Skip to content

Feat/security Allow Admins to Delete Anonymous Tasks (#13)#43

Merged
Mike031289 merged 2 commits into
developfrom
feat/security-delete-anonymous-tasks
Jul 17, 2026
Merged

Feat/security Allow Admins to Delete Anonymous Tasks (#13)#43
Mike031289 merged 2 commits into
developfrom
feat/security-delete-anonymous-tasks

Conversation

@Mike031289

@Mike031289 Mike031289 commented Jul 17, 2026

Copy link
Copy Markdown
Owner

This PR resolves issue #13 by updating the authorization rules to allow administrators (ROLE_ADMIN) to delete tasks that are assigned to the "anonymous" user.

Changes Implemented

1. Authorization Logic (TaskVoter.php)

  • Updated the canDelete method to check if the task's author is null or named anonyme.
  • Used AccessDecisionManagerInterface to authorize the deletion if the logged-in user has the ROLE_ADMIN role in these specific scenarios.

2. User Interface (list.html.twig)

  • Wrapped the delete button in conditional checks so that the action is only visible to:
    • The actual author of the task.
    • An administrator if the task is marked as "Anonyme".

3. Automated Tests (TaskControllerTest.php)

  • Added functional test cases to assert that:
    • A standard ROLE_USER cannot see the delete button or delete an anonymous task (expects 403 Forbidden).
    • A ROLE_ADMIN can see the delete button and successfully delete an anonymous task.

Acceptance Criteria Checklist

  • Update authorization logic in the Voter to handle the "anonyme" exception.
  • Allow deletion if: User is Author OR (Task is Anonymous AND User is Admin).
  • Conditionally display the delete button on the Twig template.
  • Add functional tests for both ROLE_USER (denied) and ROLE_ADMIN (allowed) behaviors.

How to Test

  1. Load updated fixtures:
    php bin/console doctrine:fixtures:load
    

Close #13

- TaskVoter: implemented check allowing ROLE_ADMIN to delete tasks owned by 'anonyme' or null
- list.html.twig: updated UI to conditionally display the delete button for anonymous tasks
- TaskControllerTest: added functional test scenarios for both ROLE_USER and ROLE_ADMIN
@codacy-production

Copy link
Copy Markdown

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 complexity · 0 duplication

Metric Results
Complexity 0
Duplication 0

View in Codacy

NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.

@Mike031289
Mike031289 merged commit 23ef03d into develop Jul 17, 2026
2 checks passed
@github-project-automation github-project-automation Bot moved this from Backlog to Done in @Mike031289's ToDo-Co Jul 17, 2026
@Mike031289
Mike031289 deleted the feat/security-delete-anonymous-tasks branch July 17, 2026 00:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

feature Extra attention is needed security

Projects

Status: Done

Development

Successfully merging this pull request may close these issues.

1 participant