Refactor the `WorkflowRelatedEntityPermissionHelper` to enhance permission checks for workflow-related entities. This includes updating methods, improving test coverage, and incorporating `MockClock` for date-sensitive operations.
Refactored class names and namespaces from WorkflowStoredObjectPermissionHelper to WorkflowRelatedEntityPermissionHelper across various modules. Updated associated tests and voter classes to reflect the changes, ensuring consistency and clarity in the codebase.
Amend the condition to ensure proper attribute validation before checking workflow association. This prevents unintended execution paths and potential exceptions when the workflow document service is not provided.
The previous name, WorkflowDocumentService, was misleading as its functionality extends to all stored objects and not limited to documents. Therefore, it was renamed to WorkflowStoredObjectPermissionHelper. Consequently, all references to this service were updated throughout the codebase.
The AccompanyingPeriodWorkEvaluationStoredObjectVoter has been updated to use the AccompanyingPeriodWorkEvaluationDocument-related classes instead of the AccompanyingPeriodWork classes. Additionally, a new voters class, AccompanyingPeriodWorkEvaluationDocumentVoter has been created. Changes are also made in the repository to find the associated entity in the AccompanyingPeriodWorkEvaluationDocument repository instead of the AccompanyingPeriodWork repository.
This commit eliminates antiquated security checks in the StoredObjectVoter class. Specifically, it removes a chunk of commented out code that checked for certain attributes on the token and also the import for DavTokenAuthenticationEventSubscriber class which is no longer needed. This results in code cleanup and prevents future confusion.
The voter was not checking the correct permissions to\ establish whether a user can see/edit a storedObject\
The right to see/edit an AccompanyingPeriodWork has to\
be checked.
For reusability an AbstractStoredObjectVoter was created and a StoredObjectVoterInterface.
A WorkflowDocumentService checks whether the StoredObject is involved in a workflow.
A WorkflowDocumentService was created that can be injected\
in context-specific StoredObject voters that need to check whether\
the document in question is attached to a workflow.
A separate AccompanyingCourseDocumentStoredObjectVoter was\
created to handle the specific access to a Stored object\
related to an Accompanying Course Document.
The StoredObjectVoter.php has been refactorized to handle context-specific voters.\
This way we can check if the context-specific voter should handle the authorization or not.\
If not, there is a simple fallback to check on the USER_ROLE.
For reusability an AbstractStoredObjectVoter was created and a StoredObjectVoterInterface.
A WorkflowDocumentService checks whether the StoredObject is involved in a workflow.
A WorkflowDocumentService was created that can be injected\
in context-specific StoredObject voters that need to check whether\
the document in question is attached to a workflow.
A separate AccompanyingCourseDocumentStoredObjectVoter was\
created to handle the specific access to a Stored object\
related to an Accompanying Course Document.
The StoredObjectVoter.php has been refactorized to handle context-specific voters.\
This way we can check if the context-specific voter should handle the authorization or not.\
If not, there is a simple fallback to check on the USER_ROLE.
