Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-06-07 18:44:08 +00:00
Code Issues Actions Projects Releases Wiki Activity
chill-bundles/src/Bundle/ChillMainBundle/Security/Authorization/ChillExportVoter.php
Julien Fastré edeb8edbea
Add role-based access controls for export functionality 
Introduced `CHILL_MAIN_COMPOSE_EXPORT` and `CHILL_MAIN_GENERATE_SAVED_EXPORT` roles for managing export creation and execution permissions. Updated access checks, menu routing, and templates to align with the new roles. Added a migration to extend existing permission groups with the `CHILL_MAIN_COMPOSE_EXPORT` role.
2025-04-17 17:34:09 +02:00

67 lines
1.9 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
/*
* Chill is a software for social workers
*
* For the full copyright and license information, please view
* the LICENSE file that was distributed with this source code.
*/
namespace Chill\MainBundle\Security\Authorization;
use Chill\MainBundle\Security\ProvideRoleHierarchyInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
class ChillExportVoter extends Voter implements ProvideRoleHierarchyInterface
{
/**
* Role which give access to the creation of new export from the export itself.
*/
final public const COMPOSE_EXPORT = 'CHILL_MAIN_COMPOSE_EXPORT';
/**
* Role which give access to the execution and edition to the saved exports, but not for creating new ones.
*/
final public const GENERATE_SAVED_EXPORT = 'CHILL_MAIN_GENERATE_SAVED_EXPORT';
private readonly VoterHelperInterface $helper;
public function __construct(VoterHelperFactoryInterface $voterHelperFactory)
{
$this->helper = $voterHelperFactory
->generate(self::class)
->addCheckFor(null, [self::COMPOSE_EXPORT, self::GENERATE_SAVED_EXPORT])
->build();
}
protected function supports($attribute, $subject): bool
{
return $this->helper->supports($attribute, $subject);
}
protected function voteOnAttribute($attribute, $subject, TokenInterface $token): bool
{
return $this->helper->voteOnAttribute($attribute, $subject, $token);
}
public function getRolesWithHierarchy(): array
{
return ['export.role.export_role' => [
self::COMPOSE_EXPORT, self::GENERATE_SAVED_EXPORT,
]];
}
public function getRoles(): array
{
return [self::COMPOSE_EXPORT, self::GENERATE_SAVED_EXPORT];
}
public function getRolesWithoutScope(): array
{
return $this->getRoles();
}
}
Reference in New Issue View Git Blame Copy Permalink