Add the new role

The new API roles are bundled with another role for readability, no
intent at this point to make this something which we can assign to
users.

webapp/config/packages/security.yaml

@@ -3,10 +3,10 @@
 security:
     role_hierarchy:
         ROLE_JURY: [ROLE_CLARIFICATION_RW, ROLE_API, ROLE_API_READER, ROLE_API_SOURCE_READER]
-        ROLE_ADMIN: [ROLE_JURY, ROLE_JUDGEHOST, ROLE_API_WRITER, ROLE_API_PROBLEM_CHANGE]
+        ROLE_ADMIN: [ROLE_JURY, ROLE_JUDGEHOST, ROLE_API_WRITER,
+                     ROLE_API_PROBLEM_CHANGE, ROLE_API_CONTEST_CHANGE]
         ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
 
-
     # https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords
     password_hashers:
         App\Entity\User:

webapp/src/Controller/API/ContestController.php

@@ -74,7 +74,7 @@ public function __construct(
      * Add a new contest.
      * @throws BadRequestHttpException
      */
-    #[IsGranted('ROLE_ADMIN')]
+    #[IsGranted('ROLE_API_CONTEST_CHANGE')]
     #[Rest\Post('')]
     #[OA\RequestBody(
         required: true,
@@ -200,7 +200,7 @@ public function bannerAction(Request $request, string $cid): Response
     /**
      * Delete the banner for the given contest.
      */
-    #[IsGranted('ROLE_ADMIN')]
+    #[IsGranted('ROLE_API_CONTEST_CHANGE')]
     #[Rest\Delete('/{cid}/banner', name: 'delete_contest_banner')]
     #[OA\Response(response: 204, description: 'Deleting banner succeeded')]
     #[OA\Parameter(ref: '#/components/parameters/cid')]
@@ -220,7 +220,7 @@ public function deleteBannerAction(Request $request, string $cid): Response
     /**
      * Set the banner for the given contest.
      */
-    #[IsGranted('ROLE_ADMIN')]
+    #[IsGranted('ROLE_API_CONTEST_CHANGE')]
     #[Rest\Post("/{cid}/banner", name: 'post_contest_banner')]
     #[Rest\Put("/{cid}/banner", name: 'put_contest_banner')]
     #[OA\RequestBody(
@@ -268,7 +268,7 @@ public function setBannerAction(Request $request, string $cid, ValidatorInterfac
     /**
      * Delete the problemset document for the given contest.
      */
-    #[IsGranted('ROLE_ADMIN')]
+    #[IsGranted('ROLE_API_CONTEST_CHANGE')]
     #[Rest\Delete('/{cid}/problemset', name: 'delete_contest_problemset')]
     #[OA\Response(response: 204, description: 'Deleting problemset document succeeded')]
     #[OA\Parameter(ref: '#/components/parameters/cid')]
@@ -288,7 +288,7 @@ public function deleteProblemsetAction(Request $request, string $cid): Response
     /**
      * Set the problemset document for the given contest.
      */
-    #[IsGranted('ROLE_ADMIN')]
+    #[IsGranted('ROLE_API_CONTEST_CHANGE')]
     #[Rest\Post("/{cid}/problemset", name: 'post_contest_problemset')]
     #[Rest\Put("/{cid}/problemset", name: 'put_contest_problemset')]
     #[OA\RequestBody(

webapp/src/DataFixtures/DefaultData/RoleFixture.php

@@ -29,7 +29,8 @@ public function load(ObjectManager $manager): void
             'api_writer'         => 'API writer',
             'api_source_reader'  => 'Source code reader',
             'clarification_rw'   => 'Clarification handler',
-            'api_problem_change' => 'API Problem Changer'
+            'api_problem_change' => 'API Problem Changer',
+            'api_contest_change' => 'API Contest Changer'
         ];
         foreach ($roles as $roleName => $description) {
             if (!($role = $manager->getRepository(Role::class)->findOneBy(['dj_role' => $roleName]))) {