Skip to content

GitLab

Commit 87b6f3a7 authored by Laurent Lécluse's avatar Laurent Lécluse
Browse files

Ajout du champ permettant de gérer les filtres LDAP au modèle et à l'entité Role 

Refactoring
parent 29acec33
Hide whitespace changes
Inline Side-by-side
Module.php
View file @ 87b6f3a7
......@@ -5,14 +5,13 @@ namespace UnicaenAuth;
use Zend\ModuleManager\Feature\AutoloaderProviderInterface;
use Zend\ModuleManager\Feature\ConfigProviderInterface;
use Zend\ModuleManager\Feature\ServiceProviderInterface;
use Zend\ModuleManager\Feature\ViewHelperProviderInterface;
/**
* Point d'entrée du module d'authentification Unicaen.
*
* @author Bertrand GAUTHIER <bertrand.gauthier@unicaen.fr>
*/
class Module implements ConfigProviderInterface, ViewHelperProviderInterface, ServiceProviderInterface
class Module implements ConfigProviderInterface, ServiceProviderInterface
{
/**
*
......@@ -113,29 +112,6 @@ class Module implements ConfigProviderInterface, ViewHelperProviderInterface, Se
}
}
/**
*
* @return array
* @see ViewHelperProviderInterface
*/
public function getViewHelperConfig()
{
return [
'factories' => [
'userConnection' => 'UnicaenAuth\View\Helper\UserConnectionFactory',
'userCurrent' => 'UnicaenAuth\View\Helper\UserCurrentFactory',
'userStatus' => 'UnicaenAuth\View\Helper\UserStatusFactory',
'userProfile' => 'UnicaenAuth\View\Helper\UserProfileFactory',
'userInfo' => 'UnicaenAuth\View\Helper\UserInfoFactory',
'userProfileSelect' => 'UnicaenAuth\View\Helper\UserProfileSelectFactory',
'userProfileSelectRadioItem' => 'UnicaenAuth\View\Helper\UserProfileSelectRadioItemFactory',
],
'invokables' => [
'appConnection' => 'UnicaenAuth\View\Helper\AppConnection',
],
];
}
/**
*
* @return array
......
config/module.config.php
View file @ 87b6f3a7
......@@ -16,7 +16,7 @@ $zfcuserSettings = [
* Allows users to register through the website.
* Accepted values: boolean true or false
*/
'enable_registration' => true,
'enable_registration' => true,
/**
* Modes for authentication identity match
* Specify the allowable identity modes, in the order they should be
......@@ -24,42 +24,42 @@ $zfcuserSettings = [
* Default value: array containing 'email'
* Accepted values: array containing one or more of: email, username
*/
'auth_identity_fields' => ['username', 'email'],
'auth_identity_fields' => ['username', 'email'],
/**
* Login Redirect Route
* Upon successful login the user will be redirected to the entered route
* Default value: 'zfcuser'
* Accepted values: A valid route name within your application
*/
'login_redirect_route' => 'home',
'login_redirect_route' => 'home',
/**
* Logout Redirect Route
* Upon logging out the user will be redirected to the enterd route
* Default value: 'zfcuser/login'
* Accepted values: A valid route name within your application
*/
'logout_redirect_route' => 'home',
'logout_redirect_route' => 'home',
/**
* Enable Username
* Enables username field on the registration form, and allows users to log
* in using their username OR email address. Default is false.
* Accepted values: boolean true or false
*/
'enable_username' => false,
'enable_username' => false,
/**
* Enable Display Name
* Enables a display name field on the registration form, which is persisted
* in the database. Default value is false.
* Accepted values: boolean true or false
*/
'enable_display_name' => true,
'enable_display_name' => true,
/**
* Authentication Adapters
* Specify the adapters that will be used to try and authenticate the user
* Default value: array containing 'ZfcUser\Authentication\Adapter\Db' with priority 100
* Accepted values: array containing services that implement 'ZfcUser\Authentication\Adapter\ChainableAdapter'
*/
'auth_adapters' => [
'auth_adapters' => [
300 => 'UnicaenAuth\Authentication\Adapter\Ldap', // notifié en 1er
200 => 'UnicaenAuth\Authentication\Adapter\Db', // ensuite (si échec d'authentification Ldap)
100 => 'UnicaenAuth\Authentication\Adapter\Cas', // ensuite (si échec d'authentification Db)
......@@ -78,22 +78,22 @@ $bjyauthorize = [
*
* for ZfcUser, this will be your default identity provider
*/
'identity_provider' => 'UnicaenAuth\Provider\Identity\Chain',
'identity_provider' => 'UnicaenAuth\Provider\Identity\Chain',
/* role providers simply provide a list of roles that should be inserted
* into the Zend\Acl instance. the module comes with two providers, one
* to specify roles in a config file and one to load roles using a
* Zend\Db adapter.
*/
'role_providers' => [
'role_providers' => [
/**
* 2 rôles doivent systématiquement exister dans les ACL :
* - le rôle par défaut 'guest', c'est le rôle de tout utilisateur non authentifié.
* - le rôle 'user', c'est le rôle de tout utilisateur authentifié.
*/
'UnicaenAuth\Provider\Role\Config' => [
'UnicaenAuth\Provider\Role\Config' => [
'guest' => ['name' => "Non authentifié(e)", 'selectable' => false, 'children' => [
'user' => ['name' => "Authentifié(e)", 'selectable' => false]
'user' => ['name' => "Authentifié(e)", 'selectable' => false],
]],
],
/**
......@@ -101,7 +101,7 @@ $bjyauthorize = [
* NB: si le rôle par défaut 'guest' est fourni ici, il ne sera pas ajouté en double dans les ACL.
* NB: si la connexion à la base échoue, ce n'est pas bloquant!
*/
'UnicaenAuth\Provider\Role\DbRole' => [
'UnicaenAuth\Provider\Role\DbRole' => [
'object_manager' => 'doctrine.entitymanager.orm_default',
'role_entity_class' => 'UnicaenAuth\Entity\Db\Role',
],
......@@ -114,106 +114,106 @@ $bjyauthorize = [
],
// strategy service name for the strategy listener to be used when permission-related errors are detected
// 'unauthorized_strategy' => 'BjyAuthorize\View\RedirectionStrategy',
// 'unauthorized_strategy' => 'BjyAuthorize\View\RedirectionStrategy',
'unauthorized_strategy' => 'UnicaenAuth\View\RedirectionStrategy',
/* Currently, only controller and route guards exist
*/
'guards' => [
'guards' => [
/* If this guard is specified here (i.e. it is enabled), it will block
* access to all controllers and actions unless they are specified here.
* You may omit the 'action' index to allow access to the entire controller
*/
'BjyAuthorize\Guard\Controller' => [
['controller' => 'index', 'action' => 'index', 'roles' => []],
['controller' => 'zfcuser', 'roles' => []],
['controller' => 'index', 'action' => 'index', 'roles' => []],
['controller' => 'zfcuser', 'roles' => []],
['controller' => 'Application\Controller\Index', 'roles' => []],
['controller' => 'UnicaenApp\Controller\Application', 'action' => 'etab', 'roles' => []],
['controller' => 'UnicaenApp\Controller\Application', 'action' => 'apropos', 'roles' => []],
['controller' => 'UnicaenApp\Controller\Application', 'action' => 'contact', 'roles' => []],
['controller' => 'UnicaenApp\Controller\Application', 'action' => 'plan', 'roles' => []],
['controller' => 'UnicaenApp\Controller\Application', 'action' => 'mentions-legales', 'roles' => []],
['controller' => 'UnicaenApp\Controller\Application', 'action' => 'informatique-et-libertes', 'roles' => []],
['controller' => 'UnicaenApp\Controller\Application', 'action' => 'refresh-session', 'roles' => []],
['controller' => 'UnicaenAuth\Controller\Utilisateur', 'action' => 'selectionner-profil', 'roles' => []],
['controller' => 'UnicaenApp\Controller\Application', 'action' => 'etab', 'roles' => []],
['controller' => 'UnicaenApp\Controller\Application', 'action' => 'apropos', 'roles' => []],
['controller' => 'UnicaenApp\Controller\Application', 'action' => 'contact', 'roles' => []],
['controller' => 'UnicaenApp\Controller\Application', 'action' => 'plan', 'roles' => []],
['controller' => 'UnicaenApp\Controller\Application', 'action' => 'mentions-legales', 'roles' => []],
['controller' => 'UnicaenApp\Controller\Application', 'action' => 'informatique-et-libertes', 'roles' => []],
['controller' => 'UnicaenApp\Controller\Application', 'action' => 'refresh-session', 'roles' => []],
['controller' => 'UnicaenAuth\Controller\Utilisateur', 'action' => 'selectionner-profil', 'roles' => []],
],
],
];
return [
'zfcuser' => $zfcuserSettings,
'bjyauthorize' => $bjyauthorize,
'unicaen-auth' => $settings,
'doctrine' => [
'zfcuser' => $zfcuserSettings,
'bjyauthorize' => $bjyauthorize,
'unicaen-auth' => $settings,
'doctrine' => [
'driver' => [
// overriding zfc-user-doctrine-orm's config
'zfcuser_entity' => [
'zfcuser_entity' => [
'class' => 'Doctrine\ORM\Mapping\Driver\AnnotationDriver',
'paths' => [
__DIR__ . '/../src/UnicaenAuth/Entity/Db'
]
__DIR__ . '/../src/UnicaenAuth/Entity/Db',
],
],
'orm_auth_driver' => [
'class' => 'Doctrine\ORM\Mapping\Driver\AnnotationDriver',
'cache' => 'array',
'paths' => [
__DIR__ . '/../src/UnicaenAuth/Entity/Db'
]
__DIR__ . '/../src/UnicaenAuth/Entity/Db',
],
],
'orm_default' => [
'orm_default' => [
'class' => 'Doctrine\ORM\Mapping\Driver\DriverChain',
'drivers' => [
'UnicaenAuth\Entity\Db' => 'zfcuser_entity',
'UnicaenAuth\Entity\Db' => 'orm_auth_driver'
]
'UnicaenAuth\Entity\Db' => 'orm_auth_driver',
],
],
],
],
'service_manager' => [
'aliases' => [
'aliases' => [
'Zend\Authentication\AuthenticationService' => 'zfcuser_auth_service',
],
'invokables' => [
'invokables' => [
'unicaen-auth_user_service' => 'UnicaenAuth\Service\User',
'UnicaenAuth\Authentication\Storage\Db' => 'UnicaenAuth\Authentication\Storage\Db',
'UnicaenAuth\Authentication\Storage\Ldap' => 'UnicaenAuth\Authentication\Storage\Ldap',
'UnicaenAuth\View\RedirectionStrategy' => 'UnicaenAuth\View\RedirectionStrategy',
'authUserContext' => 'UnicaenAuth\Service\UserContext'
'authUserContext' => 'UnicaenAuth\Service\UserContext',
],
'abstract_factories' => [
'UnicaenAuth\Authentication\Adapter\AbstractFactory',
],
'factories' => [
'factories' => [
'unicaen-auth_module_options' => 'UnicaenAuth\Options\ModuleOptionsFactory',
'zfcuser_auth_service' => 'UnicaenAuth\Authentication\AuthenticationServiceFactory',
'UnicaenAuth\Authentication\Storage\Chain' => 'UnicaenAuth\Authentication\Storage\ChainServiceFactory',
'UnicaenAuth\Provider\Identity\Chain' => 'UnicaenAuth\Provider\Identity\ChainServiceFactory',
'UnicaenAuth\Provider\Identity\Ldap' => 'UnicaenAuth\Provider\Identity\LdapServiceFactory',
'UnicaenAuth\Provider\Identity\Db' => 'UnicaenAuth\Provider\Identity\DbServiceFactory',
'UnicaenAuth\Provider\Identity\Basic' => 'UnicaenAuth\Provider\Identity\BasicServiceFactory',
'UnicaenAuth\Provider\Identity\Basic' => 'UnicaenAuth\Provider\Identity\BasicServiceFactory',
'UnicaenAuth\Provider\Role\Config' => 'UnicaenAuth\Provider\Role\ConfigServiceFactory',
'UnicaenAuth\Provider\Role\DbRole' => 'UnicaenAuth\Provider\Role\DbRoleServiceFactory',
'UnicaenAuth\Provider\Role\Username' => 'UnicaenAuth\Provider\Role\UsernameServiceFactory',
],
'initializers' => [
'initializers' => [
'UnicaenAuth\Service\UserAwareInitializer',
],
],
'controllers' => [
'controllers' => [
'invokables' => [
'UnicaenAuth\Controller\Utilisateur' => 'UnicaenAuth\Controller\UtilisateurController',
],
],
'view_manager' => [
'template_map' => [
'view_manager' => [
'template_map' => [
'error/403' => __DIR__ . '/../view/error/403.phtml',
],
'template_path_stack' => [
'unicaen-auth' => __DIR__ . '/../view',
],
],
'translator' => [
'translator' => [
'translation_file_patterns' => [
[
'type' => 'gettext',
......@@ -222,34 +222,34 @@ return [
],
],
],
'router' => [
'router' => [
'routes' => [
'zfcuser' => [
'type' => 'Literal',
'priority' => 1000,
'options' => [
'route' => '/auth',
'zfcuser' => [
'type' => 'Literal',
'priority' => 1000,
'options' => [
'route' => '/auth',
'defaults' => [
'controller' => 'zfcuser',
'action' => 'index',
],
],
'may_terminate' => true,
'child_routes' => [
'login' => [
'type' => 'Literal',
'child_routes' => [
'login' => [
'type' => 'Literal',
'options' => [
'route' => '/connexion',
'route' => '/connexion',
'defaults' => [
'controller' => 'zfcuser',
'action' => 'login',
],
],
],
'logout' => [
'type' => 'Literal',
'logout' => [
'type' => 'Literal',
'options' => [
'route' => '/deconnexion',
'route' => '/deconnexion',
'defaults' => [
'controller' => 'zfcuser',
'action' => 'logout',
......@@ -257,9 +257,9 @@ return [
],
],
'register' => [
'type' => 'Literal',
'type' => 'Literal',
'options' => [
'route' => '/creation-compte',
'route' => '/creation-compte',
'defaults' => [
'controller' => 'zfcuser',
'action' => 'register',
......@@ -269,8 +269,8 @@ return [
],
],
'utilisateur' => [
'type' => 'Literal',
'options' => [
'type' => 'Literal',
'options' => [
'route' => '/utilisateur',
'defaults' => [
'__NAMESPACE__' => 'UnicaenAuth\Controller',
......@@ -279,16 +279,16 @@ return [
],
],
'may_terminate' => true,
'child_routes' => [
'child_routes' => [
'default' => [
'type' => 'Segment',
'options' => [
'route' => '/:action[/:id]',
'route' => '/:action[/:id]',
'constraints' => [
'action' => '[a-zA-Z][a-zA-Z0-9_-]*',
'id' => '[0-9]*',
],
'defaults' => [
'defaults' => [
'action' => 'index',
],
],
......@@ -298,16 +298,16 @@ return [
],
],
// All navigation-related configuration is collected in the 'navigation' key
'navigation' => [
'navigation' => [
// The DefaultNavigationFactory we configured uses 'default' as the sitemap key
'default' => [
// And finally, here is where we define our page hierarchy
'home' => [
'pages' => [
'login' => [
'label' => _("Connexion"),
'route' => 'zfcuser/login',
'visible' => false,
'login' => [
'label' => _("Connexion"),
'route' => 'zfcuser/login',
'visible' => false,
],
'register' => [
'label' => _("Enregistrement"),
......@@ -318,4 +318,19 @@ return [
],
],
],
'view_helpers' => [
'factories' => [
'userConnection' => 'UnicaenAuth\View\Helper\UserConnectionFactory',
'userCurrent' => 'UnicaenAuth\View\Helper\UserCurrentFactory',
'userStatus' => 'UnicaenAuth\View\Helper\UserStatusFactory',
'userProfile' => 'UnicaenAuth\View\Helper\UserProfileFactory',
'userInfo' => 'UnicaenAuth\View\Helper\UserInfoFactory',
'userProfileSelect' => 'UnicaenAuth\View\Helper\UserProfileSelectFactory',
'userProfileSelectRadioItem' => 'UnicaenAuth\View\Helper\UserProfileSelectRadioItemFactory',
],
'invokables' => [
'appConnection' => 'UnicaenAuth\View\Helper\AppConnection',
],
],
];
\ No newline at end of file
data/schema_mysql.sql
View file @ 87b6f3a7
......@@ -14,6 +14,7 @@ CREATE TABLE IF NOT EXISTS `user_role` (
`role_id` VARCHAR(64) NOT NULL,
`is_default` TINYINT(1) NOT NULL DEFAULT 0,
`parent_id` INT(11) NULL DEFAULT NULL,
`ldap_filter` varchar(255) CHARACTER SET utf8 DEFAULT NULL,
PRIMARY KEY (`id`),
UNIQUE INDEX `unique_role` (`role_id` ASC),
INDEX `idx_parent_id` (`parent_id` ASC),
......
src/UnicaenAuth/Entity/Db/Role.php
View file @ 87b6f3a7
......@@ -2,7 +2,7 @@
/**
* BjyAuthorize Module (https://github.com/bjyoungblood/BjyAuthorize)
*
* @link https://github.com/bjyoungblood/BjyAuthorize for the canonical source repository
* @link https://github.com/bjyoungblood/BjyAuthorize for the canonical source repository
* @license http://framework.zend.com/license/new-bsd New BSD License
*/
......@@ -45,6 +45,12 @@ class Role implements HierarchicalRoleInterface
*/
protected $parent;
/**
* @var string
* @ORM\Column(name="ldap_filter", type="string", length=255, unique=true, nullable=true)
*/
protected $ldapFilter;
/**
* @var \Doctrine\Common\Collections\Collection
* @ORM\ManyToMany(targetEntity="UnicaenAuth\Entity\Db\User")
......@@ -55,6 +61,8 @@ class Role implements HierarchicalRoleInterface
*/
protected $users;
/**
* Get the id.
*
......@@ -65,6 +73,8 @@ class Role implements HierarchicalRoleInterface
return $this->id;
}
/**
* Set the id.
*
......@@ -75,9 +85,12 @@ class Role implements HierarchicalRoleInterface
public function setId($id)
{
$this->id = (int)$id;
return $this;
}
/**
* Get the role id.
*
......@@ -88,6 +101,8 @@ class Role implements HierarchicalRoleInterface
return $this->roleId;
}
/**
* Set the role id.
*
......@@ -97,10 +112,13 @@ class Role implements HierarchicalRoleInterface
*/
public function setRoleId($roleId)
{
$this->roleId = (string) $roleId;
$this->roleId = (string)$roleId;
return $this;
}
/**
* Is this role the default one ?
*
......@@ -111,6 +129,8 @@ class Role implements HierarchicalRoleInterface
return $this->isDefault;
}
/**
* Set this role as the default one.
*
......@@ -120,10 +140,13 @@ class Role implements HierarchicalRoleInterface
*/
public function setIsDefault($isDefault)
{
$this->isDefault = (boolean) $isDefault;
$this->isDefault = (boolean)$isDefault;
return $this;
}
/**
* Get the parent role
*
......@@ -134,6 +157,8 @@ class Role implements HierarchicalRoleInterface
return $this->parent;
}
/**
* Set the parent role.
*
......@@ -144,9 +169,36 @@ class Role implements HierarchicalRoleInterface
public function setParent(Role $parent)
{
$this->parent = $parent;
return $this;
}
/**
* @return string
*/
public function getLdapFilter()
{
return $this->ldapFilter;
}
/**
* @param string $ldapFilter
*
* @return Role
*/
public function setLdapFilter($ldapFilter)
{
$this->ldapFilter = $ldapFilter;
return $this;
}
/**
* Get users.
*
......@@ -157,6 +209,8 @@ class Role implements HierarchicalRoleInterface
return $this->users->getValues();
}
/**
* Add a user to the role.
*
......@@ -168,9 +222,11 @@ class Role implements HierarchicalRoleInterface
{
$this->users[] = $user;
}
/**
*
*
* @return string
*/
public function __toString()
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment