Merge branch 'master' into hotfix/CAES-1708

Author: aburov-dev

.drone.yml

@@ -191,7 +191,7 @@ globals:
 steps:
   - <<: *stepCheckBuild
     when:
-      branch: [feature/*]
+      branch: [feature/*, hotfix/*]
       event: [push]
 
   - <<: *stepMainBuild
@@ -223,6 +223,7 @@ trigger:
     - master
     - develop
     - feature/*
+    - hotfix/*
   event:
     - tag
     - push

src/Security/Voter/ListVoter.php

@@ -80,7 +80,7 @@ private function canCreate(User $user)
 
     private function canEdit(Directory $subject, User $user): bool
     {
-        return $this->canSort($subject, $user);
+        return $this->canSort($subject, $user) && Directory::LIST_DEFAULT !== $subject->getLabel();
     }
 
     private function canDelete(Directory $subject, User $user): bool

src/Security/Voter/TeamListVoter.php

@@ -130,7 +130,7 @@ private function canEdit(Directory $subject, User $user): bool
             return false;
         }
 
-        return $userTeam->hasRole(UserTeam::USER_ROLE_ADMIN);
+        return $userTeam->hasRole(UserTeam::USER_ROLE_ADMIN) && Directory::LIST_DEFAULT !== $subject->getLabel();
     }
 
     private function canDelete(Directory $subject, User $user): bool
@@ -140,7 +140,12 @@ private function canDelete(Directory $subject, User $user): bool
 
     private function canSort(Directory $subject, User $user): bool
     {
-        return $this->canEdit($subject, $user);
+        $userTeam = $subject->getTeam()->getUserTeamByUser($user);
+        if (null === $userTeam) {
+            return false;
+        }
+
+        return $userTeam->hasRole(UserTeam::USER_ROLE_ADMIN);
     }
 
     private function isMovable(Directory $subject, User $user): bool

tests/api/Team/ListTest.php

@@ -123,7 +123,7 @@ public function editList()
         $this->editListValidate($teamAdmin, $list);
         $this->canEditTeamList($teamAdmin, $list, self::DEFAULT_LIST_NAME);
         $this->canEditTeamList($domainAdmin, $list, uniqid());
-        $this->canEditTeamList($teamAdmin, $team->getDefaultDirectory(), uniqid());
+        $this->cantAccessToEditTeamList($teamAdmin, $team->getDefaultDirectory(), uniqid());
         $this->cantAccessToEditTeamList($superAdmin, $list);
         $this->cantAccessToEditTeamList($member, $list);
         $this->cantAccessToEditTeamList($teamAdmin, $otherList);

tests/api/Team/PermissionTest.php

@@ -241,7 +241,7 @@ private function canAccessToList(User $user, Team $team)
         $I->seeResponseByJsonPathContainsJson(sprintf('$[?(@.type=="%s")]', DirectoryEnumType::DEFAULT), ['_links' => [
             'team_create_item' => [],
             'team_sort_list' => [],
-            'team_edit_list' => [],
+            //'team_edit_list' => [],
         ]]);
         $I->dontSeeResponseByJsonPathContainsJson(sprintf('$[?(@.type=="%s")]', DirectoryEnumType::DEFAULT), ['_links' => [
             'team_delete_list' => [],

tests/api/User/PermissionTest.php

@@ -45,7 +45,7 @@ public function listPermission()
         $I->seeResponseByJsonPathContainsJson(sprintf('$[?(@.label=="%s")]', DirectoryEnumType::DEFAULT), ['_links' => [
             'sort_list' => [],
             'create_item' => [],
-            'edit_list' => [],
+            //'edit_list' => [],
         ]]);
         $I->dontSeeResponseByJsonPathContainsJson(sprintf('$[?(@.label=="%s")]', DirectoryEnumType::DEFAULT), ['_links' => [
             'delete_list' => [],