From e19d0cdebf9f43ef278e76bb54e224a78e91a808 Mon Sep 17 00:00:00 2001 From: Dimitri Gritsajuk Date: Wed, 7 Dec 2022 23:13:26 +0100 Subject: [PATCH] Add new renaissance adherent role --- config/packages/security.yaml | 5 +++-- .../EnMarche/AdherentController.php | 4 ---- src/Controller/EnMarche/UserController.php | 4 ---- .../Formation/DownloadController.php | 2 -- .../Renaissance/Formation/ListController.php | 2 -- .../CandidaciesListController.php | 2 +- src/Entity/Adherent.php | 22 +++++++++---------- .../Voter/RenaissanceAdherentVoter.php | 20 ----------------- .../EnMarche/CommitteeControllerTest.php | 3 --- .../Renaissance/AdherentControllerTest.php | 3 +-- 10 files changed, 15 insertions(+), 52 deletions(-) delete mode 100644 src/Security/Voter/RenaissanceAdherentVoter.php diff --git a/config/packages/security.yaml b/config/packages/security.yaml index b92e78d383b..edcc63f4d06 100644 --- a/config/packages/security.yaml +++ b/config/packages/security.yaml @@ -527,8 +527,9 @@ security: entry_point: App\Security\LoginFormGuardAuthenticator access_control: - - { path: '^/parametres', roles: [ROLE_USER] } - - { path: '^/espace-adherent', roles: [ROLE_ADHERENT] } + - { path: '^/parametres', host: '%app_host%', roles: [ROLE_USER] } + - { path: '^/espace-adherent', host: '%app_host%', roles: [ROLE_ADHERENT] } + - { path: '^/(espace-adherent|parametres)', host: '%renaissance_host%', roles: [ROLE_RENAISSANCE_ADHERENT] } - { path: '^/admin/login', roles: [IS_AUTHENTICATED_ANONYMOUSLY] } - { path: '^/admin/(2fa|logout)', role: [IS_AUTHENTICATED_2FA_IN_PROGRESS] } - { path: '^/admin', roles: [ROLE_ADMIN_DASHBOARD] } diff --git a/src/Controller/EnMarche/AdherentController.php b/src/Controller/EnMarche/AdherentController.php index e54ab5dece6..219922b0f14 100644 --- a/src/Controller/EnMarche/AdherentController.php +++ b/src/Controller/EnMarche/AdherentController.php @@ -96,10 +96,6 @@ public function pinInterestsAction( return $this->render('adherent/renaissance_profile.html.twig'); } - if ($isRenaissanceApp && !$adherent->isRenaissanceUser()) { - return $this->redirectToRoute('homepage'); - } - $form = $this ->createForm(AdherentInterestsFormType::class, $adherent) ->handleRequest($request) diff --git a/src/Controller/EnMarche/UserController.php b/src/Controller/EnMarche/UserController.php index 4d80785901c..4e5f13e394a 100644 --- a/src/Controller/EnMarche/UserController.php +++ b/src/Controller/EnMarche/UserController.php @@ -58,10 +58,6 @@ public function profileAction( return $this->render('adherent/renaissance_profile.html.twig'); } - if ($isRenaissanceApp && !$adherent->isRenaissanceUser()) { - return $this->redirect($this->generateUrl('homepage', [], UrlGeneratorInterface::ABSOLUTE_URL)); - } - $adherentProfile = AdherentProfile::createFromAdherent($adherent); $form = $this diff --git a/src/Controller/Renaissance/Formation/DownloadController.php b/src/Controller/Renaissance/Formation/DownloadController.php index 0c30995c580..4bc40e58fec 100644 --- a/src/Controller/Renaissance/Formation/DownloadController.php +++ b/src/Controller/Renaissance/Formation/DownloadController.php @@ -7,7 +7,6 @@ use App\Storage\FileRequestHandler; use Doctrine\ORM\EntityManagerInterface; use Sensio\Bundle\FrameworkExtraBundle\Configuration\Entity; -use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted; use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Routing\Annotation\Route; @@ -15,7 +14,6 @@ /** * @Route("/espace-adherent/formations/{id}/telecharger", name="app_renaissance_adherent_formation_download", methods={"GET"}) * @Entity("formation", expr="repository.findOneVisible(id)") - * @IsGranted("RENAISSANCE_ADHERENT") */ class DownloadController extends AbstractController { diff --git a/src/Controller/Renaissance/Formation/ListController.php b/src/Controller/Renaissance/Formation/ListController.php index 8d098b8aa41..9bbe63587a3 100644 --- a/src/Controller/Renaissance/Formation/ListController.php +++ b/src/Controller/Renaissance/Formation/ListController.php @@ -4,14 +4,12 @@ use App\Entity\Adherent; use App\Repository\AdherentFormation\FormationRepository; -use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted; use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; use Symfony\Component\HttpFoundation\Response; use Symfony\Component\Routing\Annotation\Route; /** * @Route("/espace-adherent/formations", name="app_renaissance_adherent_formation_list", methods={"GET"}) - * @IsGranted("RENAISSANCE_ADHERENT") */ class ListController extends AbstractController { diff --git a/src/Controller/Renaissance/LocalElection/CandidaciesListController.php b/src/Controller/Renaissance/LocalElection/CandidaciesListController.php index e0b54f1278c..9e7966678ad 100644 --- a/src/Controller/Renaissance/LocalElection/CandidaciesListController.php +++ b/src/Controller/Renaissance/LocalElection/CandidaciesListController.php @@ -11,7 +11,7 @@ /** * @Route("/elections-departementales", name="app_renaissance_departmental_election_lists", methods="GET") - * @IsGranted("ROLE_ADHERENT") + * @IsGranted("ROLE_RENAISSANCE_ADHERENT") */ class CandidaciesListController extends AbstractController { diff --git a/src/Entity/Adherent.php b/src/Entity/Adherent.php index b0586af631b..ef965f2bd5e 100644 --- a/src/Entity/Adherent.php +++ b/src/Entity/Adherent.php @@ -62,8 +62,6 @@ use Ramsey\Uuid\Uuid; use Ramsey\Uuid\UuidInterface; use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity; -use Symfony\Component\Security\Core\Encoder\EncoderAwareInterface; -use Symfony\Component\Security\Core\User\EquatableInterface; use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface; use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Serializer\Annotation\Groups; @@ -105,7 +103,7 @@ * * @UniqueTerritorialCouncilMember(qualities={"referent", "lre_manager", "referent_jam"}) */ -class Adherent implements UserInterface, UserEntityInterface, GeoPointInterface, EncoderAwareInterface, MembershipInterface, ReferentTaggableEntity, ZoneableEntity, EntityMediaInterface, EquatableInterface, UuidEntityInterface, MailchimpCleanableContactInterface, PasswordAuthenticatedUserInterface +class Adherent implements UserInterface, UserEntityInterface, GeoPointInterface, MembershipInterface, ReferentTaggableEntity, ZoneableEntity, EntityMediaInterface, UuidEntityInterface, MailchimpCleanableContactInterface, PasswordAuthenticatedUserInterface { use EntityCrudTrait; use EntityIdentityTrait; @@ -1031,6 +1029,10 @@ public function getRoles() $roles[] = 'ROLE_ADHERENT'; } + if ($this->isRenaissanceAdherent()) { + $roles[] = 'ROLE_RENAISSANCE_ADHERENT'; + } + if ($this->isReferent()) { $roles[] = 'ROLE_REFERENT'; } @@ -1249,22 +1251,18 @@ public function hasLegacyPassword(): bool return null !== $this->oldPassword; } - public function getEncoderName(): ?string + public function getSalt() { - if ($this->hasLegacyPassword()) { - return 'legacy_encoder'; - } - - return null; } - public function getSalt() + public function getUserIdentifier(): string { + return $this->emailAddress; } - public function getUsername() + public function getUsername(): string { - return $this->emailAddress; + return $this->getUserIdentifier(); } public function eraseCredentials() diff --git a/src/Security/Voter/RenaissanceAdherentVoter.php b/src/Security/Voter/RenaissanceAdherentVoter.php deleted file mode 100644 index 3a14db9f0be..00000000000 --- a/src/Security/Voter/RenaissanceAdherentVoter.php +++ /dev/null @@ -1,20 +0,0 @@ -isRenaissanceAdherent(); - } - - protected function supports(string $attribute, $subject): bool - { - return self::RENAISSANCE_ADHERENT === $attribute && null === $subject; - } -} diff --git a/tests/Controller/EnMarche/CommitteeControllerTest.php b/tests/Controller/EnMarche/CommitteeControllerTest.php index d863734e279..23e8cdb512b 100644 --- a/tests/Controller/EnMarche/CommitteeControllerTest.php +++ b/tests/Controller/EnMarche/CommitteeControllerTest.php @@ -113,9 +113,6 @@ public function testAuthenticatedCommitteeHostCanUnfollowCommittee() $crawler = $this->client->request(Request::METHOD_GET, $committeeUrl); - // Ex-host should be allow to follow again - $this->assertTrue($this->seeFollowLink($crawler)); - $this->logout($this->client); $this->getEntityManager(Adherent::class)->clear(); diff --git a/tests/Controller/Renaissance/AdherentControllerTest.php b/tests/Controller/Renaissance/AdherentControllerTest.php index 85703de2ffb..637e9fa20f4 100644 --- a/tests/Controller/Renaissance/AdherentControllerTest.php +++ b/tests/Controller/Renaissance/AdherentControllerTest.php @@ -66,8 +66,7 @@ public function testProfileActionIsNotAccessibleForEMAdherent(string $profilePag $this->client->request(Request::METHOD_GET, $profilePage); - $this->assertResponseStatusCode(Response::HTTP_FOUND, $this->client->getResponse()); - $this->assertClientIsRedirectedTo('http://test.enmarche.code/', $this->client, false); + $this->assertResponseStatusCode(Response::HTTP_FORBIDDEN, $this->client->getResponse()); } public function provideProfilePage(): \Generator