Merge branch 'develop'

.woodpecker.yml

@@ -9,7 +9,7 @@ services:
     environment:
       - MARIADB_ROOT_PASSWORD=root
 
-pipeline:
+steps:
   db_wait:
     image: gitnet.fr/deblan/timeout:latest
     commands:
@@ -21,7 +21,7 @@ pipeline:
       - mysql -hdb -uroot -proot -e "CREATE DATABASE app"
 
   config:
-    image: deblan/php:8.1
+    image: deblan/php:${PHP_VERSION}
     commands:
       - echo APP_ENV=prod >> .env.local
       - echo APP_SECRET=$(openssl rand -hex 32) >> .env.local

CHANGELOG.md

@@ -1,10 +1,22 @@
 ## [Unreleased]
 
-## [1.21.0] 2023-08-11
+## [v1.23.0] - 2023-09-28
 ### Changed
 * upgrade murph/murph-core
 
-## [1.20.0] 2023-07-27
+## [v1.22.0] - 2023-09-28
+### Added
+* update woodpecker ci base file
+### Fixed
+* fix #1: add UniqueEntity constraint in the User entity
+### Changed
+* upgrade murph/murph-core
+
+## [1.21.0] - 2023-08-11
+### Changed
+* upgrade murph/murph-core
+
+## [1.20.0] - 2023-07-27
 ### Fixed
 * fix collection widget: allow_add/allow_delete and prototype
 ### Added
@@ -13,11 +25,11 @@
 ### Changed
 * upgrade murph/murph-core
 
-## [1.19.0] 2023-04-15
+## [1.19.0] - 2023-04-15
 ### Changed
 * upgrade murph/murph-core
 
-## [1.18.0] 2023-01-13
+## [1.18.0] - 2023-01-13
 ### Added
 * feat(dep): update dependencies
 * feat(update): apply new recipe for phpunit
@@ -45,7 +57,7 @@
 * fix(config): fix firewall config
 
 
-## [1.17.0] 2022-11-19
+## [1.17.0] - 2022-11-19
 ### Changed
 * upgrade murph/murph-core
 * replace annotation with attributes

composer.json

@@ -7,7 +7,7 @@
     "prefer-stable": true,
     "require": {
         "php": ">=8.0.0",
-        "murph/murph-core": "^1.20"
+        "murph/murph-core": "^1.23"
     },
     "require-dev": {
         "symfony/browser-kit": "^5.4",

config/packages/security.yaml

@@ -3,6 +3,10 @@ security:
         App\Entity\User:
             algorithm: auto
 
+    access_decision_manager:
+        strategy: consensus
+        allow_if_all_abstain: false
+
     # https://symfony.com/doc/current/security.html#where-do-users-come-from-user-providers
     enable_authenticator_manager: true
     # https://symfony.com/doc/current/security.html#registering-the-user-hashing-passwords

src/Entity/User.php

@@ -9,9 +9,11 @@ use Doctrine\ORM\Mapping as ORM;
 use Scheb\TwoFactorBundle\Model\Google\TwoFactorInterface;
 use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
 use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Bridge\Doctrine\Validator\Constraints\UniqueEntity;
 
 #[ORM\Entity(repositoryClass: UserRepository::class)]
 #[ORM\HasLifecycleCallbacks]
+#[UniqueEntity('email')]
 class User implements PasswordAuthenticatedUserInterface, UserInterface, TwoFactorInterface, EntityInterface
 {
     use Timestampable;

src/Security/Voter/EntityVoter.php

@@ -0,0 +1,51 @@
+<?php
+
+namespace App\Security\Voter;
+
+use App\Core\Entity\EntityInterface;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\Voter;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+class EntityVoter extends Voter
+{
+    public const EDIT = 'edit';
+    public const VIEW = 'show';
+    public const DELETE = 'delete';
+
+    protected function supports(string $attribute, mixed $subject): bool
+    {
+        // replace with your own logic
+        // https://symfony.com/doc/current/security/voters.html
+        return in_array($attribute, [self::EDIT, self::VIEW, self::DELETE])
+            && $subject instanceof EntityInterface;
+    }
+
+    protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool
+    {
+        $user = $token->getUser();
+
+        if (!$user instanceof UserInterface) {
+            return false;
+        }
+
+        switch ($attribute) {
+            case self::EDIT:
+                return true;
+
+                break;
+
+            case self::VIEW:
+                return true;
+
+                break;
+
+            case self::DELETE:
+                return true;
+
+                break;
+        }
+
+        return false;
+    }
+}