Implemented the ability to reject workflow signatures by adding necessary templates, routes, and authorization checks. Updated the `WorkflowSignatureCancelController` to handle rejection and modified existing templates and translations to support the new feature.
Added functionality to cancel signatures in workflow, including controller, view, and tests. Updated translations and adjusted templates to support and display cancellation actions.
Integrate DuplicateEntityWorkflowFinder to prevent creating workflows for entities with existing opened or positive final workflows. Updated EntityWorkflowVoter to implement the same check before allowing creation. Removed unnecessary blank workflow parameter from Twig template.
Introduced EntityWorkflowGuardUnsignedTransition to block transitions with pending signatures. Implemented a new center resolver and added comprehensive unit tests for verifying transition rules and permissions.
Introduce ManagerAwareCenterResolverInterface to ensure resolvers can reference their manager. Added a trait for implementing the interface and updated the CenterResolverManager to initialize resolvers correctly.
Implemented a Voter to enforce permissions on signature steps, ensuring only authorized users can sign steps. Updated relevant controllers and templates to reflect these permissions, and added corresponding tests to validate the changes.
Changes include class refactoring for Workflow handlers, using `readonly` and better indentation in constructors for better readability. In addition, outdated comments are removed. Also, entity workflow handlers now implement the EntityWorkflowHandlerInterface type for better type safety.
The `chill.role` tag has been renamed to `chill_main.provide_role` to prevent any confusion and make the namespaces more consistent. During this process, the class RoleProvidersCompilerPass was deleted, simplifying the role provision process by injecting tagged services directly into the RoleProvider. The change is also reflected in multiple YAML service configurations and explained in the MIGRATION.md file.
En symfony 5.4 le typage a été vraiment amélioré, et phpstan peut détecter plus d'erreur potentielles.
Mais le problème est que Symfony "type" les `User` avec son propre `Symfony\Component\Security\Core\User\UserInterface` alors qu'on a besoin de `Chill\MainBundle\Entity\User`.
Imaginons qu'on a ceci:
```php
namespace Chill\Bundle\Service;
final readonly class SomeService
{
public function myMethod(\Chill\MainBundle\Entity\User $user): void
{
// ...
}
}
```
Quand on l'appelle dans un contrôleur ou dans un service:
```php
namespace Chill\Bundle\Service;
use Symfony\Component\Security\Core\Security;
final readonly OtherService
{
public function __construct(private Security $security, private SomeService $service) {}
public function __invoke(): void
{
$this->service->myMethod($this->security->getUser());
}
}
```
PHPstan va se plaindre:
```
Parameter #1 $user of method SomeService::myMethod() expects Chill\MainBundle\Entity\User, Symfony\Component\Security\Core\User\UserInterface|null given.
```
Du coup, j'ai créé ce service:
```php
<?php
namespace Chill\MainBundle\Security;
use Chill\MainBundle\Entity\User;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
use Symfony\Component\Security\Core\Security;
/**
* Security helper for Chill user
*
* Provides security-related functionality such as user retrieval, authorization checks,
* and token retrieval, in a context where only an authenticated @see{User::class} is expected.
*
*/
final readonly class ChillSecurity implements AuthorizationCheckerInterface
{
public function hasUser(): bool
{
// implementation detail not shown here
}
public function getUser(): User
{
// implementation detail not shown here
}
public function isGranted($attribute, $subject = null): bool
{
// implementation detail not shown here
}
public function getToken(): ?TokenInterface
{
// implementation detail not shown here
}
}
```
Et maintenant, on peut faire:
```php
namespace Chill\Bundle\Service;
use Chill\MainBundle\Security\ChillSecurity;
final readonly OtherService
{
public function __construct(private ChillSecurity $security, private SomeService $service) {}
public function __invoke(): void
{
$this->service->myMethod($this->security->getUser());
}
}
```
Et tout va bien se passer.
Ca sera dans la version de chill qui fait passer à symfony 5.4.
For an unknown reason, in some circumstances, the use of the `===` comparator does not work when comparing Center instances and Scope instances. Then, we compare them based on the id.
