refs #379. Added userGroupPermission validation

2024-05-30 09:12:10 +02:00 · 2024-05-30 09:12:10 +02:00 · 8d3c3c195c
parent b652f70973
commit 8d3c3c195c
5 changed files with 93 additions and 5 deletions
--- a/src/Command/LoadDefaultUserGroupsCommand.php
+++ b/src/Command/LoadDefaultUserGroupsCommand.php
@ -3,6 +3,7 @@
 namespace App\Command;

 use App\Entity\UserGroup;
+use App\Model\UserGroupPermissions;
 use Doctrine\ORM\EntityManagerInterface;
 use Symfony\Component\Console\Command\Command;
 use Symfony\Component\Console\Input\InputInterface;
@ -22,22 +23,22 @@ class LoadDefaultUserGroupsCommand extends Command
        $userGroups = [
            [
                'name' => 'Super Admin',
-                'permissions' => ['ROLE_SUPER_ADMIN'],
+                'permissions' => [UserGroupPermissions::ROLE_SUPER_ADMIN],
                'enabled' => true
            ],
            [
                'name' => 'Administrador de aulas',
-                'permissions' => ['ROLE_ORGANIZATIONAL_UNIT_ADMIN'],
+                'permissions' => [UserGroupPermissions::ROLE_ORGANIZATIONAL_UNIT_ADMIN],
                'enabled' => true
            ],
            [
                'name' => 'Operador de aulas',
-                'permissions' => ['ROLE_ORGANIZATIONAL_UNIT_OPERATOR'],
+                'permissions' => [UserGroupPermissions::ROLE_ORGANIZATIONAL_UNIT_OPERATOR],
                'enabled' => true
            ],
            [
-                'name' => 'Usuario',
-                'permissions' => ['ROLE_USER'],
+                'name' => 'Usuario básico de aulas',
+                'permissions' => [UserGroupPermissions::ROLE_ORGANIZATIONAL_UNIT_MINIMAL],
                'enabled' => true
            ],
        ];
--- a/src/Dto/Input/UserGroupInput.php
+++ b/src/Dto/Input/UserGroupInput.php
@ -3,6 +3,7 @@
 namespace App\Dto\Input;

 use App\Entity\UserGroup;
+use App\Validator\Constraints\UserGroupsValidPermission;
 use Symfony\Component\Serializer\Annotation\Groups;
 use Symfony\Component\Validator\Constraints as Assert;

@ -13,6 +14,7 @@ final class UserGroupInput
    public ?string $name = null;

    #[Groups(['user-group:write'])]
+    #[UserGroupsValidPermission]
    public ?array $permissions = [];

    #[Assert\NotNull]
--- a/src/Model/UserGroupPermissions.php
+++ b/src/Model/UserGroupPermissions.php
@ -0,0 +1,36 @@
+<?php
+
+namespace App\Model;
+
+final class UserGroupPermissions
+{
+    public const ROLE_SUPER_ADMIN = 'ROLE_SUPER_ADMIN';
+    public const ROLE_ORGANIZATIONAL_UNIT_ADMIN = 'ROLE_ORGANIZATIONAL_UNIT_ADMIN';
+    public const ROLE_ORGANIZATIONAL_UNIT_OPERATOR = 'ROLE_ORGANIZATIONAL_UNIT_OPERATOR';
+    public const ROLE_ORGANIZATIONAL_UNIT_MINIMAL = 'ROLE_ORGANIZATIONAL_UNIT_MINIMAL';
+
+    public const ROLE_USER = 'ROLE_USER';
+
+    private const ROLE_NAMES = [
+        self::ROLE_SUPER_ADMIN => 'Super Admin',
+        self::ROLE_ORGANIZATIONAL_UNIT_ADMIN => 'Admin de aulas',
+        self::ROLE_ORGANIZATIONAL_UNIT_OPERATOR => 'Operador de aulas',
+        self::ROLE_ORGANIZATIONAL_UNIT_MINIMAL => 'Usuario básico de aulas',
+        self::ROLE_USER => 'Usuario',
+    ];
+
+    public static function getRoleNames(): array
+    {
+        return self::ROLE_NAMES;
+    }
+
+    public static function getRoleName(string $role): ?string
+    {
+        return self::ROLE_NAMES[$role] ?? null;
+    }
+
+    public static function getRoles(): array
+    {
+        return array_keys(self::ROLE_NAMES);
+    }
+}
--- a/src/Validator/Constraints/UserGroupsValidPermission.php
+++ b/src/Validator/Constraints/UserGroupsValidPermission.php
@ -0,0 +1,26 @@
+<?php
+
+namespace App\Validator\Constraints;
+
+use App\Model\UserGroupPermissions;
+use Symfony\Component\Validator\Constraint;
+
+#[\Attribute]
+class UserGroupsValidPermission extends Constraint
+{
+    private array $roles;
+    public string $message;
+
+    public function __construct(mixed $options = null, ?array $groups = null, mixed $payload = null)
+    {
+        parent::__construct($options, $groups, $payload);
+
+        $this->roles = UserGroupPermissions::getRoles();
+        $this->message = sprintf(
+            'The permission is not valid. Please use one of the following: %s',
+            implode(', ', $this->roles)
+        );
+    }
+
+
+}
--- a/src/Validator/Constraints/UserGroupsValidPermissionValidator.php
+++ b/src/Validator/Constraints/UserGroupsValidPermissionValidator.php
@ -0,0 +1,23 @@
+<?php
+
+namespace App\Validator\Constraints;
+
+use App\Model\UserGroupPermissions;
+use Symfony\Component\Validator\Constraint;
+use Symfony\Component\Validator\ConstraintValidator;
+
+class UserGroupsValidPermissionValidator extends ConstraintValidator
+{
+    public function validate($value, Constraint $constraint): void
+    {
+        if (null === $value) {
+            return;
+        }
+
+        foreach ($value as $role) {
+            if (!in_array($role, UserGroupPermissions::getRoles())) {
+                $this->context->buildViolation($constraint->message)->addViolation();
+            }
+        }
+    }
+}