refs #423. Updated Voter secutiry into ORganizationalUnit

2024-06-21 14:58:54 +02:00 · 2024-06-21 14:58:54 +02:00 · e727e6caa8
parent 43099c6bcc
commit e727e6caa8
2 changed files with 7 additions and 2 deletions
--- a/src/Dto/Output/MenuOutput.php
+++ b/src/Dto/Output/MenuOutput.php
@ -10,7 +10,7 @@ use Symfony\Component\Serializer\Annotation\Groups;
 #[Get(shortName: 'Menu')]
 final class MenuOutput extends AbstractOutput
 {
-    #[Groups(['menu:read'])]
+    #[Groups(['menu:read', 'organizational-unit:read'])]
    public string $name;

    #[Groups(['menu:read'])]
--- a/src/Security/Voter/OrganizationalUnitVoter.php
+++ b/src/Security/Voter/OrganizationalUnitVoter.php
@ -5,6 +5,7 @@ namespace App\Security\Voter;
 use App\Dto\Output\OrganizationalUnitOutput;
 use App\Entity\OrganizationalUnit;
 use App\Entity\User;
+use App\Model\UserGroupPermissions;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authorization\Voter\Voter;
 use Symfony\Component\Security\Core\User\UserInterface;
@ -24,11 +25,15 @@ class OrganizationalUnitVoter extends Voter
        /** @var User $user */
        $user = $token->getUser();

-        // if the user is anonymous, do not grant access
+
        if (!$user instanceof UserInterface) {
            return false;
        }

+        if (in_array(UserGroupPermissions::ROLE_SUPER_ADMIN, $user->getRoles())) {
+            return true;
+        }
+
        if ($attribute === 'ORGANIZATIONAL_UNIT_VIEW' ) {
            foreach ($user->getAllowedOrganizationalUnits() as $allowedOrganizationalUnit) {
                if ($allowedOrganizationalUnit->getId() === $subject->getEntity()->getId()) {