Skip to content

Commit

Permalink
Merge pull request #2697 from MTES-MCT/hotfix/2680-securty-widget-set…
Browse files Browse the repository at this point in the history 
…tings

[Sécurité][BO] Limiter les infos retourné par la route back_widget_settings
  • Loading branch information
@hmeneuvrier
hmeneuvrier committed Jun 17, 2024
2 parents c4560c5 + 451ae1b commit c6c356e
Show file tree
Hide file tree
Showing 15 changed files with 86 additions and 101 deletions.
2 changes: 1 addition & 1 deletion migrations/Version20240507143556.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,6 @@ public function up(Schema $schema): void

public function down(Schema $schema): void
{
$this->addSql('ALTER TABLE signalement DROP manual_address_occupan');
$this->addSql('ALTER TABLE signalement DROP manual_address_occupant');
}
}
7 changes: 4 additions & 3 deletions src/Controller/Back/WidgetController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,10 +41,11 @@ public function index(
$this->denyAccessUnlessGranted('VIEW_WIDGET', $widget);
$widgetLoaderCollection->load($widget);

return new Response(
$serializer->serialize($widget, 'json'),
return $this->json(
$widget,
Response::HTTP_OK,
['content-type' => 'application/json']
['content-type' => 'application/json'],
['groups' => ['widget:read']]
);
}
}
3 changes: 2 additions & 1 deletion src/Controller/Back/WidgetSettingsController.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,8 @@ public function index(
return $this->json(
$widgetSettingsFactory->createInstanceFrom($user, $territory),
Response::HTTP_OK,
['content-type' => 'application/json']
['content-type' => 'application/json'],
['groups' => ['widget-settings:read']]
);
}
}
24 changes: 18 additions & 6 deletions src/Dto/CountSignalement.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,22 +2,34 @@

namespace App\Dto;

use Symfony\Component\Serializer\Attribute\Groups;

class CountSignalement
{
#[Groups(['widget:read'])]
private ?array $percentage = null;
#[Groups(['widget:read'])]
private ?int $closedByAtLeastOnePartner = null;
#[Groups(['widget:read'])]
private ?int $closedAllPartnersRecently = null;
#[Groups(['widget:read'])]
private ?int $newNDE = null;
#[Groups(['widget:read'])]
private ?int $currentNDE = null;

#[Groups(['widget:read'])]
private ?int $affected = null;

public function __construct(
private ?int $total = 0,
private ?int $new = null,
private ?int $active = null,
private ?int $closed = null,
private ?int $refused = null,
#[Groups(['widget:read'])]
private readonly ?int $total = 0,
#[Groups(['widget:read'])]
private readonly ?int $new = null,
#[Groups(['widget:read'])]
private readonly ?int $active = null,
#[Groups(['widget:read'])]
private readonly ?int $closed = null,
#[Groups(['widget:read'])]
private readonly ?int $refused = null,
) {
$this->percentage = [
'new' => 0 !== $total ? round($new / $total * 100, 1) : 0,
Expand Down
8 changes: 8 additions & 0 deletions src/Dto/CountSuivi.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,14 +2,22 @@

namespace App\Dto;

use Symfony\Component\Serializer\Attribute\Groups;

class CountSuivi
{
public function __construct(
#[Groups(['widget:read'])]
private ?float $average = null,
#[Groups(['widget:read'])]
private ?int $partner = null,
#[Groups(['widget:read'])]
private ?int $usager = null,
#[Groups(['widget:read'])]
private ?int $signalementNewSuivi = null,
#[Groups(['widget:read'])]
private ?int $signalementNoSuivi = null,
#[Groups(['widget:read'])]
private ?int $noSuiviAfter3Relances = null,
) {
}
Expand Down
9 changes: 7 additions & 2 deletions src/Dto/CountUser.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,18 @@

namespace App\Dto;

use Symfony\Component\Serializer\Attribute\Groups;

class CountUser
{
#[Groups(['widget:read'])]
private ?array $percentage = [];

public function __construct(
private ?int $active = null,
private ?int $inactive = null
#[Groups(['widget:read'])]
private readonly ?int $active = null,
#[Groups(['widget:read'])]
private readonly ?int $inactive = null
) {
$total = $this->active + $this->inactive;
$this->percentage = [
Expand Down
5 changes: 0 additions & 5 deletions src/Entity/Behaviour/TimestampableTrait.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,16 +3,13 @@
namespace App\Entity\Behaviour;

use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Serializer\Annotation\Ignore;

trait TimestampableTrait
{
#[ORM\Column(nullable: true)]
#[Ignore]
private ?\DateTimeImmutable $createdAt = null;

#[ORM\Column(nullable: true)]
#[Ignore]
private ?\DateTimeImmutable $updatedAt = null;

public function getCreatedAt(): ?\DateTimeImmutable
Expand All @@ -21,7 +18,6 @@ public function getCreatedAt(): ?\DateTimeImmutable
}

#[ORM\PrePersist()]
#[Ignore]
public function setCreatedAtValue(): self
{
$this->createdAt = new \DateTimeImmutable();
Expand All @@ -35,7 +31,6 @@ public function getUpdatedAt(): ?\DateTimeImmutable
}

#[ORM\PreUpdate()]
#[Ignore]
public function setUpdatedAtValue(): self
{
$this->updatedAt = new \DateTimeImmutable();
Expand Down
18 changes: 3 additions & 15 deletions src/Entity/Epci.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
use Doctrine\Common\Collections\Collection;
use Doctrine\ORM\Mapping as ORM;
use Doctrine\ORM\Mapping\UniqueConstraint;
use Symfony\Component\Serializer\Attribute\Ignore;
use Symfony\Component\Serializer\Attribute\Groups;

#[ORM\Entity(repositoryClass: EpciRepository::class)]
#[UniqueConstraint(name: 'code_unique', columns: ['code'])]
Expand All @@ -16,17 +16,17 @@ class Epci
#[ORM\Id]
#[ORM\GeneratedValue]
#[ORM\Column]
#[Ignore]
private ?int $id = null;

#[ORM\Column(length: 255)]
#[Groups(['widget-settings:read'])]
private ?string $code = null;

#[ORM\Column(length: 255)]
#[Groups(['widget-settings:read'])]
private ?string $nom = null;

#[ORM\OneToMany(mappedBy: 'epci', targetEntity: Commune::class)]
#[Ignore]
private Collection $communes;

public function __construct()
Expand Down Expand Up @@ -80,16 +80,4 @@ public function addCommune(Commune $commune): static

return $this;
}

public function removeCommune(Commune $commune): static
{
if ($this->communes->removeElement($commune)) {
// set the owning side to null (unless already changed)
if ($commune->getEpci() === $this) {
$commune->setEpci(null);
}
}

return $this;
}
}
53 changes: 4 additions & 49 deletions src/Entity/Partner.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
use Doctrine\DBAL\Types\Types;
use Doctrine\ORM\Mapping as ORM;
use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;
use Symfony\Component\Serializer\Annotation\Ignore;
use Symfony\Component\Serializer\Attribute\Groups;
use Symfony\Component\Validator\Constraints as Assert;

#[ORM\Entity(repositoryClass: PartnerRepository::class)]
Expand All @@ -27,61 +27,51 @@ class Partner
#[ORM\Id]
#[ORM\GeneratedValue]
#[ORM\Column(type: 'integer')]
#[Groups('widget-settings:read')]
private ?int $id = null;

#[ORM\Column(type: 'string', length: 255)]
#[Assert\NotBlank]
#[Groups(['widget-settings:read'])]
private ?string $nom = null;

#[ORM\OneToMany(mappedBy: 'partner', targetEntity: User::class, cascade: ['persist'])]
#[Ignore]
private Collection $users;

#[ORM\Column(type: 'boolean')]
#[Ignore]
private bool $isArchive = false;

#[ORM\Column(type: 'json')]
#[Ignore]
private array $insee = [];

#[ORM\OneToMany(mappedBy: 'partner', targetEntity: Affectation::class, orphanRemoval: true)]
#[Ignore]
private Collection $affectations;

#[ORM\Column(type: 'string', length: 100, nullable: true)]
#[Assert\Email]
#[Ignore]
private ?string $email = null;

#[ORM\Column(type: 'string', length: 255, nullable: true)]
#[Assert\Url]
#[Ignore]
private ?string $esaboraUrl = null;

#[ORM\Column(type: 'string', length: 255, nullable: true)]
#[Ignore]
private ?string $esaboraToken = null;

#[ORM\ManyToOne(targetEntity: Territory::class, inversedBy: 'partners')]
#[ORM\JoinColumn(nullable: true)]
#[Ignore]
private ?Territory $territory = null;

#[ORM\Column(type: 'string', enumType: PartnerType::class, nullable: true)]
#[Ignore]
#[ORM\Column(type: 'string', nullable: true, enumType: PartnerType::class)]
private ?PartnerType $type = null;

#[ORM\Column(type: Types::SIMPLE_ARRAY, length: 255, nullable: true, enumType: Qualification::class)]
#[Ignore]
private array $competence = [];

#[ORM\Column(nullable: true)]
#[Ignore]
private ?bool $isEsaboraActive = null;

#[ORM\OneToMany(mappedBy: 'partner', targetEntity: Intervention::class)]
#[Ignore]
private Collection $interventions;

#[ORM\Column]
Expand All @@ -103,7 +93,6 @@ public function __construct()
$this->affectations = new ArrayCollection();
$this->interventions = new ArrayCollection();
$this->isIdossActive = false;
$this->isIdossActive = false;
}

public function getId(): ?int
Expand Down Expand Up @@ -193,16 +182,6 @@ public function getAffectations(): Collection
return $this->affectations;
}

public function addAffectation(Affectation $affectation): self
{
if (!$this->affectations->contains($affectation)) {
$this->affectations[] = $affectation;
$affectation->setPartner($this);
}

return $this;
}

public function removeAffectation(Affectation $affectation): self
{
if ($this->affectations->removeElement($affectation)) {
Expand Down Expand Up @@ -263,7 +242,6 @@ public function setTerritory(?Territory $territory): self
return $this;
}

#[Ignore]
public function getEsaboraCredential(): array
{
return [
Expand All @@ -284,7 +262,6 @@ public function setType(PartnerType $type): self
return $this;
}

#[Ignore]
public function getIsCommune(): ?bool
{
return PartnerType::COMMUNE_SCHS === $this->type;
Expand Down Expand Up @@ -324,28 +301,6 @@ public function getInterventions(): Collection
return $this->interventions;
}

public function addIntervention(Intervention $intervention): self
{
if (!$this->interventions->contains($intervention)) {
$this->interventions->add($intervention);
$intervention->setPartner($this);
}

return $this;
}

public function removeIntervention(Intervention $intervention): self
{
if ($this->interventions->removeElement($intervention)) {
if ($intervention->getPartner() === $this) {
$intervention->setPartner(null);
}
}

return $this;
}

#[Ignore]
public function getEmailActiveUsers(): array
{
$emailUsers = $this->users->map(function (User $user) {
Expand Down
7 changes: 3 additions & 4 deletions src/Entity/Tag.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,30 +6,29 @@
use Doctrine\Common\Collections\ArrayCollection;
use Doctrine\Common\Collections\Collection;
use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Serializer\Annotation\Ignore;
use Symfony\Component\Serializer\Attribute\Groups;

#[ORM\Entity(repositoryClass: TagRepository::class)]
class Tag
{
#[ORM\Id]
#[ORM\GeneratedValue]
#[ORM\Column(type: 'integer')]
#[Groups(['widget-settings:read'])]
private $id;

#[ORM\ManyToMany(targetEntity: Signalement::class, inversedBy: 'tags', cascade: ['persist'])]
#[Ignore]
private $signalement;

#[ORM\Column(type: 'string', length: 255)]
#[Groups(['widget-settings:read'])]
private $label;

#[ORM\Column(type: 'boolean')]
#[Ignore]
private $isArchive;

#[ORM\ManyToOne(targetEntity: Territory::class, inversedBy: 'tags')]
#[ORM\JoinColumn(nullable: false)]
#[Ignore]
private $territory;

public function __construct()
Expand Down
Loading

0 comments on commit c6c356e

Please sign in to comment.