Skip to content

Commit

Permalink
update security service
Browse files Browse the repository at this point in the history
  • Loading branch information
KaydenLiss committed Aug 10, 2023
1 parent f3eb919 commit 4afb505
Show file tree
Hide file tree
Showing 16 changed files with 169 additions and 103 deletions.
27 changes: 19 additions & 8 deletions src/Controller/DatenweitergabeController.php
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
namespace App\Controller;

use App\Entity\Datenweitergabe;
use App\Entity\Team;
use App\Repository\DatenweitergabeRepository;
use App\Repository\TeamRepository;
use App\Service\ApproveService;
Expand Down Expand Up @@ -248,19 +249,14 @@ public function editDatenweitergabe(
AssignService $assignService,
CurrentTeamService $currentTeamService,
DatenweitergabeRepository $dataTransferRepository,
TeamRepository $teamRepository,
): Response
{
set_time_limit(600);
$team = $currentTeamService->getCurrentTeam($this->getUser());
$teamPath = $team ? $teamRepository->getPath($team) : null;
$daten = $dataTransferRepository->find($request->get('id'));

if ($securityService->teamPathDataCheck($daten, $teamPath) === false) {
if ($daten->getArt() === 1) {
return $this->redirectToRoute('datenweitergabe');
}
return $this->redirectToRoute('auftragsverarbeitung');
if (!$this->checkAccess($securityService, $daten, $team)) {
$redirectRoute = $daten->getArt() === 1 ? 'datenweitergabe' : 'auftragsverarbeitung';
return $this->redirectToRoute($redirectRoute);
}

$newDaten = $datenweitergabeService->cloneDatenweitergabe($daten, $this->getUser());
Expand Down Expand Up @@ -355,4 +351,19 @@ public function indexDataTransfer(
'currentTeam' => $team,
]);
}

private function checkAccess(SecurityService $securityService, ?Datenweitergabe $transfer, Team $team): bool
{
if (!$transfer) {
$this->addFlash('danger', 'elementDoesNotExistError');
return false;
}

if (!$securityService->checkTeamAccessToTransfer($transfer, $team)) {
$this->addFlash('danger', 'accessDeniedError');
return false;
}

return true;
}
}
19 changes: 9 additions & 10 deletions src/Controller/KontaktController.php
Original file line number Diff line number Diff line change
Expand Up @@ -121,19 +121,18 @@ public function editKontakt(
Request $request,
SecurityService $securityService,
CurrentTeamService $currentTeamService,
KontakteRepository $contactRepository,
TeamRepository $teamRepository,
KontakteRepository $contactRepository
): Response
{
$team = $currentTeamService->getCurrentTeam($this->getUser());
$teamPath = $team ? $teamRepository->getPath($team) : null;
$kontakt = $contactRepository->find($request->get('id'));
if ($securityService->teamPathDataCheck($kontakt, $teamPath) === false) {
return $this->redirectToRoute('kurse');
$contact = $contactRepository->find($request->get('id'));
if (!$securityService->checkTeamAccessToContact($contact, $team)) {
$this->addFlash('danger', 'accessDeniedError');
return $this->redirectToRoute('kontakt');
}

$isEditable = $kontakt->getTeam() === $team;
$form = $this->createForm(KontaktType::class, $kontakt, ['disabled' => !$isEditable]);
$isEditable = $contact->getTeam() === $team;
$form = $this->createForm(KontaktType::class, $contact, ['disabled' => !$isEditable]);
$form->handleRequest($request);

$errors = array();
Expand All @@ -146,15 +145,15 @@ public function editKontakt(
return $this->redirectToRoute(
'kontakt_edit',
[
'id' => $kontakt->getId(),
'id' => $contact->getId(),
'snack' => $this->translator->trans(id: 'save.successful', domain: 'general'),
]
);
}
}
return $this->render('kontakt/edit.html.twig', [
'form' => $form->createView(),
'kontakt' => $kontakt,
'kontakt' => $contact,
'errors' => $errors,
'title' => $this->translator->trans(id: 'contact.edit', domain: 'kontakt'),
'snack' => $request->get('snack'),
Expand Down
5 changes: 2 additions & 3 deletions src/Controller/PoliciesController.php
Original file line number Diff line number Diff line change
Expand Up @@ -176,14 +176,13 @@ public function editPolicy(
AssignService $assignService,
CurrentTeamService $currentTeamService,
PoliciesRepository $policiesRepository,
TeamRepository $teamRepository,
): Response
{
$team = $currentTeamService->getCurrentTeam($this->getUser());
$teamPath = $team ? $teamRepository->getPath($team) : null;
$policy = $policiesRepository->find($request->get('id'));

if ($securityService->teamPathDataCheck($policy, $teamPath) === false) {
if (!$securityService->checkTeamAccessToPolicy($policy, $team)) {
$this->addFlash('danger', 'accessDeniedError');
return $this->redirectToRoute('policies');
}
$newPolicy = $policiesService->clonePolicy($policy, $this->getUser());
Expand Down
23 changes: 19 additions & 4 deletions src/Controller/SoftwareController.php
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,9 @@

namespace App\Controller;

use App\Entity\Software;
use App\Entity\SoftwareConfig;
use App\Entity\Team;
use App\Repository\SoftwareConfigRepository;
use App\Repository\SoftwareRepository;
use App\Repository\TeamRepository;
Expand Down Expand Up @@ -228,16 +230,14 @@ public function editSoftware(
SecurityService $securityService,
AssignService $assignService,
CurrentTeamService $currentTeamService,
SoftwareRepository $softwareRepository,
TeamRepository $teamRepository,
SoftwareRepository $softwareRepository
): Response
{
//Request: id: SoftwareID, snack:Snack Notice
$team = $currentTeamService->getCurrentTeam($this->getUser());
$teamPath = $team ? $teamRepository->getPath($team) : null;
$software = $softwareRepository->find($request->get('id'));

if ($securityService->teamPathDataCheck($software, $teamPath) === false) {
if (!$this->checkAccess($securityService, $software, $team)) {
return $this->redirectToRoute('software');
}
$newSoftware = $softwareService->cloneSoftware($software, $this->getUser());
Expand Down Expand Up @@ -306,4 +306,19 @@ public function index(
'currentTeam' => $team,
]);
}

private function checkAccess(SecurityService $securityService, ?Software $software, Team $team): bool
{
if (!$software) {
$this->addFlash('danger', 'elementDoesNotExistError');
return false;
}

if (!$securityService->checkTeamAccessToSoftware($software, $team)) {
$this->addFlash('danger', 'accessDeniedError');
return false;
}

return true;
}
}
4 changes: 2 additions & 2 deletions src/Controller/TomController.php
Original file line number Diff line number Diff line change
Expand Up @@ -165,10 +165,10 @@ public function editTom(
): Response
{
$team = $currentTeamService->getCurrentTeam($this->getUser());
$teamPath = $team ? $teamRepository->getPath($team) : null;
$tom = $tomRepository->find($request->get('tom'));

if ($securityService->teamPathDataCheck($tom, $teamPath) === false) {
if ($securityService->checkTeamAccessToTom($tom, $team) === false) {
$this->addFlash('danger', 'accessDeniedError');
return $this->redirectToRoute('tom');
}

Expand Down
12 changes: 5 additions & 7 deletions src/Controller/VvtController.php
Original file line number Diff line number Diff line change
Expand Up @@ -220,15 +220,14 @@ public function editVvt(
AssignService $assignService,
VVTDatenkategorieService $VVTDatenkategorieService,
CurrentTeamService $currentTeamService,
VVTRepository $vvtRepository,
TeamRepository $teamRepository
VVTRepository $vvtRepository
): Response
{
$team = $currentTeamService->getCurrentTeam($this->getUser());
$vvt = $vvtRepository->find($request->get('id'));
$teamPath = $team ? $teamRepository->getPath($team) : null;

if ($securityService->teamPathDataCheck($vvt, $teamPath) === false) {
if ($securityService->checkTeamAccessToProcess($vvt, $team) === false) {
$this->addFlash('danger', 'accessDeniedError');
return $this->redirectToRoute('vvt');
}
$newVvt = $VVTService->cloneVvt($vvt, $this->getUser());
Expand Down Expand Up @@ -316,9 +315,8 @@ public function editVvtDsfa(
{
$team = $currentTeamService->getCurrentTeam($this->getUser());
$dsfa = $vvtDsfaRepository->find($request->get('dsfa'));
$teamPath = $team ? $teamRepository->getPath($team) : null;

if ($securityService->teamPathDataCheck($dsfa->getVvt(), $teamPath) === false) {
if (!$securityService->checkTeamAccessToProcess(process: $dsfa->getVvt(), team: $team)) {
return $this->redirectToRoute('vvt');
}

Expand Down Expand Up @@ -401,7 +399,7 @@ public function newVvtDsfa(
return $this->redirectToRoute('vvt');
}

$dsfa = $VVTService->newDsfa($team, $this->getUser(), $vvt);
$dsfa = $VVTService->newDsfa($this->getUser(), $vvt);

$form = $this->createForm(VvtDsfaType::class, $dsfa);
$form->handleRequest($request);
Expand Down
4 changes: 2 additions & 2 deletions src/Service/NotificationService.php
Original file line number Diff line number Diff line change
Expand Up @@ -63,14 +63,14 @@ public function sendNotificationAkademie(AkademieBuchungen $buchung, $content):
}

public function sendNotificationAssign($content, User $user): bool
{
{/*
$this->mailer->sendEmail(
$this->translator->trans(id: 'notification.odc.sender', domain: 'service'),
$this->parameterBag->get('defaultEmail'),
$user->getEmail(),
$this->translator->trans(id: 'notification.odc.element.assign', domain: 'service'),
$content,
);
);*/

return true;
}
Expand Down
Loading

0 comments on commit 4afb505

Please sign in to comment.