From cf8eb5940be1033c56af14c93f3b856362f5ccb0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Laurent=20L=C3=A9cluse?= <laurent.lecluse@unicaen.fr> Date: Wed, 8 Jan 2020 15:33:54 +0100 Subject: [PATCH] =?UTF-8?q?Finalisation=20de=20la=20possibilit=C3=A9=20de?= =?UTF-8?q?=20bloquer=20l'usage=20d'un=20ou=20plusieurs=20r=C3=B4les=20dep?= =?UTF-8?q?uis=20l'ext=C3=A9rieur=20de=20l'=C3=A9tablissement?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config/module.config.php | 2 +- data/schema_postgresql.sql | 2 +- src/UnicaenAuth/Form/Droits/RoleForm.php | 15 +++++++++++++++ src/UnicaenAuth/Provider/Identity/Db.php | 17 +++++++++++++++++ .../Provider/Identity/DbServiceFactory.php | 1 + view/unicaen-auth/droits/role-edition.phtml | 2 ++ view/unicaen-auth/droits/roles.phtml | 2 ++ 7 files changed, 39 insertions(+), 2 deletions(-) diff --git a/config/module.config.php b/config/module.config.php index 7012282..faea79f 100644 --- a/config/module.config.php +++ b/config/module.config.php @@ -494,7 +494,7 @@ return [ 'UnicaenApp\HistoriqueListener' => HistoriqueListenerFactory::class, 'UnicaenAuth\HistoriqueListener' => HistoriqueListenerFactory::class, - \UnicaenAuth\Event\EventManager::class => \UnicaenAuth\Event\EventManagerFactory::class, + \UnicaenAuth\Event\EventManager::class => \UnicaenAuth\Event\EventManagerFactory::class ], 'lazy_services' => [ // Mapping services to their class names is required since the ServiceManager is not a declarative DIC. diff --git a/data/schema_postgresql.sql b/data/schema_postgresql.sql index 8e88b34..ccef50c 100644 --- a/data/schema_postgresql.sql +++ b/data/schema_postgresql.sql @@ -18,7 +18,7 @@ CREATE TABLE user_role ( is_default SMALLINT NOT NULL DEFAULT 0, parent_id BIGINT DEFAULT NULL, ldap_filter varchar(255) DEFAULT NULL, - accessible_exterieur SMALLINT NOT NULL DEFAULT 1, + accessible_exterieur BOOLEAN NOT NULL DEFAULT true, FOREIGN KEY (parent_id) REFERENCES user_role (id) ON DELETE SET NULL ); CREATE UNIQUE INDEX user_role_roleid_unique ON user_role (role_id); diff --git a/src/UnicaenAuth/Form/Droits/RoleForm.php b/src/UnicaenAuth/Form/Droits/RoleForm.php index 5fa8880..8cf37e9 100644 --- a/src/UnicaenAuth/Form/Droits/RoleForm.php +++ b/src/UnicaenAuth/Form/Droits/RoleForm.php @@ -53,6 +53,16 @@ class RoleForm extends Form implements ServiceLocatorAwareInterface, InputFilter ], ]); + $this->add([ + 'type' => 'Checkbox', + 'name' => 'accessible-exterieur', + 'options' => [ + 'label' => 'Accessible de l\'extérieur', + 'checked_value' => '1', + 'unchecked_value' => '0', + ], + ]); + $this->add([ 'name' => 'id', 'type' => 'Hidden', @@ -88,6 +98,9 @@ class RoleForm extends Form implements ServiceLocatorAwareInterface, InputFilter 'parent' => [ 'required' => false, ], + 'accessible-exterieur' => [ + 'required' => true, + ], ]; } } @@ -117,6 +130,7 @@ class RoleFormHydrator implements HydratorInterface $object->setRoleId($data['role-id']); $object->setLdapFilter($data['ldap-filter'] ?: null); $object->setParent($this->getServiceRole()->get($data['parent'])); + $object->setAccessibleExterieur($data['accessible-exterieur'] == '1'); return $object; } @@ -135,6 +149,7 @@ class RoleFormHydrator implements HydratorInterface 'role-id' => $object->getRoleId(), 'ldap-filter' => $object->getLdapFilter(), 'parent' => $object->getParent() ? $object->getParent()->getId() : null, + 'accessible-exterieur' => $object->getAccessibleExterieur() ? '1' : '0', ]; return $data; diff --git a/src/UnicaenAuth/Provider/Identity/Db.php b/src/UnicaenAuth/Provider/Identity/Db.php index cb92485..bd7e7d5 100644 --- a/src/UnicaenAuth/Provider/Identity/Db.php +++ b/src/UnicaenAuth/Provider/Identity/Db.php @@ -4,6 +4,7 @@ namespace UnicaenAuth\Provider\Identity; use BjyAuthorize\Provider\Identity\AuthenticationIdentityProvider; use BjyAuthorize\Provider\Role\ProviderInterface; use UnicaenApp\Entity\Ldap\People; +use UnicaenApp\HostLocalization\HostLocalizationAwareTrait; use UnicaenAuth\Entity\Db\AbstractRole; use UnicaenAuth\Service\Traits\RoleServiceAwareTrait; use Zend\Ldap\Ldap; @@ -23,12 +24,19 @@ use Traversable; class Db extends AuthenticationIdentityProvider implements ChainableProvider, \BjyAuthorize\Provider\Identity\ProviderInterface { use RoleServiceAwareTrait; + use HostLocalizationAwareTrait; + /** * @var Ldap */ private $ldap; + /** + * @var + */ + private $detectionContexteExecution; + /** @@ -84,6 +92,15 @@ class Db extends AuthenticationIdentityProvider implements ChainableProvider, \B } } + $inEtablissement = $this->getHostLocalization()->inEtablissement(); + if (!$inEtablissement) { // Si on n'est pas dans l'établissement, alors on filtre les rôles disponibles + foreach ($roles as $i => $role) { + if ($role instanceof AbstractRole) { + if (!$role->getAccessibleExterieur()) unset($roles[$i]); + } + } + } + return $roles; } diff --git a/src/UnicaenAuth/Provider/Identity/DbServiceFactory.php b/src/UnicaenAuth/Provider/Identity/DbServiceFactory.php index 4ce3d5c..332ab57 100644 --- a/src/UnicaenAuth/Provider/Identity/DbServiceFactory.php +++ b/src/UnicaenAuth/Provider/Identity/DbServiceFactory.php @@ -27,6 +27,7 @@ class DbServiceFactory implements FactoryInterface { $user = $container->get('zfcuser_user_service'); $identityProvider = new Db($user->getAuthService()); + $identityProvider->setHostLocalization($container->get('HostLocalization')); $unicaenAppOptions = $container->get('unicaen-app_module_options'); /* @var $unicaenAppOptions ModuleOptions */ diff --git a/view/unicaen-auth/droits/role-edition.phtml b/view/unicaen-auth/droits/role-edition.phtml index e7699d4..04965b3 100644 --- a/view/unicaen-auth/droits/role-edition.phtml +++ b/view/unicaen-auth/droits/role-edition.phtml @@ -13,7 +13,9 @@ if ($errors) { echo $this->formControlGroup($form->get('role-id')); echo $this->formControlGroup($form->get('parent')); echo $this->formControlGroup($form->get('ldap-filter')); +echo $this->formControlGroup($form->get('accessible-exterieur')); echo $this->formRow($form->get('submit')); + echo $this->formHidden($form->get('id')); echo $this->form()->closeTag(); \ No newline at end of file diff --git a/view/unicaen-auth/droits/roles.phtml b/view/unicaen-auth/droits/roles.phtml index ed85487..e511f9d 100644 --- a/view/unicaen-auth/droits/roles.phtml +++ b/view/unicaen-auth/droits/roles.phtml @@ -14,6 +14,7 @@ $ajoutUrl = $this->url( 'droits/roles/edition' ); <th>Nom</th> <th>Parent</th> <th>Filtre LDAP</th> + <th>Accessible de l'extérieur</th> <?php if ($canEdit): ?><th>Action</th><?php endif; ?> </tr> <?php foreach( $roles as $role ): @@ -24,6 +25,7 @@ $ajoutUrl = $this->url( 'droits/roles/edition' ); <td><?php echo $role->getRoleId(); ?></td> <td><?php echo $role->getParent(); ?></td> <td><?php echo $role->getLdapFilter(); ?></td> + <td><?php echo $role->getAccessibleExterieur() ? 'Oui' : 'Non'; ?></td> <?php if ($canEdit): ?> <td style="width:1%;white-space: nowrap;text-align: center"> <a href="<?php echo $editionUrl; ?>" class="ajax-modal" data-event="role-edition"><span class="glyphicon glyphicon-edit"></span></a> -- GitLab