Merge remote-tracking branch 'origin/master'

4 years ago · 38830b800d
parent 0bbea51452 84bea4151b
commit 38830b800d
2 changed files with 15 additions and 15 deletions
--- a/src/CoreBundle/Entity/SessionRelCourse.php
+++ b/src/CoreBundle/Entity/SessionRelCourse.php
@ -32,7 +32,7 @@ use Symfony\Component\Serializer\Annotation\Groups;
 #[ApiResource(
    collectionOperations: [
        'get' => [
-            'security' => "is_granted('ROLE_ADMIN')",
+            'security' => "is_granted('ROLE_USER')",
        ],
        'post' => [
            'security' => "is_granted('ROLE_ADMIN')",
@ -40,15 +40,12 @@ use Symfony\Component\Serializer\Annotation\Groups;
    ],
    itemOperations: [
        'get' => [
-            'security' => "is_granted('ROLE_ADMIN')",
+            'security' => "is_granted('ROLE_ADMIN') or is_granted('VIEW', object)",
        ],
        'put' => [
            'security' => "is_granted('ROLE_ADMIN')",
        ],
    ],
    attributes: [
        'security' => "is_granted('ROLE_ADMIN')",
    ],
    denormalizationContext: [
        'groups' => ['session_rel_course:write'],
    ],
--- a/src/CoreBundle/Security/Authorization/Voter/SessionVoter.php
+++ b/src/CoreBundle/Security/Authorization/Voter/SessionVoter.php
@ -65,32 +65,35 @@ class SessionVoter extends Voter
    {
        /** @var User $user */
        $user = $token->getUser();
        // Make sure there is a user object (i.e. that the user is logged in)
        if (!$user instanceof UserInterface) {
            return false;
        }
-        // Admins have access to everything
+        // Admins have access to everything.
        if ($this->security->isGranted('ROLE_ADMIN')) {
            return true;
        }
        // Checks if the current course was set up
-        // $session->getCurrentCourse() is set in the class CourseListener
+        // $session->getCurrentCourse() is set in the class CourseListener.
        /** @var Session $session */
        $session = $subject;
        $currentCourse = $session->getCurrentCourse();
        switch ($attribute) {
            case self::VIEW:
                // @todo improve performance.
                $userIsGeneralCoach = $session->hasUserAsGeneralCoach($user);
-                $userIsCourseCoach = $currentCourse && $session->hasCoachInCourseWithStatus($user, $currentCourse);
+                if (null === $currentCourse) {
-                $userIsStudent = $currentCourse
+                    $userIsStudent = $session->getSessionRelCourseByUser($user, Session::STUDENT)->count() > 0;
-                    ? $session->hasUserInCourse($user, $currentCourse, Session::STUDENT)
+                    $userIsCourseCoach = false;
-                    : $session->getSessionRelCourseByUser($user, Session::STUDENT)->count() > 0;
+                } else {
-
+                    $userIsCourseCoach = $session->hasCoachInCourseWithStatus($user, $currentCourse);
-                if (empty($session->getDuration())) {
+                    $userIsStudent = $session->hasUserInCourse($user, $currentCourse, Session::STUDENT);
                }
                $duration = (int) $session->getDuration();
                if (0 === $duration) {
                    // General coach.
                    if ($userIsGeneralCoach && $session->isActiveForCoach()) {
                        $user->addRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_SESSION_TEACHER);
@ -105,7 +108,7 @@ class SessionVoter extends Voter
                        return true;
                    }
-                    // Student access
+                    // Student access.
                    if ($userIsStudent && $session->isActiveForStudent()) {
                        $user->addRole(ResourceNodeVoter::ROLE_CURRENT_COURSE_SESSION_STUDENT);