[List] CAES-1707: Fixed access to edit list.

aburov-dev · aburov-dev · commit 1d08ebbba9b5 · 2021-01-27T10:02:54.000+03:00
diff --git a/src/Security/Voter/TeamListVoter.php b/src/Security/Voter/TeamListVoter.php
@@ -140,7 +140,12 @@ private function canDelete(Directory $subject, User $user): bool
 
     private function canSort(Directory $subject, User $user): bool
     {
-        return $this->canEdit($subject, $user);
+        $userTeam = $subject->getTeam()->getUserTeamByUser($user);
+        if (null === $userTeam) {
+            return false;
+        }
+
+        return $userTeam->hasRole(UserTeam::USER_ROLE_ADMIN);
     }
 
     private function isMovable(Directory $subject, User $user): bool
diff --git a/tests/api/Team/ListTest.php b/tests/api/Team/ListTest.php
@@ -123,7 +123,7 @@ public function editList()
         $this->editListValidate($teamAdmin, $list);
         $this->canEditTeamList($teamAdmin, $list, self::DEFAULT_LIST_NAME);
         $this->canEditTeamList($domainAdmin, $list, uniqid());
-        $this->canEditTeamList($teamAdmin, $team->getDefaultDirectory(), uniqid());
+        $this->cantAccessToEditTeamList($teamAdmin, $team->getDefaultDirectory(), uniqid());
         $this->cantAccessToEditTeamList($superAdmin, $list);
         $this->cantAccessToEditTeamList($member, $list);
         $this->cantAccessToEditTeamList($teamAdmin, $otherList);
diff --git a/tests/api/Team/PermissionTest.php b/tests/api/Team/PermissionTest.php
@@ -241,7 +241,7 @@ private function canAccessToList(User $user, Team $team)
         $I->seeResponseByJsonPathContainsJson(sprintf('$[?(@.type=="%s")]', DirectoryEnumType::DEFAULT), ['_links' => [
             'team_create_item' => [],
             'team_sort_list' => [],
-            'team_edit_list' => [],
+            //'team_edit_list' => [],
         ]]);
         $I->dontSeeResponseByJsonPathContainsJson(sprintf('$[?(@.type=="%s")]', DirectoryEnumType::DEFAULT), ['_links' => [
             'team_delete_list' => [],
diff --git a/tests/api/User/PermissionTest.php b/tests/api/User/PermissionTest.php
@@ -45,7 +45,7 @@ public function listPermission()
         $I->seeResponseByJsonPathContainsJson(sprintf('$[?(@.label=="%s")]', DirectoryEnumType::DEFAULT), ['_links' => [
             'sort_list' => [],
             'create_item' => [],
-            'edit_list' => [],
+            //'edit_list' => [],
         ]]);
         $I->dontSeeResponseByJsonPathContainsJson(sprintf('$[?(@.label=="%s")]', DirectoryEnumType::DEFAULT), ['_links' => [
             'delete_list' => [],

Original file line number	Diff line number	Diff line change
`@@ -140,7 +140,12 @@ private function canDelete(Directory $subject, User $user): bool`
`140`	`140`
`141`	`141`	`private function canSort(Directory $subject, User $user): bool`
`142`	`142`	`{`
`143`		`- return $this->canEdit($subject, $user);`
	`143`	`+ $userTeam = $subject->getTeam()->getUserTeamByUser($user);`
	`144`	`+ if (null === $userTeam) {`
	`145`	`+ return false;`
	`146`	`+ }`
	`147`	`+`
	`148`	`+ return $userTeam->hasRole(UserTeam::USER_ROLE_ADMIN);`
`144`	`149`	`}`
`145`	`150`
`146`	`151`	`private function isMovable(Directory $subject, User $user): bool`