diff --git a/src/Controller/BerichtController.php b/src/Controller/BerichtController.php index bc61c6fb..b7e1490c 100644 --- a/src/Controller/BerichtController.php +++ b/src/Controller/BerichtController.php @@ -27,6 +27,7 @@ use App\Repository\VorfallRepository; use App\Repository\VVTRepository; use App\Service\CurrentTeamService; +use App\Service\SecurityService; use Nucleos\DompdfBundle\Wrapper\DompdfWrapper; use PhpOffice\PhpWord\IOFactory; use PhpOffice\PhpWord\PhpWord; @@ -54,6 +55,7 @@ public function backupSoftware( CurrentTeamService $currentTeamService, SoftwareRepository $softwareRepository, VVTRepository $vvtRepository, + SecurityService $securityService, ) { $team = $currentTeamService->getCurrentTeam($this->getUser()); @@ -65,8 +67,7 @@ public function backupSoftware( return $this->redirectNoReport(); } - // Center Team authentication - if ($team === null || $software[0]->getTeam() !== $team) { + if (!$securityService->checkTeamAccessToData($team, $software[0])) { return $this->redirectToRoute('dashboard'); } @@ -93,6 +94,7 @@ public function recoverySoftware( Request $request, CurrentTeamService $currentTeamService, SoftwareRepository $softwareRepository, + SecurityService $securityService, ) { $team = $currentTeamService->getCurrentTeam($this->getUser()); @@ -102,8 +104,7 @@ public function recoverySoftware( return $this->redirectNoReport(); } - // Center Team authentication - if ($team === null || $software[0]->getTeam() !== $team) { + if (!$securityService->checkTeamAccessToData($team, $software[0])) { return $this->redirectToRoute('dashboard'); } @@ -127,12 +128,12 @@ public function recoverySoftware( public function report( Request $request, CurrentTeamService $currentTeamService, + SecurityService $securityService, ): Response { $team = $currentTeamService->getCurrentTeam($this->getUser()); - // Center Team authentication - if (!$team) { + if (!$securityService->teamCheck($team)) { return $this->redirectToRoute('dashboard'); } @@ -144,12 +145,13 @@ public function report( #[Route(path: '/akademie', name: '_akademie')] public function reportAcademy( AkademieBuchungenRepository $academyBillingRepository, + SecurityService $securityService, ): Response { $user = $this->getUser(); $team = $user->getAkademieUser(); - // Admin Team authentication - if (!$user->hasAdminRole($team)) { + + if (!$securityService->adminCheck($user, $team)) { return $this->redirectToRoute('dashboard'); } @@ -167,6 +169,7 @@ public function reportAudit( Request $request, CurrentTeamService $currentTeamService, AuditTomRepository $auditTomRepository, + SecurityService $securityService, ) { @@ -188,8 +191,7 @@ public function reportAudit( return $this->redirectNoReport(); } - // Center Team authentication - if ($team === null || $audit[0]->getTeam() !== $team) { + if (!$securityService->checkTeamAccessToData($team, $audit[0])) { return $this->redirectToRoute('dashboard'); } @@ -212,27 +214,29 @@ public function reportDataTransfer( Request $request, CurrentTeamService $currentTeamService, DatenweitergabeRepository $dataTransferRepository, + SecurityService $securityService, ) { $id = $request->get('id'); $team = $currentTeamService->getCurrentTeam($this->getUser()); + if ($id) { $daten = $dataTransferRepository->findBy(['id'=>$id]); } else { - $daten = $dataTransferRepository->findBy([ - 'team' => $team, - 'activ' => true, - 'art' => $request->get('art') - ]); + $type = $request->get('art'); + if ($type == '1') { + $daten = $dataTransferRepository->findActiveTransfersByTeam($team); + } else if ($type == '2') { + $daten = $dataTransferRepository->findActiveOrderProcessingsByTeam($team); + } } - if (count($daten) < 1) { + if (!isset($daten) || count($daten) < 1) { return $this->redirectNoReport(); } - // Center Team authentication - if ($team === null || $daten[0]->getTeam() !== $team) { + if (!$securityService->checkTeamAccessToTransfer($daten[0], $team)) { return $this->redirectToRoute('dashboard'); } @@ -257,6 +261,7 @@ public function reportDeletionConcept( DompdfWrapper $wrapper, Request $request, CurrentTeamService $currentTeamService, + SecurityService $securityService, LoeschkonzeptRepository $deletionConceptRepository, ) { @@ -274,8 +279,7 @@ public function reportDeletionConcept( return $this->redirectNoReport(); } - // Center Team authentication - if ($team === null || $loeschkonzept[0]->getTeam() !== $team) { + if (!$securityService->checkTeamAccessToData($team, $loeschkonzept[0])) { return $this->redirectToRoute('dashboard'); } @@ -297,6 +301,7 @@ public function reportGenerateReports( Request $request, CurrentTeamService $currentTeamService, ReportRepository $reportRepository, + SecurityService $securityService, ): Response { $team = $currentTeamService->getCurrentTeam($this->getUser()); @@ -326,8 +331,7 @@ public function reportGenerateReports( return $this->redirectNoReport(); } - // Center Team authentication - if ($team === null || $report[0]->getTeam() !== $team) { + if (!$securityService->checkTeamAccessToData($team, $report[0])) { return $this->redirectToRoute('dashboard'); } @@ -403,6 +407,7 @@ public function reportGlobalTom( DompdfWrapper $wrapper, CurrentTeamService $currentTeamService, AuditTomRepository $auditTomRepository, + SecurityService $securityService, ) { $team = $currentTeamService->getCurrentTeam($this->getUser()); @@ -412,8 +417,7 @@ public function reportGlobalTom( return $this->redirectNoReport(); } - // Center Team authentication - if ($team === null || $audit[0]->getTeam() !== $team) { + if (!$securityService->checkTeamAccessToData($team, $audit[0])) { return $this->redirectToRoute('dashboard'); } @@ -438,6 +442,7 @@ public function reportIncident( Request $request, CurrentTeamService $currentTeamService, VorfallRepository $vorfallRepository, + SecurityService $securityService, ) { $id = $request->get('id'); @@ -454,8 +459,7 @@ public function reportIncident( return $this->redirectNoReport(); } - // Center Team authentication - if ($team === null || $daten[0]->getTeam() !== $team) { + if (!$securityService->checkTeamAccessToData($team, $daten[0])) { return $this->redirectToRoute('dashboard'); } @@ -481,6 +485,7 @@ public function reportPolicy( Request $request, CurrentTeamService $currentTeamService, PoliciesRepository $policiesRepository, + SecurityService $securityService, ) { $id = $request->get('id'); @@ -496,8 +501,7 @@ public function reportPolicy( return $this->redirectNoReport(); } - // Center Team authentication - if ($team === null || $policies[0]->getTeam() !== $team) { + if (!$securityService->checkTeamAccessToData($team, $policies[0])) { return $this->redirectToRoute('dashboard'); } @@ -523,6 +527,7 @@ public function reportRequest( Request $request, CurrentTeamService $currentTeamService, ClientRequestRepository $clientRequestRepository, + SecurityService $securityService, ) { @@ -541,8 +546,7 @@ public function reportRequest( return $this->redirectNoReport(); } - // Center Team authentication - if ($team === null || $clientRequest[0]->getTeam() !== $team) { + if (!$securityService->checkTeamAccessToData($team, $clientRequest[0])) { return $this->redirectToRoute('dashboard'); } @@ -565,6 +569,7 @@ public function reportSoftware( Request $request, CurrentTeamService $currentTeamService, SoftwareRepository $softwareRepository, + SecurityService $securityService, ) { $id = $request->get('id'); @@ -580,10 +585,10 @@ public function reportSoftware( return $this->redirectNoReport(); } - // Center Team authentication - if ($team === null || $software[0]->getTeam() !== $team) { + if (!$securityService->checkTeamAccessToData($team, $software[0])) { return $this->redirectToRoute('dashboard'); } + // Retrieve the HTML generated in our twig file $html = $this->renderView('bericht/software.html.twig', [ 'daten' => $software, @@ -606,6 +611,7 @@ public function reportTom( Request $request, CurrentTeamService $currentTeamService, TomRepository $tomRepository, + SecurityService $securityService, ) { @@ -622,8 +628,7 @@ public function reportTom( return $this->redirectNoReport(); } - // Center Team authentication - if ($team === null || $tom[0]->getTeam() !== $team) { + if (!$securityService->checkTeamAccessToData($team, $tom[0])) { return $this->redirectToRoute('dashboard'); } @@ -647,6 +652,7 @@ public function reportVvt( Request $request, CurrentTeamService $currentTeamService, VVTRepository $vvtRepository, + SecurityService $securityService, ) { ini_set('max_execution_time', '900'); @@ -669,8 +675,7 @@ public function reportVvt( return $this->redirectNoReport(); } - // Center Team authentication - if ($team === null || $vvt[0]->getTeam() !== $team) { + if (!$securityService->checkTeamAccessToData($team, $vvt[0])) { return $this->redirectToRoute('dashboard'); } @@ -693,6 +698,7 @@ public function reports( Request $request, CurrentTeamService $currentTeamService, ReportRepository $reportRepository, + SecurityService $securityService, ) { $team = $currentTeamService->getCurrentTeam($this->getUser()); @@ -735,12 +741,10 @@ public function reports( return $this->redirectNoReport(); } - // Center Team authentication - if ($team === null || $report[0]->getTeam() !== $team) { + if ($securityService->checkTeamAccessToData($team, $report[0])) { return $this->redirectToRoute('dashboard'); } - // Create a new Word document $phpWord = new PhpWord(); $phpWord->addTitleStyle(1, ['bold' => true], ['spaceAfter' => 240]); diff --git a/src/Service/SecurityService.php b/src/Service/SecurityService.php index d3ef599c..06cc61e6 100644 --- a/src/Service/SecurityService.php +++ b/src/Service/SecurityService.php @@ -134,6 +134,19 @@ public function teamDataCheck($data, $team): bool return true; } + public function checkTeamAccessToData($team, $data): bool + { + $teamPath = $team ? $this->teamRepository->getPath($team) : null; + $dataTeam = $data->getTeam(); + + if ($dataTeam === $team || in_array($dataTeam, $teamPath) && $data->isInherited()) { + return true; + } + + $this->logAccessDenied($team); + return false; + } + public function checkTeamAccessToProcess(VVT $process, $team): bool { $teamPath = $team ? $this->teamRepository->getPath($team) : null;