From cf8eb5940be1033c56af14c93f3b856362f5ccb0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Laurent=20L=C3=A9cluse?= <laurent.lecluse@unicaen.fr>
Date: Wed, 8 Jan 2020 15:33:54 +0100
Subject: [PATCH] =?UTF-8?q?Finalisation=20de=20la=20possibilit=C3=A9=20de?=
=?UTF-8?q?=20bloquer=20l'usage=20d'un=20ou=20plusieurs=20r=C3=B4les=20dep?=
=?UTF-8?q?uis=20l'ext=C3=A9rieur=20de=20l'=C3=A9tablissement?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
config/module.config.php | 2 +-
data/schema_postgresql.sql | 2 +-
src/UnicaenAuth/Form/Droits/RoleForm.php | 15 +++++++++++++++
src/UnicaenAuth/Provider/Identity/Db.php | 17 +++++++++++++++++
.../Provider/Identity/DbServiceFactory.php | 1 +
view/unicaen-auth/droits/role-edition.phtml | 2 ++
view/unicaen-auth/droits/roles.phtml | 2 ++
7 files changed, 39 insertions(+), 2 deletions(-)
diff --git a/config/module.config.php b/config/module.config.php
index 7012282..faea79f 100644
--- a/config/module.config.php
+++ b/config/module.config.php
@@ -494,7 +494,7 @@ return [
'UnicaenApp\HistoriqueListener' => HistoriqueListenerFactory::class,
'UnicaenAuth\HistoriqueListener' => HistoriqueListenerFactory::class,
- \UnicaenAuth\Event\EventManager::class => \UnicaenAuth\Event\EventManagerFactory::class,
+ \UnicaenAuth\Event\EventManager::class => \UnicaenAuth\Event\EventManagerFactory::class
],
'lazy_services' => [
// Mapping services to their class names is required since the ServiceManager is not a declarative DIC.
diff --git a/data/schema_postgresql.sql b/data/schema_postgresql.sql
index 8e88b34..ccef50c 100644
--- a/data/schema_postgresql.sql
+++ b/data/schema_postgresql.sql
@@ -18,7 +18,7 @@ CREATE TABLE user_role (
is_default SMALLINT NOT NULL DEFAULT 0,
parent_id BIGINT DEFAULT NULL,
ldap_filter varchar(255) DEFAULT NULL,
- accessible_exterieur SMALLINT NOT NULL DEFAULT 1,
+ accessible_exterieur BOOLEAN NOT NULL DEFAULT true,
FOREIGN KEY (parent_id) REFERENCES user_role (id) ON DELETE SET NULL
);
CREATE UNIQUE INDEX user_role_roleid_unique ON user_role (role_id);
diff --git a/src/UnicaenAuth/Form/Droits/RoleForm.php b/src/UnicaenAuth/Form/Droits/RoleForm.php
index 5fa8880..8cf37e9 100644
--- a/src/UnicaenAuth/Form/Droits/RoleForm.php
+++ b/src/UnicaenAuth/Form/Droits/RoleForm.php
@@ -53,6 +53,16 @@ class RoleForm extends Form implements ServiceLocatorAwareInterface, InputFilter
],
]);
+ $this->add([
+ 'type' => 'Checkbox',
+ 'name' => 'accessible-exterieur',
+ 'options' => [
+ 'label' => 'Accessible de l\'extérieur',
+ 'checked_value' => '1',
+ 'unchecked_value' => '0',
+ ],
+ ]);
+
$this->add([
'name' => 'id',
'type' => 'Hidden',
@@ -88,6 +98,9 @@ class RoleForm extends Form implements ServiceLocatorAwareInterface, InputFilter
'parent' => [
'required' => false,
],
+ 'accessible-exterieur' => [
+ 'required' => true,
+ ],
];
}
}
@@ -117,6 +130,7 @@ class RoleFormHydrator implements HydratorInterface
$object->setRoleId($data['role-id']);
$object->setLdapFilter($data['ldap-filter'] ?: null);
$object->setParent($this->getServiceRole()->get($data['parent']));
+ $object->setAccessibleExterieur($data['accessible-exterieur'] == '1');
return $object;
}
@@ -135,6 +149,7 @@ class RoleFormHydrator implements HydratorInterface
'role-id' => $object->getRoleId(),
'ldap-filter' => $object->getLdapFilter(),
'parent' => $object->getParent() ? $object->getParent()->getId() : null,
+ 'accessible-exterieur' => $object->getAccessibleExterieur() ? '1' : '0',
];
return $data;
diff --git a/src/UnicaenAuth/Provider/Identity/Db.php b/src/UnicaenAuth/Provider/Identity/Db.php
index cb92485..bd7e7d5 100644
--- a/src/UnicaenAuth/Provider/Identity/Db.php
+++ b/src/UnicaenAuth/Provider/Identity/Db.php
@@ -4,6 +4,7 @@ namespace UnicaenAuth\Provider\Identity;
use BjyAuthorize\Provider\Identity\AuthenticationIdentityProvider;
use BjyAuthorize\Provider\Role\ProviderInterface;
use UnicaenApp\Entity\Ldap\People;
+use UnicaenApp\HostLocalization\HostLocalizationAwareTrait;
use UnicaenAuth\Entity\Db\AbstractRole;
use UnicaenAuth\Service\Traits\RoleServiceAwareTrait;
use Zend\Ldap\Ldap;
@@ -23,12 +24,19 @@ use Traversable;
class Db extends AuthenticationIdentityProvider implements ChainableProvider, \BjyAuthorize\Provider\Identity\ProviderInterface
{
use RoleServiceAwareTrait;
+ use HostLocalizationAwareTrait;
+
/**
* @var Ldap
*/
private $ldap;
+ /**
+ * @var
+ */
+ private $detectionContexteExecution;
+
/**
@@ -84,6 +92,15 @@ class Db extends AuthenticationIdentityProvider implements ChainableProvider, \B
}
}
+ $inEtablissement = $this->getHostLocalization()->inEtablissement();
+ if (!$inEtablissement) { // Si on n'est pas dans l'établissement, alors on filtre les rôles disponibles
+ foreach ($roles as $i => $role) {
+ if ($role instanceof AbstractRole) {
+ if (!$role->getAccessibleExterieur()) unset($roles[$i]);
+ }
+ }
+ }
+
return $roles;
}
diff --git a/src/UnicaenAuth/Provider/Identity/DbServiceFactory.php b/src/UnicaenAuth/Provider/Identity/DbServiceFactory.php
index 4ce3d5c..332ab57 100644
--- a/src/UnicaenAuth/Provider/Identity/DbServiceFactory.php
+++ b/src/UnicaenAuth/Provider/Identity/DbServiceFactory.php
@@ -27,6 +27,7 @@ class DbServiceFactory implements FactoryInterface
{
$user = $container->get('zfcuser_user_service');
$identityProvider = new Db($user->getAuthService());
+ $identityProvider->setHostLocalization($container->get('HostLocalization'));
$unicaenAppOptions = $container->get('unicaen-app_module_options');
/* @var $unicaenAppOptions ModuleOptions */
diff --git a/view/unicaen-auth/droits/role-edition.phtml b/view/unicaen-auth/droits/role-edition.phtml
index e7699d4..04965b3 100644
--- a/view/unicaen-auth/droits/role-edition.phtml
+++ b/view/unicaen-auth/droits/role-edition.phtml
@@ -13,7 +13,9 @@ if ($errors) {
echo $this->formControlGroup($form->get('role-id'));
echo $this->formControlGroup($form->get('parent'));
echo $this->formControlGroup($form->get('ldap-filter'));
+echo $this->formControlGroup($form->get('accessible-exterieur'));
echo $this->formRow($form->get('submit'));
+
echo $this->formHidden($form->get('id'));
echo $this->form()->closeTag();
\ No newline at end of file
diff --git a/view/unicaen-auth/droits/roles.phtml b/view/unicaen-auth/droits/roles.phtml
index ed85487..e511f9d 100644
--- a/view/unicaen-auth/droits/roles.phtml
+++ b/view/unicaen-auth/droits/roles.phtml
@@ -14,6 +14,7 @@ $ajoutUrl = $this->url( 'droits/roles/edition' );
<th>Nom</th>
<th>Parent</th>
<th>Filtre LDAP</th>
+ <th>Accessible de l'extérieur</th>
<?php if ($canEdit): ?><th>Action</th><?php endif; ?>
</tr>
<?php foreach( $roles as $role ):
@@ -24,6 +25,7 @@ $ajoutUrl = $this->url( 'droits/roles/edition' );
<td><?php echo $role->getRoleId(); ?></td>
<td><?php echo $role->getParent(); ?></td>
<td><?php echo $role->getLdapFilter(); ?></td>
+ <td><?php echo $role->getAccessibleExterieur() ? 'Oui' : 'Non'; ?></td>
<?php if ($canEdit): ?>
<td style="width:1%;white-space: nowrap;text-align: center">
<a href="<?php echo $editionUrl; ?>" class="ajax-modal" data-event="role-edition"><span class="glyphicon glyphicon-edit"></span></a>
--
GitLab