Commit cf8eb594 authored by Laurent Lécluse's avatar Laurent Lécluse

Finalisation de la possibilité de bloquer l'usage d'un ou plusieurs rôles...

Finalisation de la possibilité de bloquer l'usage d'un ou plusieurs rôles depuis l'extérieur de l'établissement
parent 532506f4
Pipeline #7918 failed with stage
in 4 seconds
......@@ -494,7 +494,7 @@ return [
'UnicaenApp\HistoriqueListener' => HistoriqueListenerFactory::class,
'UnicaenAuth\HistoriqueListener' => HistoriqueListenerFactory::class,
\UnicaenAuth\Event\EventManager::class => \UnicaenAuth\Event\EventManagerFactory::class,
\UnicaenAuth\Event\EventManager::class => \UnicaenAuth\Event\EventManagerFactory::class
],
'lazy_services' => [
// Mapping services to their class names is required since the ServiceManager is not a declarative DIC.
......
......@@ -18,7 +18,7 @@ CREATE TABLE user_role (
is_default SMALLINT NOT NULL DEFAULT 0,
parent_id BIGINT DEFAULT NULL,
ldap_filter varchar(255) DEFAULT NULL,
accessible_exterieur SMALLINT NOT NULL DEFAULT 1,
accessible_exterieur BOOLEAN NOT NULL DEFAULT true,
FOREIGN KEY (parent_id) REFERENCES user_role (id) ON DELETE SET NULL
);
CREATE UNIQUE INDEX user_role_roleid_unique ON user_role (role_id);
......
......@@ -53,6 +53,16 @@ class RoleForm extends Form implements ServiceLocatorAwareInterface, InputFilter
],
]);
$this->add([
'type' => 'Checkbox',
'name' => 'accessible-exterieur',
'options' => [
'label' => 'Accessible de l\'extérieur',
'checked_value' => '1',
'unchecked_value' => '0',
],
]);
$this->add([
'name' => 'id',
'type' => 'Hidden',
......@@ -88,6 +98,9 @@ class RoleForm extends Form implements ServiceLocatorAwareInterface, InputFilter
'parent' => [
'required' => false,
],
'accessible-exterieur' => [
'required' => true,
],
];
}
}
......@@ -117,6 +130,7 @@ class RoleFormHydrator implements HydratorInterface
$object->setRoleId($data['role-id']);
$object->setLdapFilter($data['ldap-filter'] ?: null);
$object->setParent($this->getServiceRole()->get($data['parent']));
$object->setAccessibleExterieur($data['accessible-exterieur'] == '1');
return $object;
}
......@@ -135,6 +149,7 @@ class RoleFormHydrator implements HydratorInterface
'role-id' => $object->getRoleId(),
'ldap-filter' => $object->getLdapFilter(),
'parent' => $object->getParent() ? $object->getParent()->getId() : null,
'accessible-exterieur' => $object->getAccessibleExterieur() ? '1' : '0',
];
return $data;
......
......@@ -4,6 +4,7 @@ namespace UnicaenAuth\Provider\Identity;
use BjyAuthorize\Provider\Identity\AuthenticationIdentityProvider;
use BjyAuthorize\Provider\Role\ProviderInterface;
use UnicaenApp\Entity\Ldap\People;
use UnicaenApp\HostLocalization\HostLocalizationAwareTrait;
use UnicaenAuth\Entity\Db\AbstractRole;
use UnicaenAuth\Service\Traits\RoleServiceAwareTrait;
use Zend\Ldap\Ldap;
......@@ -23,12 +24,19 @@ use Traversable;
class Db extends AuthenticationIdentityProvider implements ChainableProvider, \BjyAuthorize\Provider\Identity\ProviderInterface
{
use RoleServiceAwareTrait;
use HostLocalizationAwareTrait;
/**
* @var Ldap
*/
private $ldap;
/**
* @var
*/
private $detectionContexteExecution;
/**
......@@ -84,6 +92,15 @@ class Db extends AuthenticationIdentityProvider implements ChainableProvider, \B
}
}
$inEtablissement = $this->getHostLocalization()->inEtablissement();
if (!$inEtablissement) { // Si on n'est pas dans l'établissement, alors on filtre les rôles disponibles
foreach ($roles as $i => $role) {
if ($role instanceof AbstractRole) {
if (!$role->getAccessibleExterieur()) unset($roles[$i]);
}
}
}
return $roles;
}
......
......@@ -27,6 +27,7 @@ class DbServiceFactory implements FactoryInterface
{
$user = $container->get('zfcuser_user_service');
$identityProvider = new Db($user->getAuthService());
$identityProvider->setHostLocalization($container->get('HostLocalization'));
$unicaenAppOptions = $container->get('unicaen-app_module_options');
/* @var $unicaenAppOptions ModuleOptions */
......
......@@ -13,7 +13,9 @@ if ($errors) {
echo $this->formControlGroup($form->get('role-id'));
echo $this->formControlGroup($form->get('parent'));
echo $this->formControlGroup($form->get('ldap-filter'));
echo $this->formControlGroup($form->get('accessible-exterieur'));
echo $this->formRow($form->get('submit'));
echo $this->formHidden($form->get('id'));
echo $this->form()->closeTag();
\ No newline at end of file
......@@ -14,6 +14,7 @@ $ajoutUrl = $this->url( 'droits/roles/edition' );
<th>Nom</th>
<th>Parent</th>
<th>Filtre LDAP</th>
<th>Accessible de l'extérieur</th>
<?php if ($canEdit): ?><th>Action</th><?php endif; ?>
</tr>
<?php foreach( $roles as $role ):
......@@ -24,6 +25,7 @@ $ajoutUrl = $this->url( 'droits/roles/edition' );
<td><?php echo $role->getRoleId(); ?></td>
<td><?php echo $role->getParent(); ?></td>
<td><?php echo $role->getLdapFilter(); ?></td>
<td><?php echo $role->getAccessibleExterieur() ? 'Oui' : 'Non'; ?></td>
<?php if ($canEdit): ?>
<td style="width:1%;white-space: nowrap;text-align: center">
<a href="<?php echo $editionUrl; ?>" class="ajax-modal" data-event="role-edition"><span class="glyphicon glyphicon-edit"></span></a>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment