Revert "restrict new rights given to comptoir to change adherent data only"

This reverts commit 2b840831.

fixtures/tav/fixtures-tav.yaml

@@ -132,7 +132,7 @@ App\Entity\Usergroup:
             'ROLE_ADMIN_PRESTATAIRE_COTISATIONS_EDIT',
             'ROLE_ADMIN_PRESTATAIRE_COTISATIONS_LIST',
             'ROLE_ADMIN_PRESTATAIRE_COTISATIONS_CREATE',
-            'ROLE_CHANGE_ADHERENT_PERSONAL_DATA']]
+            'ROLE_SONATA_USER_ADMIN_USER_ALL']]
     usergroup_contact:
         __construct: ['Contact', [
             'ROLE_CONTACT',

src/Migrations/Version20221211160940.php

@@ -21,7 +21,7 @@ final class Version20221211160940 extends AbstractMigration
     {
         // this up() migration is auto-generated, please modify it to your needs
         //$this->addSql('UPDATE usergroup SET roles = \'a:13:{i:0;s:13:\"ROLE_COMPTOIR\";i:1;s:30:\"ROLE_ADMIN_ADHERENT_GERER_EDIT\";i:2;s:30:\"ROLE_ADMIN_ADHERENT_GERER_LIST\";i:3;s:32:\"ROLE_ADMIN_ADHERENT_GERER_CREATE\";i:4;s:30:\"ROLE_ADMIN_ADHERENT_GERER_VIEW\";i:5;s:35:\"ROLE_ADMIN_ADHERENT_COTISATIONS_ALL\";i:6;s:30:\"ROLE_ADMIN_COMPTOIR_GERER_EDIT\";i:7;s:30:\"ROLE_ADMIN_COMPTOIR_GERER_VIEW\";i:8;s:31:\"ROLE_ADMIN_TRANSFERT_GERER_LIST\";i:9;s:33:\"ROLE_ADMIN_TRANSFERT_GERER_CREATE\";i:10;s:31:\"ROLE_ADMIN_TRANSFERT_GERER_VIEW\";i:11;s:43:\"ROLE_ADMIN_OPERATION_PRESTATAIRE_GERER_LIST\";i:12;s:40:\"ROLE_ADMIN_OPERATION_ADHERENT_GERER_LIST\";}\' WHERE name = "Comptoir"');
-        $this->addSql('UPDATE usergroup SET roles = \'a:19:{i:0;s:13:\"ROLE_COMPTOIR\";i:1;s:30:\"ROLE_ADMIN_ADHERENT_GERER_EDIT\";i:2;s:30:\"ROLE_ADMIN_ADHERENT_GERER_LIST\";i:3;s:32:\"ROLE_ADMIN_ADHERENT_GERER_CREATE\";i:4;s:30:\"ROLE_ADMIN_ADHERENT_GERER_VIEW\";i:5;s:35:\"ROLE_ADMIN_ADHERENT_COTISATIONS_ALL\";i:6;s:30:\"ROLE_ADMIN_COMPTOIR_GERER_EDIT\";i:7;s:30:\"ROLE_ADMIN_COMPTOIR_GERER_VIEW\";i:8;s:31:\"ROLE_ADMIN_TRANSFERT_GERER_LIST\";i:9;s:33:\"ROLE_ADMIN_TRANSFERT_GERER_CREATE\";i:10;s:31:\"ROLE_ADMIN_TRANSFERT_GERER_VIEW\";i:11;s:33:\"ROLE_ADMIN_PRESTATAIRE_GERER_VIEW\";i:12;s:39:\"ROLE_ADMIN_PRESTATAIRE_COTISATIONS_VIEW\";i:13;s:33:\"ROLE_ADMIN_PRESTATAIRE_GERER_LIST\";i:14;s:33:\"ROLE_ADMIN_PRESTATAIRE_GERER_EDIT\";i:15;s:39:\"ROLE_ADMIN_PRESTATAIRE_COTISATIONS_EDIT\";i:16;s:39:\"ROLE_ADMIN_PRESTATAIRE_COTISATIONS_LIST\";i:17;s:41:\"ROLE_ADMIN_PRESTATAIRE_COTISATIONS_CREATE\";i:18;s:34:\"ROLE_CHANGE_ADHERENT_PERSONAL_DATA\";}\' WHERE name = "Comptoir"');
+        $this->addSql('UPDATE usergroup SET roles = \'a:19:{i:0;s:13:\"ROLE_COMPTOIR\";i:1;s:30:\"ROLE_ADMIN_ADHERENT_GERER_EDIT\";i:2;s:30:\"ROLE_ADMIN_ADHERENT_GERER_LIST\";i:3;s:32:\"ROLE_ADMIN_ADHERENT_GERER_CREATE\";i:4;s:30:\"ROLE_ADMIN_ADHERENT_GERER_VIEW\";i:5;s:35:\"ROLE_ADMIN_ADHERENT_COTISATIONS_ALL\";i:6;s:30:\"ROLE_ADMIN_COMPTOIR_GERER_EDIT\";i:7;s:30:\"ROLE_ADMIN_COMPTOIR_GERER_VIEW\";i:8;s:31:\"ROLE_ADMIN_TRANSFERT_GERER_LIST\";i:9;s:33:\"ROLE_ADMIN_TRANSFERT_GERER_CREATE\";i:10;s:31:\"ROLE_ADMIN_TRANSFERT_GERER_VIEW\";i:11;s:33:\"ROLE_ADMIN_PRESTATAIRE_GERER_VIEW\";i:12;s:39:\"ROLE_ADMIN_PRESTATAIRE_COTISATIONS_VIEW\";i:13;s:33:\"ROLE_ADMIN_PRESTATAIRE_GERER_LIST\";i:14;s:33:\"ROLE_ADMIN_PRESTATAIRE_GERER_EDIT\";i:15;s:39:\"ROLE_ADMIN_PRESTATAIRE_COTISATIONS_EDIT\";i:16;s:39:\"ROLE_ADMIN_PRESTATAIRE_COTISATIONS_LIST\";i:17;s:41:\"ROLE_ADMIN_PRESTATAIRE_COTISATIONS_CREATE\";i:18;s:31:\"ROLE_SONATA_USER_ADMIN_USER_ALL\";}\' WHERE name = "Comptoir"');
     }
 
     public function down(Schema $schema) : void

src/Security/Handler/VoterSecurityHandler.php

@@ -2,9 +2,7 @@
 
 namespace App\Security\Handler;
 
-use App\Application\Sonata\UserBundle\Admin\UserAdmin;
 use App\Entity\GlobalParameter;
-use App\Entity\User;
 use Doctrine\ORM\EntityManagerInterface;
 use Sonata\AdminBundle\Admin\AdminInterface;
 use Sonata\AdminBundle\Security\Handler\RoleSecurityHandler;
@@ -45,8 +43,7 @@ class VoterSecurityHandler extends RoleSecurityHandler
         try {
             return $this->isAnyGranted($this->superAdminRoles)
                 || $this->isAnyGranted($attributes, $object)
-                || $this->isAnyGranted([$allRole], $object)
-                || $this->allowToChangeAdherentPersonalData($object);
+                || $this->isAnyGranted([$allRole], $object);
         } catch (AuthenticationCredentialsNotFoundException $e) {
             return false;
         }
@@ -67,12 +64,4 @@ class VoterSecurityHandler extends RoleSecurityHandler
 
         return false;
     }
-
-    private function allowToChangeAdherentPersonalData($object): bool
-    {
-        //var_dump(get_class($object));
-        $res = (($object instanceof User && $object->getAdherent()) || ($object instanceof UserAdmin)) && $this->authorizationChecker->isGranted('ROLE_CHANGE_ADHERENT_PERSONAL_DATA');
-        //var_dump($res);
-        return $res;
-    }
 }