[Admin] adjust esCadre auth url for impersonified admin (#10750)

parti-renaissance · Sep 20, 2024 · 5418f6f · 5418f6f
1 parent 3c6bb70
commit 5418f6f
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 3 deletions.
diff --git a/config/routes.yaml b/config/routes.yaml
@@ -107,9 +107,9 @@ app_oauth:
     type:     "annotation"
     prefix:   "/oauth/v2"
     defaults:
-        app_domain: "%app_host%"
+        app_domain: "%user_vox_host%"
     requirements:
-        app_domain: "%app_host%|%app_renaissance_host%|%api_renaissance_host%|%admin_renaissance_host%|%user_vox_host%"
+        app_domain: "%app_renaissance_host%|%api_renaissance_host%|%admin_renaissance_host%|%user_vox_host%"
 
 #
 # Admin panel

diff --git a/src/Normalizer/JecouteAdherentNormalizer.php b/src/Normalizer/JecouteAdherentNormalizer.php
@@ -7,6 +7,7 @@
 use App\Repository\Jecoute\DataSurveyRepository;
 use App\Repository\OAuth\ClientRepository;
 use App\Security\Voter\DataCornerVoter;
+use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
 use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
 use Symfony\Component\Serializer\Normalizer\NormalizerAwareTrait;
 
@@ -20,6 +21,9 @@ public function __construct(
         private readonly DataSurveyRepository $dataSurveyRepository,
         private readonly AuthorizationCheckerInterface $authorizationChecker,
         private readonly ClientRepository $clientRepository,
+        private readonly UrlGeneratorInterface $urlGenerator,
+        private readonly string $adminRenaissanceHost,
+        private readonly string $userVoxHost,
     ) {
     }
 
@@ -33,7 +37,21 @@ public function normalize($object, $format = null, array $context = [])
         ];
 
         if ($data['cadre_access'] = $this->authorizationChecker->isGranted(DataCornerVoter::DATA_CORNER, $object)) {
-            $data['cadre_auth_path'] = '/oauth/v2/auth?scope='.Scope::JEMENGAGE_ADMIN.'&response_type=code&client_id='.$this->clientRepository->findOneBy(['code' => AppCodeEnum::JEMENGAGE_WEB])->getUuid();
+            if ($object->getAuthAppVersion() < 580) {
+                $data['cadre_auth_path'] = $this->urlGenerator->generate('app_front_oauth_authorize', [
+                    'scope' => Scope::JEMENGAGE_ADMIN,
+                    'response_type' => 'code',
+                    'client_id' => $this->clientRepository->findOneBy(['code' => AppCodeEnum::JEMENGAGE_WEB])->getUuid(),
+                ]);
+            } else {
+                $data['cadre_auth_url'] = $this->urlGenerator->generate('app_front_oauth_authorize', [
+                    'app_domain' => $this->authorizationChecker->isGranted('ROLE_PREVIOUS_ADMIN') ? $this->adminRenaissanceHost : $this->userVoxHost,
+                    'scope' => Scope::JEMENGAGE_ADMIN,
+                    'response_type' => 'code',
+                    'client_id' => $this->clientRepository->findOneBy(['code' => AppCodeEnum::JEMENGAGE_WEB])->getUuid(
+                    ),
+                ], UrlGeneratorInterface::ABSOLUTE_URL);
+            }
         }
 
         return $data;