony\Component\OptionsResolver\OptionsResolver;
|
|||||||
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
|
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
|
||||||
use Symfony\Bridge\Doctrine\Form\Type\EntityType;
|
use Symfony\Bridge\Doctrine\Form\Type\EntityType;
|
||||||
use Chill\MainBundle\Entity\User;
|
use Chill\MainBundle\Entity\User;
|
||||||
|
use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
|
||||||
|
use Symfony\Component\Security\Core\Role\Role;
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -96,8 +98,14 @@ class UserPickerType extends AbstractType
|
|||||||
->join('ug.permissionsGroup', 'pg')
|
->join('ug.permissionsGroup', 'pg')
|
||||||
// role constraints
|
// role constraints
|
||||||
->join('pg.roleScopes', 'roleScope')
|
->join('pg.roleScopes', 'roleScope')
|
||||||
->andWhere($qb->expr()->eq('roleScope.role', ':role'))
|
->andWhere($qb->expr()->in('roleScope.role', ':roles'))
|
||||||
->setParameter('role', $options['role'])
|
->setParameter(
|
||||||
|
'roles',
|
||||||
|
\array_map(
|
||||||
|
function(Role $role) { return $role->getRole(); },
|
||||||
|
$this->authorizationHelper->getParentRoles($options['role'])
|
||||||
|
)
|
||||||
|
)
|
||||||
// add active constraint
|
// add active constraint
|
||||||
->andWhere('u.enabled = :enabled')
|
->andWhere('u.enabled = :enabled')
|
||||||
->setParameter('enabled', true)
|
->setParameter('enabled', true)
|
||||||
|
|||||||
@ -80,6 +80,7 @@ services:
|
|||||||
class: Chill\MainBundle\Security\Authorization\AuthorizationHelper
|
class: Chill\MainBundle\Security\Authorization\AuthorizationHelper
|
||||||
arguments:
|
arguments:
|
||||||
- "@security.role_hierarchy"
|
- "@security.role_hierarchy"
|
||||||
|
- "%security.role_hierarchy.roles%"
|
||||||
|
|
||||||
chill.main.role_provider:
|
chill.main.role_provider:
|
||||||
class: Chill\MainBundle\Security\RoleProvider
|
class: Chill\MainBundle\Security\RoleProvider
|
||||||
|
|||||||
@ -26,6 +26,7 @@ use Chill\MainBundle\Entity\HasScopeInterface;
|
|||||||
use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
|
use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
|
||||||
use Symfony\Component\Security\Core\Role\Role;
|
use Symfony\Component\Security\Core\Role\Role;
|
||||||
use Chill\MainBundle\Entity\Scope;
|
use Chill\MainBundle\Entity\Scope;
|
||||||
|
use Chill\MainBundle\Security\RoleProvider;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Helper for authorizations.
|
* Helper for authorizations.
|
||||||
@ -42,12 +43,23 @@ class AuthorizationHelper
|
|||||||
*/
|
*/
|
||||||
protected $roleHierarchy;
|
protected $roleHierarchy;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* The role in a hierarchy, given by the parameter
|
||||||
|
* `security.role_hierarchy.roles` from the container.
|
||||||
|
*
|
||||||
|
* @var string[]
|
||||||
|
*/
|
||||||
|
protected $hierarchy;
|
||||||
|
|
||||||
protected $existingRoles = array('CHILL_MASTER_ROLE', 'CHILL_PERSON_SEE',
|
protected $existingRoles = array('CHILL_MASTER_ROLE', 'CHILL_PERSON_SEE',
|
||||||
'CHILL_PERSON_UPDATE',);
|
'CHILL_PERSON_UPDATE',);
|
||||||
|
|
||||||
public function __construct(RoleHierarchyInterface $roleHierarchy)
|
public function __construct(
|
||||||
{
|
RoleHierarchyInterface $roleHierarchy,
|
||||||
|
$hierarchy
|
||||||
|
) {
|
||||||
$this->roleHierarchy = $roleHierarchy;
|
$this->roleHierarchy = $roleHierarchy;
|
||||||
|
$this->hierarchy = $hierarchy;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -223,4 +235,33 @@ class AuthorizationHelper
|
|||||||
|
|
||||||
return in_array($childRole, $reachableRoles);
|
return in_array($childRole, $reachableRoles);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Return all the role which give access to the given role. Only the role
|
||||||
|
* which are registered into Chill are taken into account.
|
||||||
|
*
|
||||||
|
* @param Role $role
|
||||||
|
* @return Role[] the role which give access to the given $role
|
||||||
|
*/
|
||||||
|
public function getParentRoles(Role $role)
|
||||||
|
{
|
||||||
|
$parentRoles = [];
|
||||||
|
// transform the roles from role hierarchy from string to Role
|
||||||
|
$roles = \array_map(
|
||||||
|
function($string) {
|
||||||
|
return new Role($string);
|
||||||
|
},
|
||||||
|
\array_keys($this->hierarchy)
|
||||||
|
);
|
||||||
|
|
||||||
|
foreach ($roles as $r) {
|
||||||
|
$childRoles = $this->roleHierarchy->getReachableRoles([$r]);
|
||||||
|
|
||||||
|
if (\in_array($role, $childRoles)) {
|
||||||
|
$parentRoles[] = $r;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return $parentRoles;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -443,6 +443,22 @@ class AuthorizationHelperTest extends KernelTestCase
|
|||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testGetParentRoles()
|
||||||
|
{
|
||||||
|
$parentRoles = $this->getAuthorizationHelper()
|
||||||
|
->getParentRoles(new Role('CHILL_INHERITED_ROLE_1'));
|
||||||
|
|
||||||
|
$this->assertContains(
|
||||||
|
'CHILL_MASTER_ROLE',
|
||||||
|
\array_map(
|
||||||
|
function(Role $role) {
|
||||||
|
return $role->getRole();
|
||||||
|
},
|
||||||
|
$parentRoles
|
||||||
|
),
|
||||||
|
"Assert that `CHILL_MASTER_ROLE` is a parent of `CHILL_INHERITED_ROLE_1`");
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user