...
 
Commits (8)
......@@ -494,7 +494,7 @@ return [
'UnicaenApp\HistoriqueListener' => HistoriqueListenerFactory::class,
'UnicaenAuth\HistoriqueListener' => HistoriqueListenerFactory::class,
\UnicaenAuth\Event\EventManager::class => \UnicaenAuth\Event\EventManagerFactory::class,
\UnicaenAuth\Event\EventManager::class => \UnicaenAuth\Event\EventManagerFactory::class
],
'lazy_services' => [
// Mapping services to their class names is required since the ServiceManager is not a declarative DIC.
......
......@@ -18,6 +18,7 @@ CREATE TABLE IF NOT EXISTS user_role (
is_default TINYINT(1) NOT NULL DEFAULT 0,
parent_id INTEGER NULL DEFAULT NULL,
ldap_filter varchar(255) DEFAULT NULL,
accessible_exterieur TINYINT(1) NOT NULL DEFAULT 1,
FOREIGN KEY (parent_id) REFERENCES user_role (id) ON DELETE SET NULL
);
......
......@@ -20,6 +20,7 @@ CREATE TABLE IF NOT EXISTS user_role (
is_default TINYINT(1) NOT NULL DEFAULT 0,
parent_id INT(11) NULL DEFAULT NULL,
ldap_filter varchar(255) CHARACTER SET utf8 DEFAULT NULL,
accessible_exterieur TINYINT(1) NOT NULL DEFAULT 1,
PRIMARY KEY (id),
UNIQUE INDEX unique_role (role_id ASC),
INDEX idx_parent_id (parent_id ASC),
......
......@@ -18,9 +18,10 @@ create unique index USER_PASSWORD_RESET_TOKEN_UN on "USER" (PASSWORD_RESET_TOKEN
CREATE TABLE USER_ROLE
( "ID" NUMBER(*,0) NOT NULL ENABLE,
"ROLE_ID" VARCHAR2(64 CHAR) NOT NULL ENABLE,
"IS_DEFAULT" NUMBER(38,0) NOT NULL ENABLE,
"IS_DEFAULT" NUMBER(1) NOT NULL ENABLE,
"PARENT_ID" NUMBER(*,0),
"LDAP_FILTER" VARCHAR2(255) DEFAULT NULL,
"ACCESSIBLE_EXTERIEUR" NUMBER(1) DEFAULT 1 NOT NULL ENABLE,
CONSTRAINT "USER_ROLE_PK" PRIMARY KEY ("ID"),
CONSTRAINT "USER_ROLE_ROLE_UN" UNIQUE ("ROLE_ID"),
CONSTRAINT "USER_ROLE_USER_ROLE_FK" FOREIGN KEY ("PARENT_ID") REFERENCES USER_ROLE ("ID") ENABLE
......
......@@ -18,6 +18,7 @@ CREATE TABLE user_role (
is_default SMALLINT NOT NULL DEFAULT 0,
parent_id BIGINT DEFAULT NULL,
ldap_filter varchar(255) DEFAULT NULL,
accessible_exterieur BOOLEAN NOT NULL DEFAULT true,
FOREIGN KEY (parent_id) REFERENCES user_role (id) ON DELETE SET NULL
);
CREATE UNIQUE INDEX user_role_roleid_unique ON user_role (role_id);
......
......@@ -44,6 +44,12 @@ abstract class AbstractRole implements RoleInterface
*/
protected $ldapFilter;
/**
* @var boolean
* @ORM\Column(name="accessible_exterieur", type="boolean", nullable=false)
*/
protected $accessibleExterieur = true;
/**
* @var \Doctrine\Common\Collections\Collection
* @ORM\ManyToMany(targetEntity="UnicaenAuth\Entity\Db\User")
......@@ -178,6 +184,32 @@ abstract class AbstractRole implements RoleInterface
return $this;
}
/**
* @return bool
*/
public function getAccessibleExterieur(): bool
{
return $this->accessibleExterieur;
}
/**
* @param bool $accessibleExterieur
*
* @return self
*/
public function setAccessibleExterieur($accessibleExterieur): self
{
$this->accessibleExterieur = (bool)$accessibleExterieur;
return $this;
}
/**
* Get users.
*
......
......@@ -53,6 +53,16 @@ class RoleForm extends Form implements ServiceLocatorAwareInterface, InputFilter
],
]);
$this->add([
'type' => 'Checkbox',
'name' => 'accessible-exterieur',
'options' => [
'label' => 'Accessible de l\'extérieur',
'checked_value' => '1',
'unchecked_value' => '0',
],
]);
$this->add([
'name' => 'id',
'type' => 'Hidden',
......@@ -88,6 +98,9 @@ class RoleForm extends Form implements ServiceLocatorAwareInterface, InputFilter
'parent' => [
'required' => false,
],
'accessible-exterieur' => [
'required' => true,
],
];
}
}
......@@ -117,6 +130,7 @@ class RoleFormHydrator implements HydratorInterface
$object->setRoleId($data['role-id']);
$object->setLdapFilter($data['ldap-filter'] ?: null);
$object->setParent($this->getServiceRole()->get($data['parent']));
$object->setAccessibleExterieur($data['accessible-exterieur'] == '1');
return $object;
}
......@@ -135,6 +149,7 @@ class RoleFormHydrator implements HydratorInterface
'role-id' => $object->getRoleId(),
'ldap-filter' => $object->getLdapFilter(),
'parent' => $object->getParent() ? $object->getParent()->getId() : null,
'accessible-exterieur' => $object->getAccessibleExterieur() ? '1' : '0',
];
return $data;
......
......@@ -4,6 +4,7 @@ namespace UnicaenAuth\Provider\Identity;
use BjyAuthorize\Provider\Identity\AuthenticationIdentityProvider;
use BjyAuthorize\Provider\Role\ProviderInterface;
use UnicaenApp\Entity\Ldap\People;
use UnicaenApp\HostLocalization\HostLocalizationAwareTrait;
use UnicaenAuth\Entity\Db\AbstractRole;
use UnicaenAuth\Service\Traits\RoleServiceAwareTrait;
use Zend\Ldap\Ldap;
......@@ -23,12 +24,19 @@ use Traversable;
class Db extends AuthenticationIdentityProvider implements ChainableProvider, \BjyAuthorize\Provider\Identity\ProviderInterface
{
use RoleServiceAwareTrait;
use HostLocalizationAwareTrait;
/**
* @var Ldap
*/
private $ldap;
/**
* @var
*/
private $detectionContexteExecution;
/**
......@@ -84,6 +92,15 @@ class Db extends AuthenticationIdentityProvider implements ChainableProvider, \B
}
}
$inEtablissement = $this->getHostLocalization()->inEtablissement();
if (!$inEtablissement) { // Si on n'est pas dans l'établissement, alors on filtre les rôles disponibles
foreach ($roles as $i => $role) {
if ($role instanceof AbstractRole) {
if (!$role->getAccessibleExterieur()) unset($roles[$i]);
}
}
}
return $roles;
}
......
......@@ -27,6 +27,7 @@ class DbServiceFactory implements FactoryInterface
{
$user = $container->get('zfcuser_user_service');
$identityProvider = new Db($user->getAuthService());
$identityProvider->setHostLocalization($container->get('HostLocalization'));
$unicaenAppOptions = $container->get('unicaen-app_module_options');
/* @var $unicaenAppOptions ModuleOptions */
......
......@@ -13,7 +13,9 @@ if ($errors) {
echo $this->formControlGroup($form->get('role-id'));
echo $this->formControlGroup($form->get('parent'));
echo $this->formControlGroup($form->get('ldap-filter'));
echo $this->formControlGroup($form->get('accessible-exterieur'));
echo $this->formRow($form->get('submit'));
echo $this->formHidden($form->get('id'));
echo $this->form()->closeTag();
\ No newline at end of file
......@@ -14,6 +14,7 @@ $ajoutUrl = $this->url( 'droits/roles/edition' );
<th>Nom</th>
<th>Parent</th>
<th>Filtre LDAP</th>
<th>Accessible de l'extérieur</th>
<?php if ($canEdit): ?><th>Action</th><?php endif; ?>
</tr>
<?php foreach( $roles as $role ):
......@@ -24,6 +25,7 @@ $ajoutUrl = $this->url( 'droits/roles/edition' );
<td><?php echo $role->getRoleId(); ?></td>
<td><?php echo $role->getParent(); ?></td>
<td><?php echo $role->getLdapFilter(); ?></td>
<td><?php echo $role->getAccessibleExterieur() ? 'Oui' : 'Non'; ?></td>
<?php if ($canEdit): ?>
<td style="width:1%;white-space: nowrap;text-align: center">
<a href="<?php echo $editionUrl; ?>" class="ajax-modal" data-event="role-edition"><span class="glyphicon glyphicon-edit"></span></a>
......