diff --git a/symfony/composer.lock b/symfony/composer.lock index d2cc12e..e55151a 100644 --- a/symfony/composer.lock +++ b/symfony/composer.lock @@ -6607,21 +6607,22 @@ }, { "name": "symfony/expression-language", - "version": "v7.0.3", + "version": "v7.1.1", "source": { "type": "git", "url": "https://github.com/symfony/expression-language.git", - "reference": "0877c599cb260c9614f9229c0a2090d6919fd621" + "reference": "463cb95f80c14136175f4e03f7f6199b01c6b8b4" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/expression-language/zipball/0877c599cb260c9614f9229c0a2090d6919fd621", - "reference": "0877c599cb260c9614f9229c0a2090d6919fd621", + "url": "https://api.github.com/repos/symfony/expression-language/zipball/463cb95f80c14136175f4e03f7f6199b01c6b8b4", + "reference": "463cb95f80c14136175f4e03f7f6199b01c6b8b4", "shasum": "" }, "require": { "php": ">=8.2", "symfony/cache": "^6.4|^7.0", + "symfony/deprecation-contracts": "^2.5|^3", "symfony/service-contracts": "^2.5|^3" }, "type": "library", @@ -6650,7 +6651,7 @@ "description": "Provides an engine that can compile and evaluate expressions", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/expression-language/tree/v7.0.3" + "source": "https://github.com/symfony/expression-language/tree/v7.1.1" }, "funding": [ { @@ -6666,7 +6667,7 @@ "type": "tidelift" } ], - "time": "2024-01-23T15:02:46+00:00" + "time": "2024-05-31T14:57:53+00:00" }, { "name": "symfony/filesystem", diff --git a/symfony/src/Controller/BoulderAreaCrudController.php b/symfony/src/Controller/BoulderAreaCrudController.php index 533fc00..7a4f9e3 100644 --- a/symfony/src/Controller/BoulderAreaCrudController.php +++ b/symfony/src/Controller/BoulderAreaCrudController.php @@ -2,7 +2,8 @@ namespace App\Controller; -use App\Controller\Utils\Roles; +use App\Utils\AllowContributionExpression; +use App\Utils\Roles; use App\Entity\BoulderArea; use App\Field\GeoPointField; use Doctrine\ORM\EntityManagerInterface; @@ -75,6 +76,8 @@ public function configureActions(Actions $actions): Actions ->remove(Crud::PAGE_NEW, Action::SAVE_AND_ADD_ANOTHER) ->remove(Crud::PAGE_EDIT, Action::SAVE_AND_CONTINUE) ->remove(Crud::PAGE_INDEX, Action::BATCH_DELETE) - ->add(Crud::PAGE_INDEX, Action::DETAIL); + ->add(Crud::PAGE_INDEX, Action::DETAIL) + ->setPermission(Action::DELETE, new AllowContributionExpression()) + ->setPermission(Action::EDIT, new AllowContributionExpression()); } } diff --git a/symfony/src/Controller/BoulderCrudController.php b/symfony/src/Controller/BoulderCrudController.php index 2a3e90f..4ac0ec3 100644 --- a/symfony/src/Controller/BoulderCrudController.php +++ b/symfony/src/Controller/BoulderCrudController.php @@ -2,7 +2,8 @@ namespace App\Controller; -use App\Controller\Utils\Roles; +use App\Utils\AllowContributionExpression; +use App\Utils\Roles; use App\Entity\Boulder; use App\Entity\Media; use App\Field\GeoPointField; @@ -23,6 +24,7 @@ use EasyCorp\Bundle\EasyAdminBundle\Filter\BooleanFilter; use EasyCorp\Bundle\EasyAdminBundle\Filter\EntityFilter; use Symfony\Component\HttpFoundation\Response; +use Symfony\Component\Security\Core\Exception\AccessDeniedException; class BoulderCrudController extends AbstractCrudController { @@ -74,7 +76,11 @@ public function configureActions(Actions $actions): Actions ->add(Crud::PAGE_INDEX, $this->drawLineActionFactory()) ->add(Crud::PAGE_DETAIL, $this->drawLineActionFactory()->addCssClass('btn')) ->reorder(Crud::PAGE_DETAIL, [Action::DELETE, Action::INDEX, Action::EDIT, 'drawLine']) - ->reorder(Crud::PAGE_INDEX, [Action::DETAIL, Action::EDIT, 'drawLine', Action::DELETE]); + ->reorder(Crud::PAGE_INDEX, [Action::DETAIL, Action::EDIT, 'drawLine', Action::DELETE]) + ->setPermission(Action::DELETE, new AllowContributionExpression()) + ->setPermission(Action::EDIT, new AllowContributionExpression()) + ->setPermission('drawLine', new AllowContributionExpression()) + ; } public function configureFilters(Filters $filters): Filters @@ -93,6 +99,10 @@ public function drawLine(AdminContext $context): Response if (!$entity instanceof Boulder) { throw new \Exception("Instance of App\Entity\Boulder expected"); } + + if (!$this->isGranted(Roles::ADMIN) && $entity->getCreatedBy() !== $context->getUser()) { + throw new AccessDeniedException(); + } /** @var \App\Repository\MediaRepository **/ $repository = $this->em->getRepository(Media::class); $rockPictures = $entity->getRock() ? $repository->findByRockAndBoulder($entity->getRock(), $entity) : new ArrayCollection(); diff --git a/symfony/src/Controller/DashboardController.php b/symfony/src/Controller/DashboardController.php index ce509f6..430e90d 100644 --- a/symfony/src/Controller/DashboardController.php +++ b/symfony/src/Controller/DashboardController.php @@ -2,7 +2,7 @@ namespace App\Controller; -use App\Controller\Utils\Roles; +use App\Utils\Roles; use App\Entity\Boulder; use App\Entity\BoulderArea; use App\Entity\Department; @@ -25,9 +25,7 @@ class DashboardController extends AbstractDashboardController { - public function __construct(private AdminUrlGenerator $adminUrlGenerator) - { - } + public function __construct(private AdminUrlGenerator $adminUrlGenerator) {} private function redirectAdmin(): Response { diff --git a/symfony/src/Controller/DepartmentCrudController.php b/symfony/src/Controller/DepartmentCrudController.php index 0a1aaf7..34da7ab 100644 --- a/symfony/src/Controller/DepartmentCrudController.php +++ b/symfony/src/Controller/DepartmentCrudController.php @@ -2,7 +2,7 @@ namespace App\Controller; -use App\Controller\Utils\Roles; +use App\Utils\Roles; use App\Entity\Department; use EasyCorp\Bundle\EasyAdminBundle\Config\Action; use EasyCorp\Bundle\EasyAdminBundle\Config\Actions; diff --git a/symfony/src/Controller/GradeCrudController.php b/symfony/src/Controller/GradeCrudController.php index b4a5c8e..2124525 100644 --- a/symfony/src/Controller/GradeCrudController.php +++ b/symfony/src/Controller/GradeCrudController.php @@ -2,7 +2,7 @@ namespace App\Controller; -use App\Controller\Utils\Roles; +use App\Utils\Roles; use App\Entity\Grade; use EasyCorp\Bundle\EasyAdminBundle\Config\Action; use EasyCorp\Bundle\EasyAdminBundle\Config\Actions; diff --git a/symfony/src/Controller/MunicipalityCrudController.php b/symfony/src/Controller/MunicipalityCrudController.php index b5ac811..6abd3eb 100644 --- a/symfony/src/Controller/MunicipalityCrudController.php +++ b/symfony/src/Controller/MunicipalityCrudController.php @@ -2,7 +2,7 @@ namespace App\Controller; -use App\Controller\Utils\Roles; +use App\Utils\Roles; use App\Entity\Municipality; use EasyCorp\Bundle\EasyAdminBundle\Config\Action; use EasyCorp\Bundle\EasyAdminBundle\Config\Actions; diff --git a/symfony/src/Controller/RockCrudController.php b/symfony/src/Controller/RockCrudController.php index 8e98f15..8fa2d87 100644 --- a/symfony/src/Controller/RockCrudController.php +++ b/symfony/src/Controller/RockCrudController.php @@ -2,7 +2,8 @@ namespace App\Controller; -use App\Controller\Utils\Roles; +use App\Utils\AllowContributionExpression; +use App\Utils\Roles; use App\Entity\Rock; use App\Field\GeoPointField; use App\Form\ImageType; @@ -67,7 +68,10 @@ public function configureActions(Actions $actions): Actions ->remove(Crud::PAGE_NEW, Action::SAVE_AND_ADD_ANOTHER) ->remove(Crud::PAGE_EDIT, Action::SAVE_AND_CONTINUE) ->remove(Crud::PAGE_INDEX, Action::BATCH_DELETE) - ->add(Crud::PAGE_INDEX, Action::DETAIL); + ->add(Crud::PAGE_INDEX, Action::DETAIL) + ->setPermission(Action::DELETE, new AllowContributionExpression()) + ->setPermission(Action::EDIT, new AllowContributionExpression()) + ; } public function configureFilters(Filters $filters): Filters diff --git a/symfony/src/Controller/UserCrudController.php b/symfony/src/Controller/UserCrudController.php index 8b9184b..ef29283 100644 --- a/symfony/src/Controller/UserCrudController.php +++ b/symfony/src/Controller/UserCrudController.php @@ -2,7 +2,7 @@ namespace App\Controller; -use App\Controller\Utils\Roles; +use App\Utils\Roles; use App\Entity\User; use EasyCorp\Bundle\EasyAdminBundle\Config\Action; use EasyCorp\Bundle\EasyAdminBundle\Config\Actions; diff --git a/symfony/src/DataFixtures/UserFixtures.php b/symfony/src/DataFixtures/UserFixtures.php index 741cf29..e54df40 100644 --- a/symfony/src/DataFixtures/UserFixtures.php +++ b/symfony/src/DataFixtures/UserFixtures.php @@ -2,7 +2,7 @@ namespace App\DataFixtures; -use App\Controller\Utils\Roles; +use App\Utils\Roles; use App\Entity\User; use Doctrine\Bundle\FixturesBundle\Fixture; use Doctrine\Persistence\ObjectManager; diff --git a/symfony/src/Entity/LineBoulder.php b/symfony/src/Entity/LineBoulder.php index 506d9db..8f739c9 100644 --- a/symfony/src/Entity/LineBoulder.php +++ b/symfony/src/Entity/LineBoulder.php @@ -23,15 +23,14 @@ )] #[ApiResource( openapi: false, - security: "is_granted('ROLE_USER')", normalizationContext: ['groups' => ['LineBoulder:read']], denormalizationContext: ['groups' => ['LineBoulder:write']], operations: [ - new GetCollection(uriTemplate: '/admin/line_boulders'), - new Get(uriTemplate: '/admin/line_boulders/{id}'), - new Put(uriTemplate: '/admin/line_boulders/{id}'), - new Delete(uriTemplate: '/admin/line_boulders/{id}'), - new Post(uriTemplate: '/admin/line_boulders', validationContext: ['groups' => ['Default', 'LineBoulder:collection-post']]), + new GetCollection(uriTemplate: '/admin/line_boulders', security: "is_granted('ROLE_CONTRIBUTOR')"), + new Get(uriTemplate: '/admin/line_boulders/{id}', security: "is_granted('ROLE_CONTRIBUTOR')"), + new Put(uriTemplate: '/admin/line_boulders/{id}', security: "is_granted('ROLE_ADMIN') or object.getBoulder()?.getCreatedBy() == user"), + new Delete(uriTemplate: '/admin/line_boulders/{id}', security: "is_granted('ROLE_ADMIN') or object.getBoulder()?.getCreatedBy() == user"), + new Post(uriTemplate: '/admin/line_boulders', validationContext: ['groups' => ['Default', 'LineBoulder:collection-post']], securityPostDenormalize: "is_granted('ROLE_ADMIN') or object.getBoulder()?.getCreatedBy() == user"), ], )] class LineBoulder diff --git a/symfony/src/EventSubscriber/EasyAdminUserSubscriber.php b/symfony/src/EventSubscriber/EasyAdminUserSubscriber.php index 3cde906..68ff1ce 100644 --- a/symfony/src/EventSubscriber/EasyAdminUserSubscriber.php +++ b/symfony/src/EventSubscriber/EasyAdminUserSubscriber.php @@ -2,7 +2,7 @@ namespace App\EventSubscriber; -use App\Controller\Utils\Roles; +use App\Utils\Roles; use App\Entity\User; use EasyCorp\Bundle\EasyAdminBundle\Event\BeforeEntityUpdatedEvent; use Symfony\Bundle\SecurityBundle\Security; @@ -12,9 +12,7 @@ class EasyAdminUserSubscriber implements EventSubscriberInterface { - public function __construct(private Security $security, private AuthorizationCheckerInterface $authorizationChecker) - { - } + public function __construct(private Security $security, private AuthorizationCheckerInterface $authorizationChecker) {} public static function getSubscribedEvents(): array { diff --git a/symfony/src/Utils/AllowContributionExpression.php b/symfony/src/Utils/AllowContributionExpression.php new file mode 100644 index 0000000..85bcdb2 --- /dev/null +++ b/symfony/src/Utils/AllowContributionExpression.php @@ -0,0 +1,13 @@ +