diff --git a/public/main/inc/lib/api.lib.php b/public/main/inc/lib/api.lib.php index f9d17ba102..8f6d6578ce 100644 --- a/public/main/inc/lib/api.lib.php +++ b/public/main/inc/lib/api.lib.php @@ -11,8 +11,8 @@ use Chamilo\CoreBundle\Entity\User; use Chamilo\CoreBundle\Entity\UserCourseCategory; use Chamilo\CoreBundle\Exception\NotAllowedException; use Chamilo\CoreBundle\Framework\Container; -use Chamilo\CoreBundle\Service\PermissionService; use Chamilo\CoreBundle\ServiceHelper\MailHelper; +use Chamilo\CoreBundle\ServiceHelper\PermissionServiceHelper; use Chamilo\CoreBundle\ServiceHelper\ThemeHelper; use Chamilo\CourseBundle\Entity\CGroup; use Chamilo\CourseBundle\Entity\CLp; @@ -6348,15 +6348,9 @@ function api_get_roles() function api_get_user_roles(): array { - $roles = [ - 'ROLE_TEACHER', - 'ROLE_STUDENT', - 'ROLE_RRHH', - 'ROLE_SESSION_MANAGER', - 'ROLE_STUDENT_BOSS', - 'ROLE_INVITEE', - 'ROLE_USER', - ]; + $permissionService = Container::$container->get(PermissionServiceHelper::class); + + $roles = $permissionService->getUserRoles(); return array_combine($roles, $roles); } @@ -7484,7 +7478,7 @@ function api_protect_webservices() */ function api_get_permission(string $permissionSlug, array $roles): bool { - $permissionService = Container::$container->get(PermissionService::class); + $permissionService = Container::$container->get(PermissionServiceHelper::class); return $permissionService->hasPermission($permissionSlug, $roles); } diff --git a/src/CoreBundle/Controller/PermissionController.php b/src/CoreBundle/Controller/PermissionController.php index b8e5ee9371..67d11e1338 100644 --- a/src/CoreBundle/Controller/PermissionController.php +++ b/src/CoreBundle/Controller/PermissionController.php @@ -10,6 +10,7 @@ use Chamilo\CoreBundle\Entity\PermissionRelRole; use Chamilo\CoreBundle\Form\PermissionType; use Chamilo\CoreBundle\Repository\PermissionRelRoleRepository; use Chamilo\CoreBundle\Repository\PermissionRepository; +use Chamilo\CoreBundle\ServiceHelper\PermissionServiceHelper; use Doctrine\ORM\EntityManagerInterface; use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; use Symfony\Component\HttpFoundation\Request; @@ -17,27 +18,11 @@ use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Routing\Annotation\Route; use Symfony\Component\Security\Http\Attribute\IsGranted; -/** - * The Permission controller manages the /permissions page to control what roles has what permission - */ class PermissionController extends AbstractController { - - #[IsGranted('ROLE_ADMIN')] - #[Route('/permissions/test', name: 'permissions_test')] - public function testPermissions(): Response - { - // Test roles and permission slug - $roles = ['ROLE_STUDENT', 'ROLE_TEACHER']; - $permissionSlug = 'analytics:view'; - - // Call the api_get_permission function and log the result - $hasPermission = api_get_permission($permissionSlug, $roles); - error_log('Permission check for ' . $permissionSlug . ' with roles ' . implode(', ', $roles) . ': ' . ($hasPermission ? 'true' : 'false')); - - // Return a simple response for testing purposes - return new Response('Permission check result: ' . ($hasPermission ? 'true' : 'false') . ''); - } + public function __construct( + private PermissionServiceHelper $permissionServiceHelper + ) {} #[IsGranted('ROLE_ADMIN')] #[Route('/permissions', name: 'permissions')] @@ -48,14 +33,13 @@ class PermissionController extends AbstractController EntityManagerInterface $em ): Response { $permissions = $permissionRepo->findAll(); - $roles = ['ROLE_INVITEE', 'ROLE_STUDENT', 'ROLE_TEACHER', 'ROLE_ADMIN', 'ROLE_SUPER_ADMIN', 'ROLE_GLOBAL_ADMIN', 'ROLE_RRHH', 'ROLE_QUESTION_MANAGER', 'ROLE_SESSION_MANAGER', 'ROLE_STUDENT_BOSS']; + $roles = $this->permissionServiceHelper->getUserRoles(); if ($request->isMethod('POST')) { $data = $request->request->all('permissions'); foreach ($permissions as $permission) { foreach ($roles as $role) { $checkboxValue = isset($data[$permission->getSlug()][$role]); - error_log('Processing role: ' . $role . ' with value: ' . ($checkboxValue ? 'true' : 'false')); $permRelRole = $permissionRelRoleRepo->findOneBy(['permission' => $permission, 'roleCode' => $role]); if ($checkboxValue) { @@ -67,17 +51,14 @@ class PermissionController extends AbstractController $permRelRole->setChangeable(true); $permRelRole->setUpdatedAt(new \DateTime()); $em->persist($permRelRole); - error_log('Persisting PermissionRelRole for permission: ' . $permission->getSlug() . ' and role: ' . $role); } else { if ($permRelRole) { $em->remove($permRelRole); - error_log('Removing PermissionRelRole for permission: ' . $permission->getSlug() . ' and role: ' . $role); } } } } $em->flush(); - error_log('Flush complete'); return $this->redirectToRoute('permissions'); } diff --git a/src/CoreBundle/Resources/config/services.yml b/src/CoreBundle/Resources/config/services.yml index d65a41cd4e..e69d784f18 100644 --- a/src/CoreBundle/Resources/config/services.yml +++ b/src/CoreBundle/Resources/config/services.yml @@ -104,6 +104,6 @@ services: Chamilo\CoreBundle\Filter\SocialWallFilter: tags: [ 'api_platform.filter' ] - Chamilo\CoreBundle\Service\PermissionService: + Chamilo\CoreBundle\ServiceHelper\PermissionServiceHelper: arguments: $permissionRelRoleRepository: '@Chamilo\CoreBundle\Repository\PermissionRelRoleRepository' diff --git a/src/CoreBundle/Service/PermissionService.php b/src/CoreBundle/ServiceHelper/PermissionServiceHelper.php similarity index 56% rename from src/CoreBundle/Service/PermissionService.php rename to src/CoreBundle/ServiceHelper/PermissionServiceHelper.php index 0d2d9903fc..51f31dbb3b 100644 --- a/src/CoreBundle/Service/PermissionService.php +++ b/src/CoreBundle/ServiceHelper/PermissionServiceHelper.php @@ -1,20 +1,28 @@ permissionRelRoleRepository = $permissionRelRoleRepository; + $roles = $this->parameterBag->get('security.role_hierarchy.roles'); + + return array_filter(array_keys($roles), function ($role) { + return !str_starts_with($role, 'ROLE_CURRENT_') && $role !== 'ROLE_ANONYMOUS'; + }); } public function hasPermission(string $permissionSlug, array $roles): bool