export_import - Fix access permission

Author: lhassanbouhou-acx

src/bundle/Controller/Admin/JobController.php

@@ -12,6 +12,7 @@
 use Ibexa\Contracts\AdminUi\Controller\Controller;
 use Ibexa\Contracts\AdminUi\Notification\TranslatableNotificationHandlerInterface;
 use Ibexa\Contracts\Core\Repository\PermissionResolver;
+use Ibexa\Core\Base\Exceptions\UnauthorizedException;
 use Ibexa\Core\MVC\Symfony\Security\Authorization\Attribute;
 use JMS\TranslationBundle\Annotation\Ignore;
 use JMS\TranslationBundle\Model\Message;
@@ -57,6 +58,10 @@ public function __construct(
 
     public function list(Request $request): Response
     {
+        if (!$this->permissionResolver->hasAccess('import_export', 'workflow.list')) {
+            throw new UnauthorizedException('import_export', 'workflow.list', []);
+        }
+
         $page = $request->query->get('page') ?? 1;
 
         $pagerfanta = new Pagerfanta(
@@ -81,6 +86,10 @@ function (int $offset, int $length): array {
 
     public function create(Request $request): Response
     {
+        if (!$this->permissionResolver->hasAccess('import_export', 'workflow.create')) {
+            throw new UnauthorizedException('import_export', 'workflow.create', []);
+        }
+
         $job = Instantiator::instantiate(Job::class);
         $this->jobCreateFlow->bind($job);
 
@@ -123,6 +132,10 @@ public function create(Request $request): Response
 
     public function view(Job $job): Response
     {
+        if (!$this->permissionResolver->hasAccess('import_export', 'job.views')) {
+            throw new UnauthorizedException('import_export', 'job.views', []);
+        }
+
         return $this->render('@ibexadesign/import_export/job/view.html.twig', [
             'job' => $job,
         ]);

src/bundle/Resources/config/menu.yaml

@@ -1,5 +1,7 @@
 services:
     AlmaviaCX\Bundle\IbexaImportExport\AdminUi\Menu\Event\MenuListener:
+        arguments:
+            $permissionResolver: '@Ibexa\Contracts\Core\Repository\PermissionResolver'
         tags:
             - { name: kernel.event_subscriber }
 

src/bundle/Resources/config/policies.yaml

@@ -1,4 +1,5 @@
 import_export:
+    workflow.list: ~
     workflow.create: ~
     workflow.edit: ~
     workflow.delete: ~

src/lib/AdminUi/Menu/Event/MenuListener.php

@@ -6,12 +6,18 @@
 
 use Ibexa\AdminUi\Menu\Event\ConfigureMenuEvent;
 use Ibexa\AdminUi\Menu\MainMenuBuilder;
+use Ibexa\Contracts\Core\Repository\PermissionResolver;
+use Ibexa\Core\Base\Exceptions\UnauthorizedException;
 use JMS\TranslationBundle\Model\Message;
 use JMS\TranslationBundle\Translation\TranslationContainerInterface;
 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
 
 class MenuListener implements EventSubscriberInterface, TranslationContainerInterface
 {
+    public function __construct(protected PermissionResolver $permissionResolver)
+    {
+    }
+
     public static function getSubscribedEvents(): array
     {
         return [
@@ -21,6 +27,10 @@ public static function getSubscribedEvents(): array
 
     public function onMenuConfigure(ConfigureMenuEvent $event): void
     {
+        if (!$this->permissionResolver->hasAccess('import_export', 'workflow.list')) {
+            return;
+        }
+
         $menu = $event->getMenu();
 
         $contentMenu = $menu->getChild(MainMenuBuilder::ITEM_CONTENT);