Fixed voters.

2025-12-26 21:09:31 +00:00 · 2022-11-13 21:01:40 +01:00 · 2022-11-13 21:01:40 +01:00 · 5829d42968
commit 5829d42968
parent ae4cb23b18
4 changed files with 142 additions and 36 deletions
--- a/src/Security/Voter/OrderdetailVoter.php
+++ b/src/Security/Voter/OrderdetailVoter.php
@ -25,30 +25,60 @@ namespace App\Security\Voter;

 use App\Entity\PriceInformations\Orderdetail;
 use App\Entity\UserSystem\User;
+use App\Services\PermissionResolver;
+use Doctrine\ORM\EntityManagerInterface;
+use Symfony\Component\Security\Core\Security;

 class OrderdetailVoter extends ExtendedVoter
 {
-    /**
-     * @var string[] When this permsission are encountered, they are checked on part
-     */
-    protected const PART_PERMS = ['show_history', 'revert_element'];
+    protected Security $security;
+
+    public function __construct(PermissionResolver $resolver, EntityManagerInterface $entityManager, Security $security)
+    {
+        parent::__construct($resolver, $entityManager);
+        $this->security = $security;
+    }
+
+    protected const ALLOWED_PERMS = ['read', 'edit', 'create', 'delete', 'show_history', 'revert_element'];

    protected function voteOnUser(string $attribute, $subject, User $user): bool
    {
-        if (in_array($attribute, self::PART_PERMS, true)) {
-            return $this->resolver->inherit($user, 'parts', $attribute) ?? false;
+        if (! is_a($subject, Orderdetail::class, true)) {
+            throw new \RuntimeException('This voter can only handle Orderdetail objects!');
        }

-        return $this->resolver->inherit($user, 'parts_orderdetails', $attribute) ?? false;
+        switch ($attribute) {
+            case 'read':
+                $operation = 'read';
+                break;
+            case 'edit': //As long as we can edit, we can also edit orderdetails
+            case 'create':
+            case 'delete':
+                $operation = 'edit';
+                break;
+            case 'show_history':
+                $operation = 'show_history';
+                break;
+            case 'revert_element':
+                $operation = 'revert_element';
+                break;
+            default:
+                throw new \RuntimeException('Encountered unknown operation "'.$attribute.'"!');
+        }
+
+        //If we have no part associated use the generic part permission
+        if (is_string($subject) || $subject->getPart() === null) {
+            return $this->resolver->inherit($user, 'parts', $operation) ?? false;
+        }
+
+        //Otherwise vote on the part
+        return $this->security->isGranted($attribute, $subject->getPart());
    }

    protected function supports($attribute, $subject): bool
    {
        if (is_a($subject, Orderdetail::class, true)) {
-            return in_array($attribute, array_merge(
-                self::PART_PERMS,
-                $this->resolver->listOperationsForPermission('parts_orderdetails')
-            ), true);
+            return in_array($attribute, self::ALLOWED_PERMS, true);
        }

        return false;