From fc8e3789e06ba8f739b9276ef7db4b10f06d93d5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Julien=20Fastr=C3=A9?= <julien.fastre@champs-libres.coop>
Date: Thu, 17 Apr 2025 15:47:38 +0200
Subject: [PATCH] Refactor SavedExportVoter to improve export permission check

Revised the permission logic in `canUserGenerate` to enhance clarity and maintainability. Replaced nested condition with early return and updated the export permission check to use `isGrantedForElement`.
---
 .../Security/Authorization/SavedExportVoter.php  |  9 +++++++--
 .../Tests/Entity/Workflow/SavedExportTest.php    | 15 ++++++++++++++-
 .../Authorization/SavedExportVoterTest.php       | 16 +++++++++++++++-
 3 files changed, 36 insertions(+), 4 deletions(-)

diff --git a/src/Bundle/ChillMainBundle/Security/Authorization/SavedExportVoter.php b/src/Bundle/ChillMainBundle/Security/Authorization/SavedExportVoter.php
index 43e788c90..8c4db8a60 100644
--- a/src/Bundle/ChillMainBundle/Security/Authorization/SavedExportVoter.php
+++ b/src/Bundle/ChillMainBundle/Security/Authorization/SavedExportVoter.php
@@ -60,7 +60,12 @@ class SavedExportVoter extends Voter
 
     private function canUserGenerate(User $user, SavedExport $savedExport): bool
     {
-        return ($savedExport->getUser() === $user || $savedExport->isSharedWithUser($user))
-            && $this->security->isGranted(ChillExportVoter::EXPORT, $this->exportManager->getExport($savedExport->getExportAlias()));
+        if (!($savedExport->getUser() === $user || $savedExport->isSharedWithUser($user))) {
+            return false;
+        }
+
+        $export = $this->exportManager->getExport($savedExport->getExportAlias());
+
+        return $this->exportManager->isGrantedForElement($export);
     }
 }
diff --git a/src/Bundle/ChillMainBundle/Tests/Entity/Workflow/SavedExportTest.php b/src/Bundle/ChillMainBundle/Tests/Entity/Workflow/SavedExportTest.php
index 999d127ed..cd98df66f 100644
--- a/src/Bundle/ChillMainBundle/Tests/Entity/Workflow/SavedExportTest.php
+++ b/src/Bundle/ChillMainBundle/Tests/Entity/Workflow/SavedExportTest.php
@@ -1,13 +1,26 @@
 <?php
 
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
 namespace Chill\MainBundle\Tests\Entity\Workflow;
 
 use Chill\MainBundle\Entity\SavedExport;
 use Chill\MainBundle\Entity\User;
 use Chill\MainBundle\Entity\UserGroup;
-
 use PHPUnit\Framework\TestCase;
 
+/**
+ * @internal
+ *
+ * @coversNothing
+ */
 class SavedExportTest extends TestCase
 {
     public function testIsSharedWithUser(): void
diff --git a/src/Bundle/ChillMainBundle/Tests/Security/Authorization/SavedExportVoterTest.php b/src/Bundle/ChillMainBundle/Tests/Security/Authorization/SavedExportVoterTest.php
index 86c04be88..39307ece9 100644
--- a/src/Bundle/ChillMainBundle/Tests/Security/Authorization/SavedExportVoterTest.php
+++ b/src/Bundle/ChillMainBundle/Tests/Security/Authorization/SavedExportVoterTest.php
@@ -1,5 +1,14 @@
 <?php
 
+declare(strict_types=1);
+
+/*
+ * Chill is a software for social workers
+ *
+ * For the full copyright and license information, please view
+ * the LICENSE file that was distributed with this source code.
+ */
+
 namespace Chill\MainBundle\Tests\Security\Authorization;
 
 use Chill\MainBundle\Entity\SavedExport;
@@ -15,6 +24,11 @@ use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
 use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
 use Symfony\Component\Security\Core\Security;
 
+/**
+ * @internal
+ *
+ * @coversNothing
+ */
 class SavedExportVoterTest extends TestCase
 {
     use ProphecyTrait;
@@ -22,7 +36,7 @@ class SavedExportVoterTest extends TestCase
     /**
      * @dataProvider voteProvider
      */
-    public function testVote(string $attribute, SavedExport $savedExport, User $user, $expectedResult, bool|null $isGranted = null): void
+    public function testVote(string $attribute, SavedExport $savedExport, User $user, $expectedResult, ?bool $isGranted = null): void
     {
         $security = $this->prophesize(Security::class);
         if (null !== $isGranted) {