Matthieu
4a7fd46493
La revue de sécurité a relevé que les écritures de TimeEntry (Post/Patch/Delete) étaient gardées par time-tracking.entries.view : une permission de lecture accordait l'écriture (confusion lecture/écriture, least-privilege). - Ajout de la permission time-tracking.entries.manage (catalogue cohérent avec les autres modules en view/manage). - Écritures TimeEntry recâblées sur entries.manage ; self-service conservé (object.getUser() == user). Lecture inchangée (entries.view).
230 lines
6.9 KiB
PHP
230 lines
6.9 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace App\Module\TimeTracking\Domain\Entity;
|
|
|
|
use ApiPlatform\Doctrine\Orm\Filter\DateFilter;
|
|
use ApiPlatform\Doctrine\Orm\Filter\SearchFilter;
|
|
use ApiPlatform\Metadata\ApiFilter;
|
|
use ApiPlatform\Metadata\ApiResource;
|
|
use ApiPlatform\Metadata\Delete;
|
|
use ApiPlatform\Metadata\Get;
|
|
use ApiPlatform\Metadata\GetCollection;
|
|
use ApiPlatform\Metadata\Patch;
|
|
use ApiPlatform\Metadata\Post;
|
|
use App\Module\TimeTracking\Infrastructure\ApiPlatform\State\ActiveTimeEntryProvider;
|
|
use App\Module\TimeTracking\Infrastructure\Doctrine\DoctrineTimeEntryRepository;
|
|
use App\Shared\Domain\Contract\BlamableInterface;
|
|
use App\Shared\Domain\Contract\ProjectInterface;
|
|
use App\Shared\Domain\Contract\TaskInterface;
|
|
use App\Shared\Domain\Contract\TaskTagInterface;
|
|
use App\Shared\Domain\Contract\TimestampableInterface;
|
|
use App\Shared\Domain\Contract\UserInterface;
|
|
use App\Shared\Domain\Trait\TimestampableBlamableTrait;
|
|
use DateTimeImmutable;
|
|
use Doctrine\Common\Collections\ArrayCollection;
|
|
use Doctrine\Common\Collections\Collection;
|
|
use Doctrine\DBAL\Types\Types;
|
|
use Doctrine\ORM\Mapping as ORM;
|
|
use Symfony\Component\Serializer\Attribute\Groups;
|
|
|
|
#[ApiResource(
|
|
operations: [
|
|
new GetCollection(security: "is_granted('time-tracking.entries.view')"),
|
|
new GetCollection(
|
|
name: 'time_entries_range',
|
|
uriTemplate: '/time_entries/range',
|
|
description: 'List time entries for a bounded date range without pagination (used by the time-tracking calendar)',
|
|
paginationEnabled: false,
|
|
security: "is_granted('time-tracking.entries.view')",
|
|
),
|
|
new GetCollection(
|
|
name: 'active_time_entry',
|
|
uriTemplate: '/time_entries/active',
|
|
provider: ActiveTimeEntryProvider::class,
|
|
description: 'Get the active timer for the current user',
|
|
paginationEnabled: false,
|
|
security: "is_granted('time-tracking.entries.view')",
|
|
),
|
|
new Get(security: "is_granted('time-tracking.entries.view')"),
|
|
new Post(security: "is_granted('time-tracking.entries.manage')"),
|
|
new Patch(security: "is_granted('ROLE_ADMIN') or (is_granted('time-tracking.entries.manage') and object.getUser() == user)"),
|
|
new Delete(security: "is_granted('ROLE_ADMIN') or (is_granted('time-tracking.entries.manage') and object.getUser() == user)"),
|
|
],
|
|
normalizationContext: ['groups' => ['time_entry:read']],
|
|
denormalizationContext: ['groups' => ['time_entry:write']],
|
|
order: ['startedAt' => 'DESC'],
|
|
)]
|
|
#[ApiFilter(SearchFilter::class, properties: ['user' => 'exact', 'project' => 'exact', 'tags' => 'exact'])]
|
|
#[ApiFilter(DateFilter::class, properties: ['startedAt'])]
|
|
#[ORM\Entity(repositoryClass: DoctrineTimeEntryRepository::class)]
|
|
#[ORM\UniqueConstraint(name: 'uniq_active_timer', columns: ['user_id'], options: ['where' => '(stopped_at IS NULL)'])]
|
|
class TimeEntry implements TimestampableInterface, BlamableInterface
|
|
{
|
|
use TimestampableBlamableTrait;
|
|
|
|
#[ORM\Id]
|
|
#[ORM\GeneratedValue]
|
|
#[ORM\Column]
|
|
#[Groups(['time_entry:read'])]
|
|
private ?int $id = null;
|
|
|
|
#[ORM\Column(length: 255, nullable: true)]
|
|
#[Groups(['time_entry:read', 'time_entry:write'])]
|
|
private ?string $title = null;
|
|
|
|
#[ORM\Column(type: Types::TEXT, nullable: true)]
|
|
#[Groups(['time_entry:read', 'time_entry:write'])]
|
|
private ?string $description = null;
|
|
|
|
#[ORM\Column(type: Types::DATETIMETZ_IMMUTABLE)]
|
|
#[Groups(['time_entry:read', 'time_entry:write'])]
|
|
private ?DateTimeImmutable $startedAt = null;
|
|
|
|
#[ORM\Column(type: Types::DATETIMETZ_IMMUTABLE, nullable: true)]
|
|
#[Groups(['time_entry:read', 'time_entry:write'])]
|
|
private ?DateTimeImmutable $stoppedAt = null;
|
|
|
|
#[ORM\ManyToOne(targetEntity: UserInterface::class)]
|
|
#[ORM\JoinColumn(nullable: false, onDelete: 'CASCADE')]
|
|
#[Groups(['time_entry:read', 'time_entry:write'])]
|
|
private ?UserInterface $user = null;
|
|
|
|
#[ORM\ManyToOne(targetEntity: ProjectInterface::class)]
|
|
#[ORM\JoinColumn(nullable: true, onDelete: 'SET NULL')]
|
|
#[Groups(['time_entry:read', 'time_entry:write'])]
|
|
private ?ProjectInterface $project = null;
|
|
|
|
#[ORM\ManyToOne(targetEntity: TaskInterface::class)]
|
|
#[ORM\JoinColumn(nullable: true, onDelete: 'SET NULL')]
|
|
#[Groups(['time_entry:read', 'time_entry:write'])]
|
|
private ?TaskInterface $task = null;
|
|
|
|
/** @var Collection<int, TaskTagInterface> */
|
|
#[ORM\ManyToMany(targetEntity: TaskTagInterface::class)]
|
|
#[ORM\JoinTable(
|
|
name: 'time_entry_task_type',
|
|
joinColumns: [new ORM\JoinColumn(name: 'time_entry_id', referencedColumnName: 'id')],
|
|
inverseJoinColumns: [new ORM\JoinColumn(name: 'task_type_id', referencedColumnName: 'id')],
|
|
)]
|
|
#[Groups(['time_entry:read', 'time_entry:write'])]
|
|
private Collection $tags;
|
|
|
|
public function __construct()
|
|
{
|
|
$this->tags = new ArrayCollection();
|
|
}
|
|
|
|
public function getId(): ?int
|
|
{
|
|
return $this->id;
|
|
}
|
|
|
|
public function getTitle(): ?string
|
|
{
|
|
return $this->title;
|
|
}
|
|
|
|
public function setTitle(?string $title): static
|
|
{
|
|
$this->title = $title;
|
|
|
|
return $this;
|
|
}
|
|
|
|
public function getDescription(): ?string
|
|
{
|
|
return $this->description;
|
|
}
|
|
|
|
public function setDescription(?string $description): static
|
|
{
|
|
$this->description = $description;
|
|
|
|
return $this;
|
|
}
|
|
|
|
public function getStartedAt(): ?DateTimeImmutable
|
|
{
|
|
return $this->startedAt;
|
|
}
|
|
|
|
public function setStartedAt(DateTimeImmutable $startedAt): static
|
|
{
|
|
$this->startedAt = $startedAt;
|
|
|
|
return $this;
|
|
}
|
|
|
|
public function getStoppedAt(): ?DateTimeImmutable
|
|
{
|
|
return $this->stoppedAt;
|
|
}
|
|
|
|
public function setStoppedAt(?DateTimeImmutable $stoppedAt): static
|
|
{
|
|
$this->stoppedAt = $stoppedAt;
|
|
|
|
return $this;
|
|
}
|
|
|
|
public function getUser(): ?UserInterface
|
|
{
|
|
return $this->user;
|
|
}
|
|
|
|
public function setUser(?UserInterface $user): static
|
|
{
|
|
$this->user = $user;
|
|
|
|
return $this;
|
|
}
|
|
|
|
public function getProject(): ?ProjectInterface
|
|
{
|
|
return $this->project;
|
|
}
|
|
|
|
public function setProject(?ProjectInterface $project): static
|
|
{
|
|
$this->project = $project;
|
|
|
|
return $this;
|
|
}
|
|
|
|
public function getTask(): ?TaskInterface
|
|
{
|
|
return $this->task;
|
|
}
|
|
|
|
public function setTask(?TaskInterface $task): static
|
|
{
|
|
$this->task = $task;
|
|
|
|
return $this;
|
|
}
|
|
|
|
/** @return Collection<int, TaskTagInterface> */
|
|
public function getTags(): Collection
|
|
{
|
|
return $this->tags;
|
|
}
|
|
|
|
public function addTag(TaskTagInterface $tag): static
|
|
{
|
|
if (!$this->tags->contains($tag)) {
|
|
$this->tags->add($tag);
|
|
}
|
|
|
|
return $this;
|
|
}
|
|
|
|
public function removeTag(TaskTagInterface $tag): static
|
|
{
|
|
$this->tags->removeElement($tag);
|
|
|
|
return $this;
|
|
}
|
|
}
|