mirror of
https://gitlab.com/Chill-Projet/chill-bundles.git
synced 2025-10-31 09:18:24 +00:00
Julien Fastré
9f1afb8423
Implemented a Voter to enforce permissions on signature steps, ensuring only authorized users can sign steps. Updated relevant controllers and templates to reflect these permissions, and added corresponding tests to validate the changes.
42 lines
1.1 KiB
PHP
42 lines
1.1 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
/*
|
|
* Chill is a software for social workers
|
|
*
|
|
* For the full copyright and license information, please view
|
|
* the LICENSE file that was distributed with this source code.
|
|
*/
|
|
|
|
namespace Chill\MainBundle\Security\Authorization;
|
|
|
|
use Chill\MainBundle\Entity\Workflow\EntityWorkflowStepSignature;
|
|
use Chill\PersonBundle\Entity\Person;
|
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
|
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
|
|
|
|
final class EntityWorkflowStepSignatureVoter extends Voter
|
|
{
|
|
public const SIGN = 'CHILL_MAIN_ENTITY_WORKFLOW_SIGNATURE_SIGN';
|
|
|
|
protected function supports(string $attribute, $subject)
|
|
{
|
|
return $subject instanceof EntityWorkflowStepSignature && self::SIGN === $attribute;
|
|
}
|
|
|
|
protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token)
|
|
{
|
|
/** @var EntityWorkflowStepSignature $subject */
|
|
if ($subject->getSigner() instanceof Person) {
|
|
return true;
|
|
}
|
|
|
|
if ($subject->getSigner() === $token->getUser()) {
|
|
return true;
|
|
}
|
|
|
|
return false;
|
|
}
|
|
}
|