Social: Fix shared profile accessible - refs BT#21101

1 year ago · 4dcb996a51
parent 10d370e9c7
commit 4dcb996a51
3 changed files with 28 additions and 4 deletions
--- a/assets/vue/composables/useSocialInfo.js
+++ b/assets/vue/composables/useSocialInfo.js
@ -43,7 +43,12 @@ export function useSocialInfo() {
  const loadUser = async () => {
    try {
      if (route.query.id) {
-        user.value = await store.dispatch("user/load", "/api/users/" + route.query.id)
+        const params = { ...route.query }
+        if (route.path.includes("/social")) {
+          params.page_origin = "social"
+        }
+        const response = await axios.get(`/api/users/${route.query.id}`, { params })
+        user.value = response.data
        isCurrentUser.value = false
      } else {
        user.value = securityStore.user
--- a/assets/vue/views/social/SocialWall.vue
+++ b/assets/vue/views/social/SocialWall.vue
@ -1,12 +1,12 @@
 <template>
  <div>
-    <SocialWallPostForm v-if="!hidePostForm"  @post-created="refreshPosts" class="mb-6" />
+    <SocialWallPostForm v-if="!hidePostForm && isCurrentUser"  @post-created="refreshPosts" class="mb-6" />
    <SocialWallPostList ref="postListRef" class="mb-6" />
  </div>
 </template>

 <script setup>
-import { ref } from 'vue';
+import { inject, ref } from "vue"
 import SocialWallPostForm from "../../components/social/SocialWallPostForm.vue"
 import SocialWallPostList from "../../components/social/SocialWallPostList.vue"

@ -18,6 +18,7 @@ const props = defineProps({
 });

 const postListRef = ref(null);
+const isCurrentUser = inject('is-current-user')

 function refreshPosts() {
  if (postListRef.value) {
--- a/src/CoreBundle/Security/Authorization/Voter/UserVoter.php
+++ b/src/CoreBundle/Security/Authorization/Voter/UserVoter.php
@ -11,6 +11,7 @@ use Chamilo\CoreBundle\Entity\User;
 use Chamilo\CoreBundle\Entity\UserRelUser;
 use Doctrine\ORM\EntityManagerInterface;
 use Symfony\Bundle\SecurityBundle\Security;
+use Symfony\Component\HttpFoundation\RequestStack;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authorization\Voter\Voter;
 use Symfony\Component\Security\Core\User\UserInterface;
@ -27,7 +28,8 @@ class UserVoter extends Voter

    public function __construct(
        private Security $security,
-        private EntityManagerInterface $entityManager
+        private EntityManagerInterface $entityManager,
+        private RequestStack $requestStack
    ) {}

    protected function supports(string $attribute, $subject): bool
@ -64,6 +66,11 @@ class UserVoter extends Voter
        $user = $subject;

        if (self::VIEW === $attribute) {
+            // If the user is on the social page and is logged in, allow access
+            if ($this->isFromSocialPage() && $currentUser->getId() !== null) {
+                return true;
+            }
+
            if ($currentUser === $user) {
                return true;
            }
@ -92,6 +99,17 @@ class UserVoter extends Voter
        return false;
    }

+    private function isFromSocialPage(): bool
+    {
+        $request = $this->requestStack->getCurrentRequest();
+        if ($request) {
+            $pageOrigin = $request->query->get('page_origin');
+            return $pageOrigin === 'social';
+        }
+
+        return false;
+    }
+
    private function haveSharedMessages(User $currentUser, User $targetUser): bool
    {
        $messageRepository = $this->entityManager->getRepository(Message::class);