From f60f927549cb7968a0f783a990781bbc34447a05 Mon Sep 17 00:00:00 2001
From: Julie Lenaerts <julielenaerts@gmail.com>
Date: Fri, 25 Feb 2022 16:40:27 +0100
Subject: [PATCH] Fix budget voter for use with household

---
 .../ChillBudgetBundle/Controller/ElementController.php    | 2 +-
 .../Resources/views/Household/index.html.twig             | 8 ++++----
 .../Security/Authorization/BudgetElementVoter.php         | 2 +-
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/Bundle/ChillBudgetBundle/Controller/ElementController.php b/src/Bundle/ChillBudgetBundle/Controller/ElementController.php
index afe16a066..e7dcd4bbf 100644
--- a/src/Bundle/ChillBudgetBundle/Controller/ElementController.php
+++ b/src/Bundle/ChillBudgetBundle/Controller/ElementController.php
@@ -98,7 +98,7 @@ class ElementController extends AbstractController
      */
     public function indexHouseholdAction(Household $household)
     {
-        // $this->denyAccessUnlessGranted(BudgetElementVoter::SEE, $household);
+        $this->denyAccessUnlessGranted(BudgetElementVoter::SEE, $household);
 
         $charges = $this->em
             ->getRepository(Charge::class)
diff --git a/src/Bundle/ChillBudgetBundle/Resources/views/Household/index.html.twig b/src/Bundle/ChillBudgetBundle/Resources/views/Household/index.html.twig
index 0cc63bfdf..6fe00a70f 100644
--- a/src/Bundle/ChillBudgetBundle/Resources/views/Household/index.html.twig
+++ b/src/Bundle/ChillBudgetBundle/Resources/views/Household/index.html.twig
@@ -282,7 +282,7 @@
 
     {% endif %}
 
-    {# {% if is_granted('CHILL_BUDGET_ELEMENT_CREATE', household) %} #}
+    {% if is_granted('CHILL_BUDGET_ELEMENT_CREATE', household) %}
     <ul class="record_actions sticky-form-buttons">
         <li>
             <a class="btn btn-create" href="{{ path('chill_budget_resource_household_new', { 'id': household.id} ) }}">{{ 'Create new resource'|trans }}</a>
@@ -291,7 +291,7 @@
             <a class="btn btn-create" href="{{ path('chill_budget_charge_household_new', { 'id': household.id} ) }}">{{ 'Create new charge'|trans }}</a>
         </li>
     </ul>
-    {# {% endif %} #}
+    {% endif %}
 
 {% endif %}
 
@@ -352,7 +352,7 @@
 {% endif %}
 
 {% if (resources|length + charges|length) == 0 or futureCharges|length > 0 or futureResources|length > 0 or pastCharges|length > 0 or pastResources|length > 0 %}
-    {# {% if is_granted('CHILL_BUDGET_ELEMENT_CREATE', household) %} #}
+    {% if is_granted('CHILL_BUDGET_ELEMENT_CREATE', household) %}
         <ul class="record_actions sticky-form-buttons">
             <li>
                 <a class="btn btn-create" href="{{ path('chill_budget_resource_household_new', { 'id': household.id} ) }}">{{ 'Create new resource'|trans }}</a>
@@ -361,7 +361,7 @@
                 <a class="btn btn-create" href="{{ path('chill_budget_charge_household_new', { 'id': household.id} ) }}">{{ 'Create new charge'|trans }}</a>
             </li>
         </ul>
-    {# {% endif %} #}
+    {% endif %}
 {% endif %}
 
 {% endblock %}
diff --git a/src/Bundle/ChillBudgetBundle/Security/Authorization/BudgetElementVoter.php b/src/Bundle/ChillBudgetBundle/Security/Authorization/BudgetElementVoter.php
index f698e43ba..18232f246 100644
--- a/src/Bundle/ChillBudgetBundle/Security/Authorization/BudgetElementVoter.php
+++ b/src/Bundle/ChillBudgetBundle/Security/Authorization/BudgetElementVoter.php
@@ -69,7 +69,7 @@ class BudgetElementVoter extends AbstractChillVoter implements ProvideRoleHierar
     protected function supports($attribute, $subject)
     {
         return (in_array($attribute, self::ROLES, true) && $subject instanceof AbstractElement)
-                || ($subject instanceof Person && in_array($attribute, [self::SEE, self::CREATE], true));
+                || (($subject instanceof Person || $subject instanceof Household) && in_array($attribute, [self::SEE, self::CREATE], true));
     }
 
     protected function voteOnAttribute($attribute, $subject, TokenInterface $token)