Create handler for unauthorized requests

Signed-off-by: Tim Goudriaan <tim@codedmonkey.com>

Author: codedmonkey

src/Controller/Dashboard/DashboardCredentialsController.php

@@ -10,8 +10,10 @@
 use EasyCorp\Bundle\EasyAdminBundle\Field\ChoiceField;
 use EasyCorp\Bundle\EasyAdminBundle\Field\TextareaField;
 use EasyCorp\Bundle\EasyAdminBundle\Field\TextField;
+use Symfony\Component\Security\Http\Attribute\IsGranted;
 
 #[AdminRoute(path: '/credentials', name: 'credentials')]
+#[IsGranted('ROLE_ADMIN')]
 class DashboardCredentialsController extends AbstractCrudController
 {
     public static function getEntityFqcn(): string

src/Controller/Dashboard/DashboardRegistryController.php

@@ -19,8 +19,10 @@
 use EasyCorp\Bundle\EasyAdminBundle\Field\TextField;
 use EasyCorp\Bundle\EasyAdminBundle\Router\AdminUrlGenerator;
 use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\Security\Http\Attribute\IsGranted;
 
 #[AdminRoute(path: '/registries', name: 'registries')]
+#[IsGranted('ROLE_ADMIN')]
 class DashboardRegistryController extends AbstractCrudController
 {
     public static function getEntityFqcn(): string

src/Controller/Dashboard/DashboardUserController.php

@@ -15,8 +15,10 @@
 use EasyCorp\Bundle\EasyAdminBundle\Field\EmailField;
 use EasyCorp\Bundle\EasyAdminBundle\Field\TextField;
 use Symfony\Component\Form\Extension\Core\Type\PasswordType;
+use Symfony\Component\Security\Http\Attribute\IsGranted;
 
 #[AdminRoute(path: '/users', name: 'users')]
+#[IsGranted('ROLE_ADMIN')]
 class DashboardUserController extends AbstractCrudController
 {
     public static function getEntityFqcn(): string

templates/dashboard/errors/access_denied.html.twig

@@ -0,0 +1,7 @@
+{% extends '@EasyAdmin/page/content.html.twig' %}
+
+{% block page_title %}Access Denied{% endblock %}
+
+{% block page_content %}
+  <p class="text-muted">You do not have permission to access this page.</p>
+{% endblock %}

tests/FunctionalTests/Controller/Dashboard/DashboardCredentialsControllerTest.php

@@ -0,0 +1,32 @@
+<?php
+
+namespace CodedMonkey\Dirigent\Tests\FunctionalTests\Controller\Dashboard;
+
+use CodedMonkey\Dirigent\Tests\Helper\WebTestCaseTrait;
+use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
+use Symfony\Component\HttpFoundation\Response;
+
+class DashboardCredentialsControllerTest extends WebTestCase
+{
+    use WebTestCaseTrait;
+
+    public function testUserDoesNotHaveAccess(): void
+    {
+        $client = static::createClient();
+        $this->loginUser();
+
+        $client->request('GET', '/credentials');
+
+        $this->assertResponseStatusCodeSame(Response::HTTP_FORBIDDEN);
+    }
+
+    public function testAdministratorHasAccess(): void
+    {
+        $client = static::createClient();
+        $this->loginUser('admin');
+
+        $client->request('GET', '/credentials');
+
+        $this->assertResponseStatusCodeSame(Response::HTTP_OK);
+    }
+}

tests/FunctionalTests/Controller/Dashboard/DashboardRegistryControllerTest.php

@@ -0,0 +1,32 @@
+<?php
+
+namespace CodedMonkey\Dirigent\Tests\FunctionalTests\Controller\Dashboard;
+
+use CodedMonkey\Dirigent\Tests\Helper\WebTestCaseTrait;
+use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
+use Symfony\Component\HttpFoundation\Response;
+
+class DashboardRegistryControllerTest extends WebTestCase
+{
+    use WebTestCaseTrait;
+
+    public function testUserDoesNotHaveAccess(): void
+    {
+        $client = static::createClient();
+        $this->loginUser();
+
+        $client->request('GET', '/registries');
+
+        $this->assertResponseStatusCodeSame(Response::HTTP_FORBIDDEN);
+    }
+
+    public function testAdministratorHasAccess(): void
+    {
+        $client = static::createClient();
+        $this->loginUser('admin');
+
+        $client->request('GET', '/registries');
+
+        $this->assertResponseStatusCodeSame(Response::HTTP_OK);
+    }
+}

tests/FunctionalTests/Controller/Dashboard/DashboardRootControllerPermissionsTest.php

@@ -0,0 +1,36 @@
+<?php
+
+namespace CodedMonkey\Dirigent\Tests\FunctionalTests\Controller\Dashboard;
+
+use CodedMonkey\Dirigent\Tests\Helper\WebTestCaseTrait;
+use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
+use Symfony\Component\HttpFoundation\Response;
+
+class DashboardRootControllerPermissionsTest extends WebTestCase
+{
+    use WebTestCaseTrait;
+
+    public function testAdministratorHasAdminMenu(): void
+    {
+        $client = static::createClient();
+        $this->loginUser('admin');
+
+        $client->request('GET', '/');
+
+        $this->assertResponseStatusCodeSame(Response::HTTP_OK);
+
+        $this->assertAnySelectorTextSame('.menu-item-label', 'Administration');
+    }
+
+    public function testUserDoesNotHaveAdminMenu(): void
+    {
+        $client = static::createClient();
+        $this->loginUser();
+
+        $client->request('GET', '/');
+
+        $this->assertResponseStatusCodeSame(Response::HTTP_OK);
+
+        $this->assertAnySelectorTextNotContains('.menu-item-label', 'Administration');
+    }
+}

tests/FunctionalTests/Controller/Dashboard/DashboardUserControllerTest.php

@@ -0,0 +1,32 @@
+<?php
+
+namespace CodedMonkey\Dirigent\Tests\FunctionalTests\Controller\Dashboard;
+
+use CodedMonkey\Dirigent\Tests\Helper\WebTestCaseTrait;
+use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
+use Symfony\Component\HttpFoundation\Response;
+
+class DashboardUserControllerTest extends WebTestCase
+{
+    use WebTestCaseTrait;
+
+    public function testUserDoesNotHaveAccess(): void
+    {
+        $client = static::createClient();
+        $this->loginUser();
+
+        $client->request('GET', '/users');
+
+        $this->assertResponseStatusCodeSame(Response::HTTP_FORBIDDEN);
+    }
+
+    public function testAdministratorHasAccess(): void
+    {
+        $client = static::createClient();
+        $this->loginUser('admin');
+
+        $client->request('GET', '/users');
+
+        $this->assertResponseStatusCodeSame(Response::HTTP_OK);
+    }
+}