Extend ProjectVoter which access check on publiq-platform

app/WebApplication.php

@@ -7,6 +7,7 @@
 use CultuurNet\ProjectAanvraag\Coupon\CouponControllerProvider;
 use CultuurNet\ProjectAanvraag\ErrorHandler\JsonErrorHandler;
 use CultuurNet\ProjectAanvraag\IntegrationType\IntegrationTypeControllerProvider;
+use CultuurNet\ProjectAanvraag\Platform\PlatformClientInterface;
 use CultuurNet\ProjectAanvraag\Project\ProjectControllerProvider;
 use CultuurNet\ProjectAanvraag\Security\UiTIDSecurityServiceProvider;
 use CultuurNet\ProjectAanvraag\Voter\ImportVoter;
@@ -132,7 +133,7 @@ protected function registerProviders()
                 new AuthenticatedVoter($this['security.trust_resolver']),
 
                 // Custom voters
-                new ProjectVoter(),
+                new ProjectVoter($this[PlatformClientInterface::class]),
                 new ImportVoter(),
             ];
         };

src/Voter/ProjectVoter.php

@@ -3,6 +3,7 @@
 namespace CultuurNet\ProjectAanvraag\Voter;
 
 use CultuurNet\ProjectAanvraag\Entity\ProjectInterface;
+use CultuurNet\ProjectAanvraag\Platform\PlatformClientInterface;
 use CultuurNet\ProjectAanvraag\User\User;
 use CultuurNet\ProjectAanvraag\User\UserInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
@@ -15,6 +16,16 @@ class ProjectVoter extends Voter
     const ACTIVATE = 'activate';
     const BLOCK = 'block';
 
+    /**
+     * @var PlatformClientInterface
+     */
+    private $platformClient;
+
+    public function __construct(PlatformClientInterface $platformClient)
+    {
+        $this->platformClient = $platformClient;
+    }
+
     /**
      * @param string $attribute
      * @param ProjectInterface $project
@@ -32,7 +43,13 @@ protected function voteOnAttribute($attribute, $project, TokenInterface $token)
         }
 
         // Allow users to only view and edit their own projects
-        return (self::EDIT === $attribute || self::VIEW === $attribute) && $project->getUserId() === $user->id;
+        $hasAccess = (self::EDIT === $attribute || self::VIEW === $attribute) && $project->getUserId() === $user->id;
+
+        if (!$hasAccess) {
+            $hasAccess = $this->platformClient->hasAccessOnIntegration($project->getPlatformUuid());
+        }
+
+        return $hasAccess;
     }
 
     /**

test/Voter/ProjectVoterTest.php

@@ -3,6 +3,7 @@
 namespace CultuurNet\ProjectAanvraag\Voter;
 
 use CultuurNet\ProjectAanvraag\Entity\ProjectInterface;
+use CultuurNet\ProjectAanvraag\Platform\PlatformClientInterface;
 use CultuurNet\ProjectAanvraag\User\User;
 use CultuurNet\ProjectAanvraag\User\UserInterface;
 use PHPUnit\Framework\MockObject\MockObject;
@@ -21,6 +22,11 @@ class ProjectVoterTest extends TestCase
      */
     protected $project;
 
+    /**
+     * @var PlatformClientInterface & MockObject
+     */
+    private $platformClient;
+
     /**
      * @var ProjectVoter
      */
@@ -32,7 +38,9 @@ public function setUp()
 
         $this->project = $this->createMock(ProjectInterface::class);
 
-        $this->voter = new ProjectVoter();
+        $this->platformClient = $this->createMock(PlatformClientInterface::class);
+
+        $this->voter = new ProjectVoter($this->platformClient);
     }
 
     /**
@@ -49,8 +57,17 @@ public function testVote()
             ->will($this->returnValue(false));
 
         $this->token->expects($this->any())
-        ->method('getUser')
-        ->will($this->returnValue($user));
+            ->method('getUser')
+            ->will($this->returnValue($user));
+
+        $this->project->expects($this->once())
+            ->method('getPlatformUuid')
+            ->will($this->returnValue('platform_uuid'));
+
+        $this->platformClient->expects($this->once())
+            ->method('hasAccessOnIntegration')
+            ->with('platform_uuid')
+            ->willReturn(false);
 
         $vote = $this->voter->vote($this->token, $this->project, ['edit']);
         $this->assertEquals(-1, $vote, 'It correctly votes on the subject and denies editing');