Skip to content
Snippets Groups Projects
Commit 74758d04 authored by pfleu's avatar pfleu
Browse files

API: Label : Vérification permission selon user du token .Ajout doc diagramme modele de données

parent 75d241f2
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Doc/entities_model.mmd 0 → 100644
+ 20
0
View file @ 74758d04
classDiagram
class Graphy {
}
class Headword {
}
class Entry {
}
class Lexicon {
}
class Label {
}
Graphy "N" -- "N" Headword : contains
Headword "1" -- "N" Entry : has
Entry "N" -- "1" Lexicon : belongs to
Label "N" -- "N" Headword : associated with
src/Controller/ApiLabelController.php
+ 25
9
View file @ 74758d04
......@@ -51,6 +51,7 @@ class ApiLabelController extends AppBaseController
* )
* @OA\Tag(name="Labels")
* @Security(name="OAuth2")
* @IsGranted("LABEL_VIEW", subject="label")
*/
public function getLabel(SerializerInterface $serializer, Label $label = null)
{
......@@ -141,6 +142,8 @@ class ApiLabelController extends AppBaseController
}
/**
* Ajoute le label aux mots-vedettes spécifiés (PAS AUX ENTRÉES))
* Si un mot-vedette n'est associé à aucune entrée visible par l'utilisateur, on empêche l'ajout du label.
*
* @Route("/api/label/add/{id}", name="api_label_add", methods={"POST"})
* @Route("/label/add/{id}", name="label_add", methods={"POST"})
......@@ -185,16 +188,20 @@ class ApiLabelController extends AppBaseController
}
// Pour chaque id de mot-vedette, on cherche le mot-vedette et on lui appose le label
// On émet un avertissement pour chaque headword non trouvé
// On émet un avertissement pour chaque headword non trouvé ou non accessible
$count = 0;
foreach ($data['headwords_ids'] as $headwordId) {
$headword = $this->doctrine->getRepository(Headword::class)->find($headwordId);
if ($headword) {
$labelManager->addHeadword($label, $headword);
$count++;
} else {
if (!$headword) {
$this->warning[] = sprintf("Pas de mot-vedette trouvé pour l'id %s", $headwordId);
continue;
}
if (!$this->isGranted('HEADWORD_EDIT', $headword)) {
$this->warning[] = sprintf("Pas de mot-vedette accessible pour l'id %s", $headwordId);
continue;
}
$labelManager->addHeadword($label, $headword);
$count++;
}
$this->success[] = sprintf("Label %s ajouté à %s mots-vedettes", $label, $count);
......@@ -227,6 +234,7 @@ class ApiLabelController extends AppBaseController
* )
* @OA\Tag(name="Labels")
* @Security(name="OAuth2")
* @IsGranted("LABEL_EDIT", subject="label")
*/
public function editLabel(Request $request, Label $label = null): Response
{
......@@ -276,6 +284,7 @@ class ApiLabelController extends AppBaseController
* )
* @OA\Tag(name="Labels")
* @Security(name="OAuth2")
* @IsGranted("LABEL_EDIT", subject="label")
*/
public function delete(Label $label)
{
......@@ -334,12 +343,16 @@ class ApiLabelController extends AppBaseController
$count = 0;
foreach ($data['headwords_ids'] as $headwordId) {
$headword = $this->doctrine->getRepository(Headword::class)->find($headwordId);
if ($headword) {
$count++;
$labelManager->removeHeadword($label, $headword);
} else {
if (!$headword) {
$this->warning[] = sprintf("Pas de mot-vedette trouvé pour l'id %s", $headwordId);
continue;
}
if (!$this->isGranted('HEADWORD_EDIT', $headword)) {
$this->warning[] = sprintf("Pas de mot-vedette accessible pour l'id %s", $headwordId);
continue;
}
$count++;
$labelManager->removeHeadword($label, $headword);
}
$this->doctrine->getManager()->flush();
......@@ -377,6 +390,9 @@ class ApiLabelController extends AppBaseController
$headwords = $label->getHeadwords()->toArray();
$graphies = [];
foreach ($headwords as $headword) {
if (!$this->isGranted('HEADWORD_VIEW', $headword)) {
continue;
}
foreach ($headword->getGraphies() as $graphy) {
$graphies[] = $graphy->getValue();
}
......
src/Security/Voter/HeadwordVoter.php 0 → 100644
+ 81
0
View file @ 74758d04
<?php
namespace App\Security\Voter;
use App\Entity\Headword;
use App\Entity\User;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Component\Security\Core\Security;
use Symfony\Component\Security\Core\User\UserInterface;
use function PHPUnit\Framework\isNan;
class HeadwordVoter extends Voter
{
public const VIEW = 'HEADWORD_VIEW';
public const EDIT = 'HEADWORD_EDIT';
public const DELETE = 'HEADWORD_DELETE';
private $security;
public function __construct(Security $security)
{
$this->security = $security;
}
protected function supports(string $attribute, $subject): bool
{
return in_array($attribute, [
self::VIEW,
self::EDIT,
self::DELETE,
])
&& $subject instanceof Headword;
}
protected function voteOnAttribute(string $attribute, $subject, TokenInterface $token): bool
{
$user = $token->getUser();
// if the user is anonymous, do not grant access
if (!$user instanceof User) {
return false;
}
switch ($attribute) {
case self::VIEW:
return $this->canView($subject, $user);
case self::EDIT:
return $this->canEdit($subject, $user);
case self::DELETE:
return $this->canDelete($subject, $user);
}
return false;
}
private function canView(Headword $headword, User $user): bool
{
if ($this->security->isGranted('ROLE_ADMIN')) {
return true;
}
// On voit les headwords associés à au moins une entrée qu'on peut voir
foreach ($headword->getEntries() as $entry) {
if ($this->security->isGranted('ENTRY_VIEW', $entry)) {
return true;
}
}
return false;
}
private function canEdit(Headword $headword, User $user): bool
{
return $this->canView($headword, $user);
}
private function canDelete(Headword $headword, User $user): bool
{
return $this->security->isGranted('ROLE_ADMIN');
}
}
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment