update security service

src/Controller/DatenweitergabeController.php

@@ -9,6 +9,7 @@
 namespace App\Controller;
 
 use App\Entity\Datenweitergabe;
+use App\Entity\Team;
 use App\Repository\DatenweitergabeRepository;
 use App\Repository\TeamRepository;
 use App\Service\ApproveService;
@@ -248,19 +249,14 @@ public function editDatenweitergabe(
         AssignService             $assignService,
         CurrentTeamService        $currentTeamService,
         DatenweitergabeRepository $dataTransferRepository,
-        TeamRepository            $teamRepository,
     ): Response
     {
         set_time_limit(600);
         $team = $currentTeamService->getCurrentTeam($this->getUser());
-        $teamPath = $team ? $teamRepository->getPath($team) : null;
         $daten = $dataTransferRepository->find($request->get('id'));
-
-        if ($securityService->teamPathDataCheck($daten, $teamPath) === false) {
-            if ($daten->getArt() === 1) {
-                return $this->redirectToRoute('datenweitergabe');
-            }
-            return $this->redirectToRoute('auftragsverarbeitung');
+        if (!$this->checkAccess($securityService, $daten, $team)) {
+            $redirectRoute = $daten->getArt() === 1 ? 'datenweitergabe' : 'auftragsverarbeitung';
+            return $this->redirectToRoute($redirectRoute);
         }
 
         $newDaten = $datenweitergabeService->cloneDatenweitergabe($daten, $this->getUser());
@@ -355,4 +351,19 @@ public function indexDataTransfer(
             'currentTeam' => $team,
         ]);
     }
+
+    private function checkAccess(SecurityService $securityService, ?Datenweitergabe $transfer, Team $team): bool
+    {
+        if (!$transfer) {
+            $this->addFlash('danger', 'elementDoesNotExistError');
+            return false;
+        }
+
+        if (!$securityService->checkTeamAccessToTransfer($transfer, $team)) {
+            $this->addFlash('danger', 'accessDeniedError');
+            return false;
+        }
+
+        return true;
+    }
 }

src/Controller/KontaktController.php

@@ -121,19 +121,18 @@ public function editKontakt(
         Request            $request,
         SecurityService    $securityService,
         CurrentTeamService $currentTeamService,
-        KontakteRepository $contactRepository,
-        TeamRepository     $teamRepository,
+        KontakteRepository $contactRepository
     ): Response
     {
         $team = $currentTeamService->getCurrentTeam($this->getUser());
-        $teamPath = $team ? $teamRepository->getPath($team) : null;
-        $kontakt = $contactRepository->find($request->get('id'));
-        if ($securityService->teamPathDataCheck($kontakt, $teamPath) === false) {
-            return $this->redirectToRoute('kurse');
+        $contact = $contactRepository->find($request->get('id'));
+        if (!$securityService->checkTeamAccessToContact($contact, $team)) {
+            $this->addFlash('danger', 'accessDeniedError');
+            return $this->redirectToRoute('kontakt');
         }
 
-        $isEditable = $kontakt->getTeam() === $team;
-        $form = $this->createForm(KontaktType::class, $kontakt, ['disabled' => !$isEditable]);
+        $isEditable = $contact->getTeam() === $team;
+        $form = $this->createForm(KontaktType::class, $contact, ['disabled' => !$isEditable]);
         $form->handleRequest($request);
 
         $errors = array();
@@ -146,15 +145,15 @@ public function editKontakt(
                 return $this->redirectToRoute(
                     'kontakt_edit',
                     [
-                        'id' => $kontakt->getId(),
+                        'id' => $contact->getId(),
                         'snack' => $this->translator->trans(id: 'save.successful', domain: 'general'),
                     ]
                 );
             }
         }
         return $this->render('kontakt/edit.html.twig', [
             'form' => $form->createView(),
-            'kontakt' => $kontakt,
+            'kontakt' => $contact,
             'errors' => $errors,
             'title' => $this->translator->trans(id: 'contact.edit', domain: 'kontakt'),
             'snack' => $request->get('snack'),

src/Controller/PoliciesController.php

@@ -176,14 +176,13 @@ public function editPolicy(
         AssignService      $assignService,
         CurrentTeamService $currentTeamService,
         PoliciesRepository $policiesRepository,
-        TeamRepository     $teamRepository,
     ): Response
     {
         $team = $currentTeamService->getCurrentTeam($this->getUser());
-        $teamPath = $team ? $teamRepository->getPath($team) : null;
         $policy = $policiesRepository->find($request->get('id'));
 
-        if ($securityService->teamPathDataCheck($policy, $teamPath) === false) {
+        if (!$securityService->checkTeamAccessToPolicy($policy, $team)) {
+            $this->addFlash('danger', 'accessDeniedError');
             return $this->redirectToRoute('policies');
         }
         $newPolicy = $policiesService->clonePolicy($policy, $this->getUser());

src/Controller/SoftwareController.php

@@ -2,7 +2,9 @@
 
 namespace App\Controller;
 
+use App\Entity\Software;
 use App\Entity\SoftwareConfig;
+use App\Entity\Team;
 use App\Repository\SoftwareConfigRepository;
 use App\Repository\SoftwareRepository;
 use App\Repository\TeamRepository;
@@ -228,16 +230,14 @@ public function editSoftware(
         SecurityService    $securityService,
         AssignService      $assignService,
         CurrentTeamService $currentTeamService,
-        SoftwareRepository $softwareRepository,
-        TeamRepository     $teamRepository,
+        SoftwareRepository $softwareRepository
     ): Response
     {
         //Request: id: SoftwareID, snack:Snack Notice
         $team = $currentTeamService->getCurrentTeam($this->getUser());
-        $teamPath = $team ? $teamRepository->getPath($team) : null;
         $software = $softwareRepository->find($request->get('id'));
 
-        if ($securityService->teamPathDataCheck($software, $teamPath) === false) {
+        if (!$this->checkAccess($securityService, $software, $team)) {
             return $this->redirectToRoute('software');
         }
         $newSoftware = $softwareService->cloneSoftware($software, $this->getUser());
@@ -306,4 +306,19 @@ public function index(
             'currentTeam' => $team,
         ]);
     }
+
+    private function checkAccess(SecurityService $securityService, ?Software $software, Team $team): bool
+    {
+        if (!$software) {
+            $this->addFlash('danger', 'elementDoesNotExistError');
+            return false;
+        }
+
+        if (!$securityService->checkTeamAccessToSoftware($software, $team)) {
+            $this->addFlash('danger', 'accessDeniedError');
+            return false;
+        }
+
+        return true;
+    }
 }

src/Controller/TomController.php

@@ -165,10 +165,10 @@ public function editTom(
     ): Response
     {
         $team = $currentTeamService->getCurrentTeam($this->getUser());
-        $teamPath = $team ? $teamRepository->getPath($team) : null;
         $tom = $tomRepository->find($request->get('tom'));
 
-        if ($securityService->teamPathDataCheck($tom, $teamPath) === false) {
+        if ($securityService->checkTeamAccessToTom($tom, $team) === false) {
+            $this->addFlash('danger', 'accessDeniedError');
             return $this->redirectToRoute('tom');
         }
 

src/Controller/VvtController.php

@@ -220,15 +220,14 @@ public function editVvt(
         AssignService            $assignService,
         VVTDatenkategorieService $VVTDatenkategorieService,
         CurrentTeamService       $currentTeamService,
-        VVTRepository            $vvtRepository,
-        TeamRepository           $teamRepository
+        VVTRepository            $vvtRepository
     ): Response
     {
         $team = $currentTeamService->getCurrentTeam($this->getUser());
         $vvt = $vvtRepository->find($request->get('id'));
-        $teamPath = $team ? $teamRepository->getPath($team) : null;
 
-        if ($securityService->teamPathDataCheck($vvt, $teamPath) === false) {
+        if ($securityService->checkTeamAccessToProcess($vvt, $team) === false) {
+            $this->addFlash('danger', 'accessDeniedError');
             return $this->redirectToRoute('vvt');
         }
         $newVvt = $VVTService->cloneVvt($vvt, $this->getUser());
@@ -316,9 +315,8 @@ public function editVvtDsfa(
     {
         $team = $currentTeamService->getCurrentTeam($this->getUser());
         $dsfa = $vvtDsfaRepository->find($request->get('dsfa'));
-        $teamPath = $team ? $teamRepository->getPath($team) : null;
 
-        if ($securityService->teamPathDataCheck($dsfa->getVvt(), $teamPath) === false) {
+        if (!$securityService->checkTeamAccessToProcess(process: $dsfa->getVvt(), team: $team)) {
             return $this->redirectToRoute('vvt');
         }
 
@@ -401,7 +399,7 @@ public function newVvtDsfa(
             return $this->redirectToRoute('vvt');
         }
 
-        $dsfa = $VVTService->newDsfa($team, $this->getUser(), $vvt);
+        $dsfa = $VVTService->newDsfa($this->getUser(), $vvt);
 
         $form = $this->createForm(VvtDsfaType::class, $dsfa);
         $form->handleRequest($request);

src/Service/NotificationService.php

@@ -63,14 +63,14 @@ public function sendNotificationAkademie(AkademieBuchungen $buchung, $content):
     }
 
     public function sendNotificationAssign($content, User $user): bool
-    {
+    {/*
         $this->mailer->sendEmail(
             $this->translator->trans(id: 'notification.odc.sender', domain: 'service'),
             $this->parameterBag->get('defaultEmail'),
             $user->getEmail(),
             $this->translator->trans(id: 'notification.odc.element.assign', domain: 'service'),
             $content,
-        );
+        );*/
 
         return true;
     }