Add new ROLE_GAME permissions for API

GuillaumeKESTEMAN · Aug 25, 2022 · aefed84 · aefed84
1 parent 99c7364
commit aefed84
Show file tree

Hide file tree

Showing 10 changed files with 30 additions and 21 deletions.
diff --git a/api/.env b/api/.env
@@ -72,9 +72,13 @@ POSTGRES_DB=api
 ###> docker-compose/database ###
 
 ###< secrity-user_in_memory ###
-USER_IN_MEMORY_USERNAME=admin
-USER_IN_MEMORY_PASSWORD=admin
-USER_IN_MEMORY_HASHED_PASSWORD='USER_IN_MEMORY_HASHED_PASSWORD'
+USER_ADMIN_IN_MEMORY_USERNAME=admin
+USER_ADMIN_IN_MEMORY_PASSWORD=admin
+USER_ADMIN_IN_MEMORY_HASHED_PASSWORD='USER_ADMIN_IN_MEMORY_HASHED_PASSWORD'
+
+USER_GAME_IN_MEMORY_USERNAME=game
+USER_GAME_IN_MEMORY_PASSWORD=game
+USER_GAME_IN_MEMORY_HASHED_PASSWORD='USER_GAME_IN_MEMORY_HASHED_PASSWORD'
 ###> secrity-user_in_memory ###
 
 ###> symfony/mercure-bundle ###

diff --git a/api/.env.test b/api/.env.test
@@ -10,8 +10,11 @@ PANTHER_ERROR_SCREENSHOT_DIR=./var/error-screenshots
 TRUSTED_HOSTS=^example\.com|localhost$
 
 ###< secrity-user_in_memory ###
-USER_IN_MEMORY_USERNAME=admin
-USER_IN_MEMORY_PASSWORD=admin
+USER_ADMIN_IN_MEMORY_USERNAME=admin
+USER_ADMIN_IN_MEMORY_PASSWORD=admin
+
+USER_GAME_IN_MEMORY_USERNAME=game
+USER_GAME_IN_MEMORY_PASSWORD=game
 ###> secrity-user_in_memory ###
 
 ###> twitter-authentication ###

diff --git a/api/config/packages/security.yaml b/api/config/packages/security.yaml
@@ -8,7 +8,8 @@ security:
         app_user_provider:
             memory:
                 users:
-                    '%env(USER_IN_MEMORY_USERNAME)%': { password: '%env(USER_IN_MEMORY_HASHED_PASSWORD)%', roles: ['ROLE_ADMIN'] }
+                    '%env(USER_ADMIN_IN_MEMORY_USERNAME)%': { password: '%env(USER_ADMIN_IN_MEMORY_HASHED_PASSWORD)%', roles: ['ROLE_ADMIN'] }
+                    '%env(USER_GAME_IN_MEMORY_USERNAME)%': { password: '%env(USER_GAME_IN_MEMORY_HASHED_PASSWORD)%', roles: ['ROLE_GAME'] }
     firewalls:
         dev:
             pattern: ^/(_(profiler|wdt)|css|images|js)/
@@ -60,4 +61,5 @@ when@test:
             app_user_provider:
                 memory:
                     users:
-                        '%env(USER_IN_MEMORY_USERNAME)%': { password: '%env(USER_IN_MEMORY_PASSWORD)%', roles: [ 'ROLE_ADMIN' ] }
+                        '%env(USER_ADMIN_IN_MEMORY_USERNAME)%': { password: '%env(USER_ADMIN_IN_MEMORY_PASSWORD)%', roles: [ 'ROLE_ADMIN' ] }
+                        '%env(USER_GAME_IN_MEMORY_USERNAME)%': { password: '%env(USER_GAME_IN_MEMORY_PASSWORD)%', roles: ['ROLE_GAME'] }
diff --git a/api/src/Entity/Game.php b/api/src/Entity/Game.php
@@ -29,11 +29,11 @@
     ApiResource(
         types: ['https://schema.org/VideoGame'],
         operations: [
-            new GetCollection(),
+            new GetCollection(security: 'is_granted("ROLE_ADMIN") || is_granted("ROLE_GAME")'),
             new Get(),
             new Put(
                 denormalizationContext: ['groups' => ['put']],
-                security: 'is_granted("ROLE_ADMIN") && object.getScore() === null',
+                security: '(is_granted("ROLE_ADMIN") || is_granted("ROLE_GAME")) && object.getScore() === null',
                 validationContext: ['groups' => ['putValidation']],
                 processor: GamePutProcessor::class
             ),

diff --git a/api/src/Entity/Lot.php b/api/src/Entity/Lot.php
@@ -29,7 +29,7 @@
     operations: [
         new GetCollection(),
         new Post(),
-        new Get(),
+        new Get(security: 'is_granted("ROLE_ADMIN") || is_granted("ROLE_GAME")'),
         new Put(),
         new Delete(validationContext: ['groups' => ['deleteValidation']], processor: LotProcessor::class),
     ],

diff --git a/api/src/Entity/MediaObject.php b/api/src/Entity/MediaObject.php
@@ -59,7 +59,7 @@
             validationContext: ['groups' => ['Default', 'media_object_create']],
             deserialize: false,
         ),
-        new Get(),
+        new Get(security: 'is_granted("ROLE_ADMIN") || is_granted("ROLE_GAME")'),
         new Put(denormalizationContext: ['groups' => ['put']]),
         new Delete(),
     ],

diff --git a/api/src/Entity/Player.php b/api/src/Entity/Player.php
@@ -27,7 +27,7 @@
 #[ApiResource(
     operations: [
         new GetCollection(),
-        new Get(),
+        new Get(security: 'is_granted("ROLE_ADMIN") || is_granted("ROLE_GAME")'),
     ],
     mercure: ['private' => true],
     order: ['lastPlayDate' => 'DESC', 'name' => 'ASC'],

diff --git a/api/src/Entity/TwitterAccountToFollow.php b/api/src/Entity/TwitterAccountToFollow.php
@@ -30,7 +30,7 @@
 #[UniqueEntity('username')]
 #[ApiResource(
     operations: [
-        new GetCollection(),
+        new GetCollection(security: 'is_granted("ROLE_ADMIN") || is_granted("ROLE_GAME")'),
         new Post(validationContext: ['groups' => new GroupSequence(['firstPostValidation', 'secondPostValidation'])], processor: TwitterAccountToFollowProcessor::class),
         new Get(),
         new Put(denormalizationContext: ['groups' => ['put']], processor: TwitterAccountToFollowProcessor::class),

diff --git a/api/src/Entity/TwitterHashtag.php b/api/src/Entity/TwitterHashtag.php
@@ -26,7 +26,7 @@
 #[UniqueEntity('hashtag')]
 #[ApiResource(
     operations: [
-        new GetCollection(),
+        new GetCollection(security: 'is_granted("ROLE_ADMIN") || is_granted("ROLE_GAME")'),
         new Post(),
         new Get(),
         new Put(denormalizationContext: ['groups' => ['put']]),

diff --git a/api/tests/Security/LoginTest.php b/api/tests/Security/LoginTest.php
@@ -18,9 +18,9 @@ final class LoginTest extends ApiTestCase
      */
     public function testLogin(): void
     {
-        static::createClient()->request('POST', '/login', ['json' => [
-            'username' => $_ENV['USER_IN_MEMORY_USERNAME'],
-            'password' => $_ENV['USER_IN_MEMORY_PASSWORD'],
+        self::createClient()->request('POST', '/login', ['json' => [
+            'username' => $_ENV['USER_ADMIN_IN_MEMORY_USERNAME'],
+            'password' => $_ENV['USER_ADMIN_IN_MEMORY_PASSWORD'],
         ]]);
 
         self::assertResponseIsSuccessful();
@@ -32,7 +32,7 @@ public function testLogin(): void
      */
     public function testLoginFail(): void
     {
-        static::createClient()->request('POST', '/login', ['json' => [
+        self::createClient()->request('POST', '/login', ['json' => [
             'username' => 'invalid user',
             'password' => 'invalid password',
         ]]);
@@ -50,9 +50,9 @@ public function testLoginFail(): void
      */
     public static function getLoginToken(): string
     {
-        $token = static::createClient()->request('POST', '/login', ['json' => [
-            'username' => $_ENV['USER_IN_MEMORY_USERNAME'],
-            'password' => $_ENV['USER_IN_MEMORY_PASSWORD'],
+        $token = self::createClient()->request('POST', '/login', ['json' => [
+            'username' => $_ENV['USER_ADMIN_IN_MEMORY_USERNAME'],
+            'password' => $_ENV['USER_ADMIN_IN_MEMORY_PASSWORD'],
         ]]);
 
         self::assertResponseIsSuccessful();