Commit cf8eb594 authored by Laurent Lécluse's avatar Laurent Lécluse
Browse files

Finalisation de la possibilité de bloquer l'usage d'un ou plusieurs rôles...

Finalisation de la possibilité de bloquer l'usage d'un ou plusieurs rôles depuis l'extérieur de l'établissement
parent 532506f4
Pipeline #8495 failed with stage
in 4 seconds
...@@ -494,7 +494,7 @@ return [ ...@@ -494,7 +494,7 @@ return [
'UnicaenApp\HistoriqueListener' => HistoriqueListenerFactory::class, 'UnicaenApp\HistoriqueListener' => HistoriqueListenerFactory::class,
'UnicaenAuth\HistoriqueListener' => HistoriqueListenerFactory::class, 'UnicaenAuth\HistoriqueListener' => HistoriqueListenerFactory::class,
\UnicaenAuth\Event\EventManager::class => \UnicaenAuth\Event\EventManagerFactory::class, \UnicaenAuth\Event\EventManager::class => \UnicaenAuth\Event\EventManagerFactory::class
], ],
'lazy_services' => [ 'lazy_services' => [
// Mapping services to their class names is required since the ServiceManager is not a declarative DIC. // Mapping services to their class names is required since the ServiceManager is not a declarative DIC.
......
...@@ -18,7 +18,7 @@ CREATE TABLE user_role ( ...@@ -18,7 +18,7 @@ CREATE TABLE user_role (
is_default SMALLINT NOT NULL DEFAULT 0, is_default SMALLINT NOT NULL DEFAULT 0,
parent_id BIGINT DEFAULT NULL, parent_id BIGINT DEFAULT NULL,
ldap_filter varchar(255) DEFAULT NULL, ldap_filter varchar(255) DEFAULT NULL,
accessible_exterieur SMALLINT NOT NULL DEFAULT 1, accessible_exterieur BOOLEAN NOT NULL DEFAULT true,
FOREIGN KEY (parent_id) REFERENCES user_role (id) ON DELETE SET NULL FOREIGN KEY (parent_id) REFERENCES user_role (id) ON DELETE SET NULL
); );
CREATE UNIQUE INDEX user_role_roleid_unique ON user_role (role_id); CREATE UNIQUE INDEX user_role_roleid_unique ON user_role (role_id);
......
...@@ -53,6 +53,16 @@ class RoleForm extends Form implements ServiceLocatorAwareInterface, InputFilter ...@@ -53,6 +53,16 @@ class RoleForm extends Form implements ServiceLocatorAwareInterface, InputFilter
], ],
]); ]);
$this->add([
'type' => 'Checkbox',
'name' => 'accessible-exterieur',
'options' => [
'label' => 'Accessible de l\'extérieur',
'checked_value' => '1',
'unchecked_value' => '0',
],
]);
$this->add([ $this->add([
'name' => 'id', 'name' => 'id',
'type' => 'Hidden', 'type' => 'Hidden',
...@@ -88,6 +98,9 @@ class RoleForm extends Form implements ServiceLocatorAwareInterface, InputFilter ...@@ -88,6 +98,9 @@ class RoleForm extends Form implements ServiceLocatorAwareInterface, InputFilter
'parent' => [ 'parent' => [
'required' => false, 'required' => false,
], ],
'accessible-exterieur' => [
'required' => true,
],
]; ];
} }
} }
...@@ -117,6 +130,7 @@ class RoleFormHydrator implements HydratorInterface ...@@ -117,6 +130,7 @@ class RoleFormHydrator implements HydratorInterface
$object->setRoleId($data['role-id']); $object->setRoleId($data['role-id']);
$object->setLdapFilter($data['ldap-filter'] ?: null); $object->setLdapFilter($data['ldap-filter'] ?: null);
$object->setParent($this->getServiceRole()->get($data['parent'])); $object->setParent($this->getServiceRole()->get($data['parent']));
$object->setAccessibleExterieur($data['accessible-exterieur'] == '1');
return $object; return $object;
} }
...@@ -135,6 +149,7 @@ class RoleFormHydrator implements HydratorInterface ...@@ -135,6 +149,7 @@ class RoleFormHydrator implements HydratorInterface
'role-id' => $object->getRoleId(), 'role-id' => $object->getRoleId(),
'ldap-filter' => $object->getLdapFilter(), 'ldap-filter' => $object->getLdapFilter(),
'parent' => $object->getParent() ? $object->getParent()->getId() : null, 'parent' => $object->getParent() ? $object->getParent()->getId() : null,
'accessible-exterieur' => $object->getAccessibleExterieur() ? '1' : '0',
]; ];
return $data; return $data;
......
...@@ -4,6 +4,7 @@ namespace UnicaenAuth\Provider\Identity; ...@@ -4,6 +4,7 @@ namespace UnicaenAuth\Provider\Identity;
use BjyAuthorize\Provider\Identity\AuthenticationIdentityProvider; use BjyAuthorize\Provider\Identity\AuthenticationIdentityProvider;
use BjyAuthorize\Provider\Role\ProviderInterface; use BjyAuthorize\Provider\Role\ProviderInterface;
use UnicaenApp\Entity\Ldap\People; use UnicaenApp\Entity\Ldap\People;
use UnicaenApp\HostLocalization\HostLocalizationAwareTrait;
use UnicaenAuth\Entity\Db\AbstractRole; use UnicaenAuth\Entity\Db\AbstractRole;
use UnicaenAuth\Service\Traits\RoleServiceAwareTrait; use UnicaenAuth\Service\Traits\RoleServiceAwareTrait;
use Zend\Ldap\Ldap; use Zend\Ldap\Ldap;
...@@ -23,12 +24,19 @@ use Traversable; ...@@ -23,12 +24,19 @@ use Traversable;
class Db extends AuthenticationIdentityProvider implements ChainableProvider, \BjyAuthorize\Provider\Identity\ProviderInterface class Db extends AuthenticationIdentityProvider implements ChainableProvider, \BjyAuthorize\Provider\Identity\ProviderInterface
{ {
use RoleServiceAwareTrait; use RoleServiceAwareTrait;
use HostLocalizationAwareTrait;
/** /**
* @var Ldap * @var Ldap
*/ */
private $ldap; private $ldap;
/**
* @var
*/
private $detectionContexteExecution;
/** /**
...@@ -84,6 +92,15 @@ class Db extends AuthenticationIdentityProvider implements ChainableProvider, \B ...@@ -84,6 +92,15 @@ class Db extends AuthenticationIdentityProvider implements ChainableProvider, \B
} }
} }
$inEtablissement = $this->getHostLocalization()->inEtablissement();
if (!$inEtablissement) { // Si on n'est pas dans l'établissement, alors on filtre les rôles disponibles
foreach ($roles as $i => $role) {
if ($role instanceof AbstractRole) {
if (!$role->getAccessibleExterieur()) unset($roles[$i]);
}
}
}
return $roles; return $roles;
} }
......
...@@ -27,6 +27,7 @@ class DbServiceFactory implements FactoryInterface ...@@ -27,6 +27,7 @@ class DbServiceFactory implements FactoryInterface
{ {
$user = $container->get('zfcuser_user_service'); $user = $container->get('zfcuser_user_service');
$identityProvider = new Db($user->getAuthService()); $identityProvider = new Db($user->getAuthService());
$identityProvider->setHostLocalization($container->get('HostLocalization'));
$unicaenAppOptions = $container->get('unicaen-app_module_options'); $unicaenAppOptions = $container->get('unicaen-app_module_options');
/* @var $unicaenAppOptions ModuleOptions */ /* @var $unicaenAppOptions ModuleOptions */
......
...@@ -13,7 +13,9 @@ if ($errors) { ...@@ -13,7 +13,9 @@ if ($errors) {
echo $this->formControlGroup($form->get('role-id')); echo $this->formControlGroup($form->get('role-id'));
echo $this->formControlGroup($form->get('parent')); echo $this->formControlGroup($form->get('parent'));
echo $this->formControlGroup($form->get('ldap-filter')); echo $this->formControlGroup($form->get('ldap-filter'));
echo $this->formControlGroup($form->get('accessible-exterieur'));
echo $this->formRow($form->get('submit')); echo $this->formRow($form->get('submit'));
echo $this->formHidden($form->get('id')); echo $this->formHidden($form->get('id'));
echo $this->form()->closeTag(); echo $this->form()->closeTag();
\ No newline at end of file
...@@ -14,6 +14,7 @@ $ajoutUrl = $this->url( 'droits/roles/edition' ); ...@@ -14,6 +14,7 @@ $ajoutUrl = $this->url( 'droits/roles/edition' );
<th>Nom</th> <th>Nom</th>
<th>Parent</th> <th>Parent</th>
<th>Filtre LDAP</th> <th>Filtre LDAP</th>
<th>Accessible de l'extérieur</th>
<?php if ($canEdit): ?><th>Action</th><?php endif; ?> <?php if ($canEdit): ?><th>Action</th><?php endif; ?>
</tr> </tr>
<?php foreach( $roles as $role ): <?php foreach( $roles as $role ):
...@@ -24,6 +25,7 @@ $ajoutUrl = $this->url( 'droits/roles/edition' ); ...@@ -24,6 +25,7 @@ $ajoutUrl = $this->url( 'droits/roles/edition' );
<td><?php echo $role->getRoleId(); ?></td> <td><?php echo $role->getRoleId(); ?></td>
<td><?php echo $role->getParent(); ?></td> <td><?php echo $role->getParent(); ?></td>
<td><?php echo $role->getLdapFilter(); ?></td> <td><?php echo $role->getLdapFilter(); ?></td>
<td><?php echo $role->getAccessibleExterieur() ? 'Oui' : 'Non'; ?></td>
<?php if ($canEdit): ?> <?php if ($canEdit): ?>
<td style="width:1%;white-space: nowrap;text-align: center"> <td style="width:1%;white-space: nowrap;text-align: center">
<a href="<?php echo $editionUrl; ?>" class="ajax-modal" data-event="role-edition"><span class="glyphicon glyphicon-edit"></span></a> <a href="<?php echo $editionUrl; ?>" class="ajax-modal" data-event="role-edition"><span class="glyphicon glyphicon-edit"></span></a>
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment