marek/MtoRagSystem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

p96 follow up

Browse Source
This commit is contained in:
team 1
2026-05-11 15:39:00 +02:00
parent 3e678c659c
commit f098a1a244
25 changed files with 790 additions and 131 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/Controller/Admin/AdminSystemLogController.php
View File

@@ -4,6 +4,7 @@ declare(strict_types=1);
namespace App\Controller\Admin;
use App\Security\ApplicationRoles;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Attribute\Route;
@@ -21,7 +22,7 @@ final class AdminSystemLogController extends AbstractController
#[Route('', name: 'admin_system_logs_index')]
public function index(): Response
{
$this->denyAccessUnlessGranted('ROLE_SUPER_ADMIN');
$this->denyAccessUnlessGranted(ApplicationRoles::ROLE_SUPER_ADMIN);
$files = [];
@@ -47,7 +48,7 @@ final class AdminSystemLogController extends AbstractController
)]
public function view(string $date): Response
{
$this->denyAccessUnlessGranted('ROLE_SUPER_ADMIN');
$this->denyAccessUnlessGranted(ApplicationRoles::ROLE_SUPER_ADMIN);
if ($date === 'current') {
$safeFilename = 'system.log';

3
src/Controller/Admin/AdminVectorLogController.php
View File

@@ -4,6 +4,7 @@ declare(strict_types=1);
namespace App\Controller\Admin;
use App\Security\ApplicationRoles;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Attribute\Route;
@@ -14,7 +15,7 @@ final class AdminVectorLogController extends AbstractController
#[Route('/log', name: 'admin_vector_log')]
public function view(): Response
{
$this->denyAccessUnlessGranted('ROLE_SUPER_ADMIN');
$this->denyAccessUnlessGranted(ApplicationRoles::ROLE_SUPER_ADMIN);
// ⚠️ Pfad ggf. anpassen falls bei dir anders konfiguriert
$logFile = \dirname(__DIR__, 3) . '/var/log/vector_service.log';

17
src/Controller/Admin/DocumentController.php
View File

@@ -8,6 +8,7 @@ use App\Entity\Document;
use App\Entity\DocumentVersion;
use App\Entity\IngestJob;
use App\Entity\User;
use App\Security\ApplicationRoles;
use App\Service\DocumentService;
use App\Service\FormatText;
use App\Service\IngestJobService;
@@ -33,6 +34,8 @@ final class DocumentController extends AbstractController
#[Route('', name: 'admin_documents', methods: ['GET'])]
public function index(EntityManagerInterface $em): Response
{
$this->denyAccessUnlessGranted(ApplicationRoles::ROLE_EDITOR);
$documents = $em->getRepository(Document::class)
->createQueryBuilder('d')
->leftJoin('d.versions', 'v')
@@ -56,6 +59,8 @@ final class DocumentController extends AbstractController
)]
public function show(string $id, EntityManagerInterface $em): Response
{
$this->denyAccessUnlessGranted(ApplicationRoles::ROLE_EDITOR);
return $this->render('admin/document/show.html.twig', [
'document' => $this->findDocument($id, $em),
]);
@@ -70,6 +75,8 @@ final class DocumentController extends AbstractController
ParameterBagInterface $params,
EntityManagerInterface $em,
): Response {
$this->denyAccessUnlessGranted(ApplicationRoles::ROLE_EDITOR);
if (!$request->isMethod('POST')) {
return $this->render('admin/document/new.html.twig');
}
@@ -150,6 +157,8 @@ final class DocumentController extends AbstractController
ParameterBagInterface $params,
FormatText $formatText,
): Response {
$this->denyAccessUnlessGranted(ApplicationRoles::ROLE_EDITOR);
$document = $this->findDocument($id, $em);
if (!$request->isMethod('POST')) {
@@ -202,6 +211,8 @@ final class DocumentController extends AbstractController
DocumentService $documentService,
IngestJobService $jobService,
): RedirectResponse {
$this->denyAccessUnlessGranted(ApplicationRoles::ROLE_EDITOR);
if (!$this->isCsrfTokenValid('activate_version_' . $versionId, (string) $request->request->get('_token'))) {
throw $this->createAccessDeniedException();
}
@@ -260,6 +271,8 @@ final class DocumentController extends AbstractController
EntityManagerInterface $em,
IngestJobService $jobService,
): RedirectResponse {
$this->denyAccessUnlessGranted(ApplicationRoles::ROLE_EDITOR);
if (!$this->isCsrfTokenValid('ingest_version_' . $versionId, (string) $request->request->get('_token'))) {
throw $this->createAccessDeniedException();
}
@@ -329,7 +342,7 @@ final class DocumentController extends AbstractController
ParameterBagInterface $params,
Connection $connection,
): RedirectResponse {
$this->denyAccessUnlessGranted('ROLE_SUPER_ADMIN');
$this->denyAccessUnlessGranted(ApplicationRoles::ROLE_SUPER_ADMIN);
if (!$this->isCsrfTokenValid('system_reset', (string) $request->request->get('_token'))) {
$this->addFlash('danger', 'Ungültiges CSRF-Token.');
@@ -400,7 +413,7 @@ SQL;
IngestJobService $jobService,
LockService $lockService,
): RedirectResponse {
$this->denyAccessUnlessGranted('ROLE_SUPER_ADMIN');
$this->denyAccessUnlessGranted(ApplicationRoles::ROLE_SUPER_ADMIN);
if (!$this->isCsrfTokenValid('delete_document_' . $id, (string) $request->request->get('_token'))) {
throw $this->createAccessDeniedException();

5
src/Controller/Admin/DocumentTagController.php
View File

@@ -5,6 +5,7 @@ declare(strict_types=1);
namespace App\Controller\Admin;
use App\Entity\TagRebuildJob;
use App\Security\ApplicationRoles;
use App\Service\Admin\DocumentTagAdminService;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\JsonResponse;
@@ -19,6 +20,8 @@ final class DocumentTagController extends AbstractController
#[Route('/{id}/tags', name: 'admin_document_tags_edit', methods: ['GET'])]
public function edit(string $id, DocumentTagAdminService $svc): Response
{
$this->denyAccessUnlessGranted(ApplicationRoles::ROLE_EDITOR);
$id = trim($id);
try {
@@ -38,6 +41,8 @@ final class DocumentTagController extends AbstractController
#[Route('/{id}/tags/save', name: 'admin_document_tags_save', methods: ['POST'])]
public function save(string $id, Request $request, DocumentTagAdminService $svc): RedirectResponse
{
$this->denyAccessUnlessGranted(ApplicationRoles::ROLE_EDITOR);
$id = trim($id);
if (!$this->isCsrfTokenValid('admin_document_tags_save_' . $id, (string) $request->request->get('_token'))) {

5
src/Controller/Admin/IngestJobController.php
View File

@@ -4,6 +4,7 @@ declare(strict_types=1);
namespace App\Controller\Admin;
use App\Security\ApplicationRoles;
use App\Entity\IngestJob;
use App\Service\IngestJobService;
use Doctrine\ORM\EntityManagerInterface;
@@ -50,7 +51,7 @@ final class IngestJobController extends AbstractController
)]
public function status(string $id, EntityManagerInterface $em): JsonResponse
{
$this->denyAccessUnlessGranted('ROLE_ADMIN_AREA');
$this->denyAccessUnlessGranted(ApplicationRoles::ROLE_ADMIN_AREA);
$job = $this->findJob($id, $em);
@@ -71,7 +72,7 @@ final class IngestJobController extends AbstractController
IngestJobService $jobService,
EntityManagerInterface $em,
): RedirectResponse {
$this->denyAccessUnlessGranted('ROLE_SUPER_ADMIN');
$this->denyAccessUnlessGranted(ApplicationRoles::ROLE_SUPER_ADMIN);
if (!$this->isCsrfTokenValid('global_reindex', (string) $request->request->get('_token'))) {
$this->addFlash('danger', 'Ungültiges CSRF-Token.');

24
src/Controller/Admin/IngestProfileController.php
View File

@@ -5,6 +5,7 @@ declare(strict_types=1);
namespace App\Controller\Admin;
use App\Entity\IngestProfile;
use App\Security\ApplicationRoles;
use App\Service\Admin\IngestProfileAdminService;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Request;
@@ -17,6 +18,8 @@ final class IngestProfileController extends AbstractController
#[Route('/', name: 'admin_ingest_profile_list')]
public function list(IngestProfileAdminService $svc): Response
{
$this->denyAccessUnlessGranted(ApplicationRoles::ROLE_KNOWLEDGE_ADMIN);
$data = $svc->listData();
return $this->render('admin/ingest_profile/list.html.twig', $data);
@@ -25,6 +28,8 @@ final class IngestProfileController extends AbstractController
#[Route('/create', name: 'admin_ingest_profile_create', methods: ['GET', 'POST'])]
public function create(Request $request, IngestProfileAdminService $svc): Response
{
$this->denyAccessUnlessGranted(ApplicationRoles::ROLE_SUPER_ADMIN);
if ($request->isMethod('POST')) {
try {
$svc->create([
@@ -49,8 +54,15 @@ final class IngestProfileController extends AbstractController
#[Route('/activate/{id}', name: 'admin_ingest_profile_activate', methods: ['POST'])]
public function activate(
IngestProfile $profile,
IngestProfileAdminService $svc
IngestProfileAdminService $svc,
Request $request
): Response {
$this->denyAccessUnlessGranted(ApplicationRoles::ROLE_SUPER_ADMIN);
if (!$this->isCsrfTokenValid('activate_ingest_profile_' . $profile->getId(), (string) $request->request->get('_token'))) {
throw $this->createAccessDeniedException();
}
try {
$svc->activate($profile);
$this->addFlash('success', 'Ingest-Profil wurde aktiviert.');
@@ -61,9 +73,15 @@ final class IngestProfileController extends AbstractController
return $this->redirectToRoute('admin_ingest_profile_list');
}
#[Route('/remove/{id}', name: 'admin_ingest_profile_remove', methods: ['POST', 'GET'])]
public function remove(string $id, IngestProfileAdminService $svc): Response
#[Route('/remove/{id}', name: 'admin_ingest_profile_remove', methods: ['POST'])]
public function remove(string $id, IngestProfileAdminService $svc, Request $request): Response
{
$this->denyAccessUnlessGranted(ApplicationRoles::ROLE_SUPER_ADMIN);
if (!$this->isCsrfTokenValid('delete_ingest_profile_' . $id, (string) $request->request->get('_token'))) {
throw $this->createAccessDeniedException();
}
try {
$svc->remove($id);
$this->addFlash('success', 'Ingest-Profil wurde entfernt.');

11
src/Controller/Admin/ModelGenerationConfigController.php
View File

@@ -4,6 +4,7 @@ declare(strict_types=1);
namespace App\Controller\Admin;
use App\Security\ApplicationRoles;
use App\Entity\ModelGenerationConfig;
use App\Service\Admin\ModelGenerationConfigAdminService;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
@@ -17,7 +18,7 @@ final class ModelGenerationConfigController extends AbstractController
#[Route('/', name: 'admin_model_config_list')]
public function list(ModelGenerationConfigAdminService $svc): Response
{
$this->denyAccessUnlessGranted('ROLE_KNOWLEDGE_ADMIN');
$this->denyAccessUnlessGranted(ApplicationRoles::ROLE_KNOWLEDGE_ADMIN);
return $this->render('admin/model_config/list.html.twig', [
'configs' => $svc->list(),
@@ -29,7 +30,7 @@ final class ModelGenerationConfigController extends AbstractController
Request $request,
ModelGenerationConfigAdminService $svc
): Response {
$this->denyAccessUnlessGranted('ROLE_SUPER_ADMIN');
$this->denyAccessUnlessGranted(ApplicationRoles::ROLE_SUPER_ADMIN);
if ($request->isMethod('POST')) {
try {
@@ -50,7 +51,7 @@ final class ModelGenerationConfigController extends AbstractController
ModelGenerationConfig $config,
ModelGenerationConfigAdminService $svc
): Response {
$this->denyAccessUnlessGranted('ROLE_SUPER_ADMIN');
$this->denyAccessUnlessGranted(ApplicationRoles::ROLE_SUPER_ADMIN);
$svc->activate($config);
@@ -63,7 +64,7 @@ final class ModelGenerationConfigController extends AbstractController
Request $request,
ModelGenerationConfigAdminService $svc
): Response {
$this->denyAccessUnlessGranted('ROLE_KNOWLEDGE_ADMIN');
$this->denyAccessUnlessGranted(ApplicationRoles::ROLE_KNOWLEDGE_ADMIN);
$prompt = '';
$results = [];
@@ -86,7 +87,7 @@ final class ModelGenerationConfigController extends AbstractController
Request $request,
ModelGenerationConfigAdminService $svc
): Response {
$this->denyAccessUnlessGranted('ROLE_SUPER_ADMIN');
$this->denyAccessUnlessGranted(ApplicationRoles::ROLE_SUPER_ADMIN);
if (!$this->isCsrfTokenValid(
'delete_model_config_'.$config->getId(),

3
src/Controller/Admin/SystemAgentController.php
View File

@@ -5,6 +5,7 @@ declare(strict_types=1);
namespace App\Controller\Admin;
use App\Security\ApplicationRoles;
use App\Service\Admin\IndexNdjsonInspector;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\Request;
@@ -12,7 +13,7 @@ use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Attribute\Route;
use Symfony\Component\Security\Http\Attribute\IsGranted;
#[IsGranted('ROLE_SUPER_ADMIN')]
#[IsGranted(ApplicationRoles::ROLE_SUPER_ADMIN)]
final class SystemAgentController extends AbstractController
{
#[Route('/admin/system/agent', name: 'admin_system_agent', methods: ['GET'])]

3
src/Controller/Admin/SystemPromptController.php
View File

@@ -4,6 +4,7 @@ declare(strict_types=1);
namespace App\Controller\Admin;
use App\Security\ApplicationRoles;
use App\Entity\SystemPrompt;
use App\Service\Admin\SystemPromptAdminService;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
@@ -12,7 +13,7 @@ use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Routing\Attribute\Route;
use Symfony\Component\Security\Http\Attribute\IsGranted;
#[IsGranted('ROLE_SUPER_ADMIN')]
#[IsGranted(ApplicationRoles::ROLE_SUPER_ADMIN)]
final class SystemPromptController extends AbstractController
{
#[Route('/admin/system/prompt', name: 'admin_system_prompt', methods: ['GET', 'POST'])]

9
src/Controller/Admin/TagController.php
View File

@@ -5,6 +5,7 @@ declare(strict_types=1);
namespace App\Controller\Admin;
use App\Entity\TagRebuildJob;
use App\Security\ApplicationRoles;
use App\Service\Admin\TagAdminService;
use App\Tag\TagTypes;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
@@ -19,6 +20,8 @@ final class TagController extends AbstractController
#[Route('', name: 'admin_tags_index', methods: ['GET'])]
public function index(TagAdminService $svc): Response
{
$this->denyAccessUnlessGranted(ApplicationRoles::ROLE_EDITOR);
return $this->render('admin/tag/index.html.twig', [
...$svc->getIndexData(),
...$this->buildJobStatusViewData(),
@@ -28,6 +31,8 @@ final class TagController extends AbstractController
#[Route('/create', name: 'admin_tags_create', methods: ['POST'])]
public function create(Request $request, TagAdminService $svc): RedirectResponse
{
$this->denyAccessUnlessGranted(ApplicationRoles::ROLE_EDITOR);
if (!$this->isCsrfTokenValid('admin_tag_create', (string) $request->request->get('_token'))) {
$this->addFlash('danger', 'Ungültiges CSRF-Token.');
@@ -53,6 +58,8 @@ final class TagController extends AbstractController
#[Route('/{id}/delete', name: 'admin_tags_delete', methods: ['POST'])]
public function delete(string $id, Request $request, TagAdminService $svc): RedirectResponse
{
$this->denyAccessUnlessGranted(ApplicationRoles::ROLE_EDITOR);
if (!$this->isCsrfTokenValid('admin_tag_delete_' . $id, (string) $request->request->get('_token'))) {
$this->addFlash('danger', 'Ungültiges CSRF-Token.');
@@ -72,6 +79,8 @@ final class TagController extends AbstractController
#[Route('/{id}/assign', name: 'admin_tags_assign', methods: ['GET', 'POST'])]
public function assign(string $id, Request $request, TagAdminService $svc): Response
{
$this->denyAccessUnlessGranted(ApplicationRoles::ROLE_EDITOR);
$id = trim($id);
if ($request->isMethod('POST')) {

9
src/Controller/Admin/UserController.php
View File

@@ -4,6 +4,7 @@ declare(strict_types=1);
namespace App\Controller\Admin;
use App\Security\ApplicationRoles;
use App\Entity\User;
use App\Service\Admin\UserAdminService;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
@@ -19,7 +20,7 @@ final class UserController extends AbstractController
#[Route('', name: 'admin_users_index', methods: ['GET'])]
public function index(Request $request, UserAdminService $users): Response
{
$this->denyAccessUnlessGranted('ROLE_SUPER_ADMIN');
$this->denyAccessUnlessGranted(ApplicationRoles::ROLE_SUPER_ADMIN);
$query = trim((string) $request->query->get('q', ''));
$status = (string) $request->query->get('status', 'all');
@@ -44,7 +45,7 @@ final class UserController extends AbstractController
#[Route('/create', name: 'admin_users_create', methods: ['GET', 'POST'])]
public function create(Request $request, UserAdminService $users): Response
{
$this->denyAccessUnlessGranted('ROLE_SUPER_ADMIN');
$this->denyAccessUnlessGranted(ApplicationRoles::ROLE_SUPER_ADMIN);
if (!$request->isMethod('POST')) {
return $this->render('admin/user/create.html.twig', [
@@ -80,7 +81,7 @@ final class UserController extends AbstractController
#[Route('/{id}/edit', name: 'admin_users_edit', requirements: ['id' => '[0-9a-fA-F\-]{36}'], methods: ['GET', 'POST'])]
public function edit(string $id, Request $request, UserAdminService $users): Response
{
$this->denyAccessUnlessGranted('ROLE_SUPER_ADMIN');
$this->denyAccessUnlessGranted(ApplicationRoles::ROLE_SUPER_ADMIN);
try {
$user = $users->requireUser($id);
@@ -127,7 +128,7 @@ final class UserController extends AbstractController
#[Route('/{id}/toggle-active', name: 'admin_users_toggle_active', requirements: ['id' => '[0-9a-fA-F\-]{36}'], methods: ['POST'])]
public function toggleActive(string $id, Request $request, UserAdminService $users): RedirectResponse
{
$this->denyAccessUnlessGranted('ROLE_SUPER_ADMIN');
$this->denyAccessUnlessGranted(ApplicationRoles::ROLE_SUPER_ADMIN);
if (!$this->isCsrfTokenValid('admin_user_toggle_active_' . $id, (string) $request->request->get('_token'))) {
$this->addFlash('danger', 'Ungültiges CSRF-Token.');