Revert "comptoir access : instead of allowing all requests from UserAdmin…

Revert "comptoir access : instead of allowing all requests from UserAdmin object, only allow to show password in general user form, which is sufficient to change it ; add tav_env condition" This reverts commit a6401cfe.

Revert "comptoir access : instead of allowing all requests from UserAdmin…
Revert "comptoir access : instead of allowing all requests from UserAdmin object, only allow to show password in general user form, which is sufficient to change it ; add tav_env condition" This reverts commit a6401cfe.
306ad8ec · Yvon · 7e5eeabe · 306ad8ec · 306ad8ec
Commit 306ad8ec authored Jan 04, 2023 by Yvon
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 14 deletions

UserAdmin.php src/Application/Sonata/UserBundle/Admin/UserAdmin.php +1 -4

VoterSecurityHandler.php src/Security/Handler/VoterSecurityHandler.php +7 -10

No files found.
--- a/src/Application/Sonata/UserBundle/Admin/UserAdmin.php
+++ b/src/Application/Sonata/UserBundle/Admin/UserAdmin.php
@@ -194,10 +194,7 @@ class UserAdmin extends BaseUserAdmin
                    ->add('username')
                    ->add('email')
        ;
-        if (
-            'dev' == $_ENV['APP_ENV'] && ($this->isGranted('ROLE_SUPER_ADMIN')
-                || $this->getSecurityHandler()->grantChangeAdherentPasswordToNonSuperAdmin('ROLE_CHANGE_ADHERENT_PERSONAL_DATA'))
-        ) {
+        if ('dev' == $_ENV['APP_ENV'] && $this->isGranted('ROLE_SUPER_ADMIN')) {
            $formMapper
                ->add('plainPassword', RepeatedType::class, [
                    'type' => PasswordType::class,

--- a/src/Security/Handler/VoterSecurityHandler.php
+++ b/src/Security/Handler/VoterSecurityHandler.php
@@ -2,6 +2,7 @@

 namespace App\Security\Handler;

+use App\Application\Sonata\UserBundle\Admin\UserAdmin;
 use App\Entity\GlobalParameter;
 use App\Entity\User;
 use Doctrine\ORM\EntityManagerInterface;
@@ -45,7 +46,7 @@ class VoterSecurityHandler extends RoleSecurityHandler
            return $this->isAnyGranted($this->superAdminRoles)
                || $this->isAnyGranted($attributes, $object)
                || $this->isAnyGranted([$allRole], $object)
-                || $this->allowToModifyAdherentPersonalData($object);
+                || $this->allowToChangeAdherentPersonalData($object);
        } catch (AuthenticationCredentialsNotFoundException $e) {
            return false;
        }
@@ -67,15 +68,11 @@ class VoterSecurityHandler extends RoleSecurityHandler
        return false;
    }

-    private function allowToModifyAdherentPersonalData($object): bool
+    private function allowToChangeAdherentPersonalData($object): bool
    {
-        return $_ENV['TAV_ENV']
-            && $object instanceof User && $object->getAdherent()
-            && $this->authorizationChecker->isGranted('ROLE_CHANGE_ADHERENT_PERSONAL_DATA');
-    }
-
-    public function grantChangeAdherentPasswordToNonSuperAdmin($str): bool
-    {
-        return $_ENV['TAV_ENV'] && ($str === 'ROLE_CHANGE_ADHERENT_PERSONAL_DATA');
+        //var_dump(get_class($object));
+        $res = (($object instanceof User && $object->getAdherent()) || ($object instanceof UserAdmin)) && $this->authorizationChecker->isGranted('ROLE_CHANGE_ADHERENT_PERSONAL_DATA');
+        //var_dump($res);
+        return $res;
    }
 }