BTTF-50

config/opentalent/enum.yaml

@@ -52,13 +52,13 @@ opentalent:
 
   #Organization
     organization_category: 'App\Enum\Organization\CategoryEnum'
-    organization_financial: 'App\Enum\Organization\financialEnum'
+    organization_financial: 'App\Enum\Organization\FinancialEnum'
     organization_legal: 'App\Enum\Organization\LegalEnum'
-    organization_opca: 'App\Enum\Organization\opcaEnum'
-    organization_principal_type: 'App\Enum\Organization\principalTypeEnum'
-    organization_school_cat: 'App\Enum\Organization\schoolCategoryEnum'
-    organization_type_establishment_detail: 'App\Enum\Organization\typeEstablishmentDetailEnum'
-    organization_type_establishment: 'App\Enum\Organization\typeEstablishmentEnum'
+    organization_opca: 'App\Enum\Organization\OpcaEnum'
+    organization_principal_type: 'App\Enum\Organization\PrincipalTypeEnum'
+    organization_school_cat: 'App\Enum\Organization\SchoolCategoryEnum'
+    organization_type_establishment_detail: 'App\Enum\Organization\TypeEstablishmentDetailEnum'
+    organization_type_establishment: 'App\Enum\Organization\TypeEstablishmentEnum'
     organization_familly_type: 'App\Enum\Organization\FamillyTypeEnum'
     organization_sub_familly_type: 'App\Enum\Organization\SubFamillyTypeEnum'
     organization_bulletin_period: 'App\Enum\Organization\BulletinPeriodEnum'

config/services.yaml

@@ -24,9 +24,6 @@ services:
             - '../src/Kernel.php'
             - '../src/Tests/'
 
-    App\Serializer\OpentalentNormalizer:
-        decorates: 'api_platform.jsonld.normalizer.item'
-
     App\Service\Cotisation\Utils:
         public: true
 
@@ -36,5 +33,17 @@ services:
     App\Service\Organization\Utils:
         public: true
 
+    #########################################
+    ##  TAG Services ##
     App\Doctrine\Access\HandleAccessExtension:
-        - !tagged_iterator app.extensions.access
+        - !tagged_iterator app.extensions.access
+
+    #########################################
+    ##  SERIALIZER Decorates ##
+    App\Serializer\OpentalentNormalizer:
+        decorates: 'api_platform.jsonld.normalizer.item'
+
+    App\Serializer\AccessContextBuilder:
+        decorates: 'api_platform.serializer.context_builder'
+        arguments: [ '@App\Serializer\AccessContextBuilder.inner' ]
+        autoconfigure: false

src/ApiResources/Profile/AccessProfile.php

@@ -58,6 +58,10 @@ class AccessProfile
      * @Groups({"access_profile_read"})
      */
     private $activityYear;
+    /**
+     * @Groups({"access_profile_read"})
+     */
+    private $historical=[];
     /**
      * @Groups({"access_profile_read"})
      */
@@ -242,4 +246,15 @@ class AccessProfile
 
         return $this;
     }
+
+    public function getHistorical(): array
+    {
+        return $this->historical;
+    }
+
+    public function setHistorical(array $historical): self
+    {
+        $this->historical = $historical;
+        return $this;
+    }
 }

src/Entity/Access/Access.php

@@ -14,6 +14,7 @@ use Doctrine\Common\Collections\ArrayCollection;
 use Doctrine\Common\Collections\Collection;
 use Doctrine\ORM\Mapping as ORM;
 use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Serializer\Annotation\Groups;
 
 /**
  * Fais le lien entre une Person et une Organization
@@ -32,7 +33,7 @@ use Symfony\Component\Security\Core\User\UserInterface;
  *     },
  *     itemOperations={
  *         "get"={"security"="(is_granted('ROLE_USERS_VIEW') and object.getOrganization().getId() == user.getOrganization().getId()) or (object.getId() == user.getId())"},
- *         "put"={"security"="is_granted('ROLE_USERS')"},
+ *         "put"={"security"="is_granted('ROLE_USERS') or (object.getId() == user.getId())"},
  *         "delete"
  *     }
  * )
@@ -70,11 +71,21 @@ class Access implements UserInterface
     public $organization;
 
     /**
-     * @var array
      * @ORM\Column(type="json_array", length=4294967295, nullable=true)
      */
     private $roles = [];
 
+    /**
+     * @Groups({"my_access:input"})
+     * @ORM\Column(type="json_array", length=4294967295, nullable=true)
+     */
+    private $setting;
+
+    /**
+     * @Groups({"my_access:input"})
+     */
+    private $historical;
+
     /**
      * @var ArrayCollection<PersonActivity>
      * @ORM\OneToMany(targetEntity=PersonActivity::class, mappedBy="access", orphanRemoval=true, cascade={"persist"})
@@ -254,12 +265,35 @@ class Access implements UserInterface
     /**
      * @inheritDoc
      */
-    public function getRoles()
+    public function getRoles(): array
     {
         $roles = $this->roles;
         return array_unique($roles);
     }
 
+    public function setSetting(array $setting): self
+    {
+        $this->setting = $setting;
+        return $this;
+    }
+
+
+    public function getSetting(): array
+    {
+        return $this->setting;
+    }
+
+    public function getHistorical(): array
+    {
+        return $this->setting['historical'] ?? [];
+    }
+
+    public function setHistorical(array $historical): self
+    {
+        $this->setting['historical'] = $historical;
+        return $this;
+    }
+
     /**
      * @inheritDoc
      */

src/Serializer/AccessContextBuilder.php

@@ -0,0 +1,52 @@
+<?php
+declare(strict_types=1);
+
+namespace App\Serializer;
+
+use ApiPlatform\Core\Serializer\SerializerContextBuilderInterface;
+use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
+use App\Entity\Access\Access;
+use Symfony\Component\Security\Core\Security;
+
+/**
+ * Classe servant à ajouter le groupe de denormalization à la ressource Access par rapport au role de l'utilisateur
+ */
+final class AccessContextBuilder implements SerializerContextBuilderInterface
+{
+    private SerializerContextBuilderInterface $decorated;
+    private AuthorizationCheckerInterface $authorizationChecker;
+    private Security $security;
+
+    public function __construct(
+        SerializerContextBuilderInterface $decorated,
+        AuthorizationCheckerInterface $authorizationChecker,
+        Security $security
+)
+    {
+        $this->decorated = $decorated;
+        $this->authorizationChecker = $authorizationChecker;
+        $this->security = $security;
+    }
+
+
+    public function createFromRequest(Request $request, bool $normalization, ?array $extractedAttributes = null): array
+    {
+        $context = $this->decorated->createFromRequest($request, $normalization, $extractedAttributes);
+        $resourceClass = $context['resource_class'] ?? null;
+
+        //On ajoute un nouveau groupe seulement si : la ressource est Access, on est en denoramlization, l'utilisateur n'a pas le ROLE_USERS
+        //et la denormalization est faite sur l'Access de l'utilisateur connecté
+        if (
+            $resourceClass === Access::class &&
+            false === $normalization &&
+            !$this->authorizationChecker->isGranted('ROLE_USERS') &&
+            $request->get('id') == $this->security->getUser()->getId()
+        ){
+            $context['groups'] = $context['groups'] ?? [];
+            $context['groups'][] = 'my_access:input';
+        }
+
+        return $context;
+    }
+}

src/Service/Access/AccessProfileCreator.php

@@ -82,6 +82,7 @@ class AccessProfileCreator
         return $accessProfile
             ->setIsAdminAccess($access->getAdminAccess())
             ->setRoles($this->roleHierarchy->getReachableRoleNames($access->getRoles()))
+            ->setHistorical($access->getHistorical())
             ->setOrganization($this->organizationProfileCreator->createCompleteOrganizationProfile($access->getOrganization()));
     }