CC-31329 Fixed assign of non-company roles. (#2490)

CC-31329 Fixed assign of non-company roles.
spryker-shop · Jul 25, 2024 · 14f42a6 · 14f42a6
1 parent cb083ec
commit 14f42a6
Show file tree

Hide file tree

Showing 5 changed files with 65 additions and 23 deletions.
diff --git a/composer.json b/composer.json
@@ -27,7 +27,8 @@
         "spryker/permission-extension": "^1.2.0",
         "spryker/router": "^1.6.0",
         "spryker/store": "^1.4.0",
-        "spryker/symfony": "^3.5.0"
+        "spryker/symfony": "^3.5.0",
+        "spryker/transfer": "^3.25.0"
     },
     "require-dev": {
         "spryker-shop/company-user-invitation-page": "*",

diff --git a/dependency.json b/dependency.json
@@ -1,5 +1,6 @@
 {
     "include": {
-        "spryker-shop/shop-ui": "ShopUi provides basic frontend infrastructure."
+        "spryker-shop/shop-ui": "ShopUi provides basic frontend infrastructure.",
+        "spryker/transfer": "Provides transfer objects definition with `::get*OrFail()` functionality."
     }
 }
diff --git a/src/SprykerShop/Yves/CompanyPage/Controller/AbstractCompanyController.php b/src/SprykerShop/Yves/CompanyPage/Controller/AbstractCompanyController.php
@@ -7,10 +7,12 @@
 
 namespace SprykerShop\Yves\CompanyPage\Controller;
 
+use Generated\Shared\Transfer\CompanyRoleTransfer;
 use Generated\Shared\Transfer\CompanyTransfer;
 use Generated\Shared\Transfer\CompanyUserTransfer;
 use Generated\Shared\Transfer\FilterTransfer;
 use Generated\Shared\Transfer\PaginationTransfer;
+use Generated\Shared\Transfer\PermissionCollectionTransfer;
 use Spryker\Shared\Kernel\Transfer\AbstractTransfer;
 use SprykerShop\Yves\ShopApplication\Controller\AbstractController;
 use Symfony\Component\HttpFoundation\Request;
@@ -178,4 +180,19 @@ protected function isCurrentCustomerRelatedToCompany(int $idCompany): bool
 
         return ($companyUserTransfer !== null && $companyUserTransfer->getFkCompany() === $idCompany);
     }
+
+    /**
+     * @param int $idCompanyRole
+     *
+     * @return \Generated\Shared\Transfer\PermissionCollectionTransfer
+     */
+    protected function getSelectablePermissionsList(int $idCompanyRole): PermissionCollectionTransfer
+    {
+        $companyRoleTransfer = (new CompanyRoleTransfer())
+            ->setIdCompanyRole($idCompanyRole);
+
+        return $this->getFactory()
+            ->getCompanyRoleClient()
+            ->findNonInfrastructuralCompanyRolePermissionsByIdCompanyRole($companyRoleTransfer);
+    }
 }
diff --git a/src/SprykerShop/Yves/CompanyPage/Controller/CompanyRoleController.php b/src/SprykerShop/Yves/CompanyPage/Controller/CompanyRoleController.php
@@ -12,7 +12,6 @@
 use Generated\Shared\Transfer\CompanyRoleResponseTransfer;
 use Generated\Shared\Transfer\CompanyRoleTransfer;
 use Generated\Shared\Transfer\CompanyUserCollectionTransfer;
-use Generated\Shared\Transfer\PermissionCollectionTransfer;
 use SprykerShop\Yves\CompanyPage\Form\CompanyRoleForm;
 use SprykerShop\Yves\CompanyPage\Plugin\Router\CompanyPageRouteProviderPlugin;
 use Symfony\Component\HttpFoundation\RedirectResponse;
@@ -437,19 +436,4 @@ protected function prepareCompanyUsers(CompanyUserCollectionTransfer $companyUse
 
         return $companyUserCollection;
     }
-
-    /**
-     * @param int $idCompanyRole
-     *
-     * @return \Generated\Shared\Transfer\PermissionCollectionTransfer
-     */
-    protected function getSelectablePermissionsList(int $idCompanyRole): PermissionCollectionTransfer
-    {
-        $companyRoleTransfer = (new CompanyRoleTransfer())
-            ->setIdCompanyRole($idCompanyRole);
-
-        return $this->getFactory()
-            ->getCompanyRoleClient()
-            ->findNonInfrastructuralCompanyRolePermissionsByIdCompanyRole($companyRoleTransfer);
-    }
 }
diff --git a/src/SprykerShop/Yves/CompanyPage/Controller/CompanyRolePermissionController.php b/src/SprykerShop/Yves/CompanyPage/Controller/CompanyRolePermissionController.php
@@ -42,6 +42,11 @@ class CompanyRolePermissionController extends AbstractCompanyController
      */
     protected const PARAMETER_ID_COMPANY_ROLE = 'id';
 
+    /**
+     * @var string
+     */
+    protected const PERMISSION_ID = 'idPermission';
+
     /**
      * @param \Symfony\Component\HttpFoundation\Request $request
      *
@@ -53,15 +58,19 @@ public function assignAction(Request $request): RedirectResponse
             ->createCompanyPageFormFactory()
             ->getCompanyRolePermissionAssignForm()
             ->handleRequest($request);
-        if (!$companyRolePermissionAssignForm->isSubmitted() || !$companyRolePermissionAssignForm->isValid()) {
-            $this->addErrorMessage(static::MESSAGE_ERROR_PERMISSION_SAVE_FAILED);
 
-            return $this->redirectResponseInternal(CompanyPageRouteProviderPlugin::ROUTE_NAME_COMPANY_ROLE);
+        if (!$companyRolePermissionAssignForm->isSubmitted() || !$companyRolePermissionAssignForm->isValid()) {
+            return $this->redirectWithSaveFailedError();
         }
 
         $idCompanyRole = $request->query->getInt('id-company-role');
         $idPermission = $request->query->getInt('id-permission');
 
+        $allowedPermissions = $this->getSelectablePermissionsList($idCompanyRole)->getPermissions();
+        if (!$this->isPermissionInAllowedPermissions($allowedPermissions, $idPermission)) {
+            return $this->redirectWithSaveFailedError();
+        }
+
         $newPermission = new PermissionTransfer();
         $newPermission->setIdPermission($idPermission);
 
@@ -158,8 +167,9 @@ public function configureAction(Request $request)
      *
      * @return void
      */
-    protected function generateMessagesByCompanyRolePermissionResponse(CompanyRolePermissionResponseTransfer $responseTransfer)
-    {
+    protected function generateMessagesByCompanyRolePermissionResponse(
+        CompanyRolePermissionResponseTransfer $responseTransfer
+    ): void {
         if ($responseTransfer->getIsSuccessful()) {
             $this->addSuccessMessage(static::MESSAGE_SUCCESSFUL_PERMISSION_SAVED);
 
@@ -215,4 +225,33 @@ protected function getCompanyRolePermissions(int $idCompanyRole)
 
         return $permissionCollection->getPermissions();
     }
+
+    /**
+     * @param \ArrayObject<int, \Generated\Shared\Transfer\PermissionTransfer> $allowedPermissions
+     * @param int $idPermission
+     *
+     * @return bool
+     */
+    protected function isPermissionInAllowedPermissions(
+        ArrayObject $allowedPermissions,
+        int $idPermission
+    ): bool {
+        foreach ($allowedPermissions as $allowedPermission) {
+            if ($allowedPermission[static::PERMISSION_ID] === $idPermission) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * @return \Symfony\Component\HttpFoundation\RedirectResponse
+     */
+    protected function redirectWithSaveFailedError(): RedirectResponse
+    {
+        $this->addErrorMessage(static::MESSAGE_ERROR_PERMISSION_SAVE_FAILED);
+
+        return $this->redirectResponseInternal(CompanyPageRouteProviderPlugin::ROUTE_NAME_COMPANY_ROLE);
+    }
 }