...
 
Commits (3)
...@@ -494,7 +494,7 @@ return [ ...@@ -494,7 +494,7 @@ return [
'UnicaenApp\HistoriqueListener' => HistoriqueListenerFactory::class, 'UnicaenApp\HistoriqueListener' => HistoriqueListenerFactory::class,
'UnicaenAuth\HistoriqueListener' => HistoriqueListenerFactory::class, 'UnicaenAuth\HistoriqueListener' => HistoriqueListenerFactory::class,
\UnicaenAuth\Event\EventManager::class => \UnicaenAuth\Event\EventManagerFactory::class, \UnicaenAuth\Event\EventManager::class => \UnicaenAuth\Event\EventManagerFactory::class
], ],
'lazy_services' => [ 'lazy_services' => [
// Mapping services to their class names is required since the ServiceManager is not a declarative DIC. // Mapping services to their class names is required since the ServiceManager is not a declarative DIC.
......
...@@ -18,6 +18,7 @@ CREATE TABLE IF NOT EXISTS user_role ( ...@@ -18,6 +18,7 @@ CREATE TABLE IF NOT EXISTS user_role (
is_default TINYINT(1) NOT NULL DEFAULT 0, is_default TINYINT(1) NOT NULL DEFAULT 0,
parent_id INTEGER NULL DEFAULT NULL, parent_id INTEGER NULL DEFAULT NULL,
ldap_filter varchar(255) DEFAULT NULL, ldap_filter varchar(255) DEFAULT NULL,
accessible_exterieur TINYINT(1) NOT NULL DEFAULT 1,
FOREIGN KEY (parent_id) REFERENCES user_role (id) ON DELETE SET NULL FOREIGN KEY (parent_id) REFERENCES user_role (id) ON DELETE SET NULL
); );
......
...@@ -20,6 +20,7 @@ CREATE TABLE IF NOT EXISTS user_role ( ...@@ -20,6 +20,7 @@ CREATE TABLE IF NOT EXISTS user_role (
is_default TINYINT(1) NOT NULL DEFAULT 0, is_default TINYINT(1) NOT NULL DEFAULT 0,
parent_id INT(11) NULL DEFAULT NULL, parent_id INT(11) NULL DEFAULT NULL,
ldap_filter varchar(255) CHARACTER SET utf8 DEFAULT NULL, ldap_filter varchar(255) CHARACTER SET utf8 DEFAULT NULL,
accessible_exterieur TINYINT(1) NOT NULL DEFAULT 1,
PRIMARY KEY (id), PRIMARY KEY (id),
UNIQUE INDEX unique_role (role_id ASC), UNIQUE INDEX unique_role (role_id ASC),
INDEX idx_parent_id (parent_id ASC), INDEX idx_parent_id (parent_id ASC),
......
...@@ -18,9 +18,10 @@ create unique index USER_PASSWORD_RESET_TOKEN_UN on "USER" (PASSWORD_RESET_TOKEN ...@@ -18,9 +18,10 @@ create unique index USER_PASSWORD_RESET_TOKEN_UN on "USER" (PASSWORD_RESET_TOKEN
CREATE TABLE USER_ROLE CREATE TABLE USER_ROLE
( "ID" NUMBER(*,0) NOT NULL ENABLE, ( "ID" NUMBER(*,0) NOT NULL ENABLE,
"ROLE_ID" VARCHAR2(64 CHAR) NOT NULL ENABLE, "ROLE_ID" VARCHAR2(64 CHAR) NOT NULL ENABLE,
"IS_DEFAULT" NUMBER(38,0) NOT NULL ENABLE, "IS_DEFAULT" NUMBER(1) NOT NULL ENABLE,
"PARENT_ID" NUMBER(*,0), "PARENT_ID" NUMBER(*,0),
"LDAP_FILTER" VARCHAR2(255) DEFAULT NULL, "LDAP_FILTER" VARCHAR2(255) DEFAULT NULL,
"ACCESSIBLE_EXTERIEUR" NUMBER(1) DEFAULT 1 NOT NULL ENABLE,
CONSTRAINT "USER_ROLE_PK" PRIMARY KEY ("ID"), CONSTRAINT "USER_ROLE_PK" PRIMARY KEY ("ID"),
CONSTRAINT "USER_ROLE_ROLE_UN" UNIQUE ("ROLE_ID"), CONSTRAINT "USER_ROLE_ROLE_UN" UNIQUE ("ROLE_ID"),
CONSTRAINT "USER_ROLE_USER_ROLE_FK" FOREIGN KEY ("PARENT_ID") REFERENCES USER_ROLE ("ID") ENABLE CONSTRAINT "USER_ROLE_USER_ROLE_FK" FOREIGN KEY ("PARENT_ID") REFERENCES USER_ROLE ("ID") ENABLE
......
...@@ -18,6 +18,7 @@ CREATE TABLE user_role ( ...@@ -18,6 +18,7 @@ CREATE TABLE user_role (
is_default SMALLINT NOT NULL DEFAULT 0, is_default SMALLINT NOT NULL DEFAULT 0,
parent_id BIGINT DEFAULT NULL, parent_id BIGINT DEFAULT NULL,
ldap_filter varchar(255) DEFAULT NULL, ldap_filter varchar(255) DEFAULT NULL,
accessible_exterieur BOOLEAN NOT NULL DEFAULT true,
FOREIGN KEY (parent_id) REFERENCES user_role (id) ON DELETE SET NULL FOREIGN KEY (parent_id) REFERENCES user_role (id) ON DELETE SET NULL
); );
CREATE UNIQUE INDEX user_role_roleid_unique ON user_role (role_id); CREATE UNIQUE INDEX user_role_roleid_unique ON user_role (role_id);
......
...@@ -44,6 +44,12 @@ abstract class AbstractRole implements RoleInterface ...@@ -44,6 +44,12 @@ abstract class AbstractRole implements RoleInterface
*/ */
protected $ldapFilter; protected $ldapFilter;
/**
* @var boolean
* @ORM\Column(name="accessible_exterieur", type="boolean", nullable=false)
*/
protected $accessibleExterieur = true;
/** /**
* @var \Doctrine\Common\Collections\Collection * @var \Doctrine\Common\Collections\Collection
* @ORM\ManyToMany(targetEntity="UnicaenAuth\Entity\Db\User") * @ORM\ManyToMany(targetEntity="UnicaenAuth\Entity\Db\User")
...@@ -178,6 +184,32 @@ abstract class AbstractRole implements RoleInterface ...@@ -178,6 +184,32 @@ abstract class AbstractRole implements RoleInterface
return $this; return $this;
} }
/**
* @return bool
*/
public function getAccessibleExterieur(): bool
{
return $this->accessibleExterieur;
}
/**
* @param bool $accessibleExterieur
*
* @return self
*/
public function setAccessibleExterieur($accessibleExterieur): self
{
$this->accessibleExterieur = (bool)$accessibleExterieur;
return $this;
}
/** /**
* Get users. * Get users.
* *
......
...@@ -53,6 +53,16 @@ class RoleForm extends Form implements ServiceLocatorAwareInterface, InputFilter ...@@ -53,6 +53,16 @@ class RoleForm extends Form implements ServiceLocatorAwareInterface, InputFilter
], ],
]); ]);
$this->add([
'type' => 'Checkbox',
'name' => 'accessible-exterieur',
'options' => [
'label' => 'Accessible de l\'extérieur',
'checked_value' => '1',
'unchecked_value' => '0',
],
]);
$this->add([ $this->add([
'name' => 'id', 'name' => 'id',
'type' => 'Hidden', 'type' => 'Hidden',
...@@ -88,6 +98,9 @@ class RoleForm extends Form implements ServiceLocatorAwareInterface, InputFilter ...@@ -88,6 +98,9 @@ class RoleForm extends Form implements ServiceLocatorAwareInterface, InputFilter
'parent' => [ 'parent' => [
'required' => false, 'required' => false,
], ],
'accessible-exterieur' => [
'required' => true,
],
]; ];
} }
} }
...@@ -117,6 +130,7 @@ class RoleFormHydrator implements HydratorInterface ...@@ -117,6 +130,7 @@ class RoleFormHydrator implements HydratorInterface
$object->setRoleId($data['role-id']); $object->setRoleId($data['role-id']);
$object->setLdapFilter($data['ldap-filter'] ?: null); $object->setLdapFilter($data['ldap-filter'] ?: null);
$object->setParent($this->getServiceRole()->get($data['parent'])); $object->setParent($this->getServiceRole()->get($data['parent']));
$object->setAccessibleExterieur($data['accessible-exterieur'] == '1');
return $object; return $object;
} }
...@@ -135,6 +149,7 @@ class RoleFormHydrator implements HydratorInterface ...@@ -135,6 +149,7 @@ class RoleFormHydrator implements HydratorInterface
'role-id' => $object->getRoleId(), 'role-id' => $object->getRoleId(),
'ldap-filter' => $object->getLdapFilter(), 'ldap-filter' => $object->getLdapFilter(),
'parent' => $object->getParent() ? $object->getParent()->getId() : null, 'parent' => $object->getParent() ? $object->getParent()->getId() : null,
'accessible-exterieur' => $object->getAccessibleExterieur() ? '1' : '0',
]; ];
return $data; return $data;
......
...@@ -4,6 +4,7 @@ namespace UnicaenAuth\Provider\Identity; ...@@ -4,6 +4,7 @@ namespace UnicaenAuth\Provider\Identity;
use BjyAuthorize\Provider\Identity\AuthenticationIdentityProvider; use BjyAuthorize\Provider\Identity\AuthenticationIdentityProvider;
use BjyAuthorize\Provider\Role\ProviderInterface; use BjyAuthorize\Provider\Role\ProviderInterface;
use UnicaenApp\Entity\Ldap\People; use UnicaenApp\Entity\Ldap\People;
use UnicaenApp\HostLocalization\HostLocalizationAwareTrait;
use UnicaenAuth\Entity\Db\AbstractRole; use UnicaenAuth\Entity\Db\AbstractRole;
use UnicaenAuth\Service\Traits\RoleServiceAwareTrait; use UnicaenAuth\Service\Traits\RoleServiceAwareTrait;
use Zend\Ldap\Ldap; use Zend\Ldap\Ldap;
...@@ -23,12 +24,19 @@ use Traversable; ...@@ -23,12 +24,19 @@ use Traversable;
class Db extends AuthenticationIdentityProvider implements ChainableProvider, \BjyAuthorize\Provider\Identity\ProviderInterface class Db extends AuthenticationIdentityProvider implements ChainableProvider, \BjyAuthorize\Provider\Identity\ProviderInterface
{ {
use RoleServiceAwareTrait; use RoleServiceAwareTrait;
use HostLocalizationAwareTrait;
/** /**
* @var Ldap * @var Ldap
*/ */
private $ldap; private $ldap;
/**
* @var
*/
private $detectionContexteExecution;
/** /**
...@@ -84,6 +92,15 @@ class Db extends AuthenticationIdentityProvider implements ChainableProvider, \B ...@@ -84,6 +92,15 @@ class Db extends AuthenticationIdentityProvider implements ChainableProvider, \B
} }
} }
$inEtablissement = $this->getHostLocalization()->inEtablissement();
if (!$inEtablissement) { // Si on n'est pas dans l'établissement, alors on filtre les rôles disponibles
foreach ($roles as $i => $role) {
if ($role instanceof AbstractRole) {
if (!$role->getAccessibleExterieur()) unset($roles[$i]);
}
}
}
return $roles; return $roles;
} }
......
...@@ -27,6 +27,7 @@ class DbServiceFactory implements FactoryInterface ...@@ -27,6 +27,7 @@ class DbServiceFactory implements FactoryInterface
{ {
$user = $container->get('zfcuser_user_service'); $user = $container->get('zfcuser_user_service');
$identityProvider = new Db($user->getAuthService()); $identityProvider = new Db($user->getAuthService());
$identityProvider->setHostLocalization($container->get('HostLocalization'));
$unicaenAppOptions = $container->get('unicaen-app_module_options'); $unicaenAppOptions = $container->get('unicaen-app_module_options');
/* @var $unicaenAppOptions ModuleOptions */ /* @var $unicaenAppOptions ModuleOptions */
......
...@@ -13,7 +13,9 @@ if ($errors) { ...@@ -13,7 +13,9 @@ if ($errors) {
echo $this->formControlGroup($form->get('role-id')); echo $this->formControlGroup($form->get('role-id'));
echo $this->formControlGroup($form->get('parent')); echo $this->formControlGroup($form->get('parent'));
echo $this->formControlGroup($form->get('ldap-filter')); echo $this->formControlGroup($form->get('ldap-filter'));
echo $this->formControlGroup($form->get('accessible-exterieur'));
echo $this->formRow($form->get('submit')); echo $this->formRow($form->get('submit'));
echo $this->formHidden($form->get('id')); echo $this->formHidden($form->get('id'));
echo $this->form()->closeTag(); echo $this->form()->closeTag();
\ No newline at end of file
...@@ -14,6 +14,7 @@ $ajoutUrl = $this->url( 'droits/roles/edition' ); ...@@ -14,6 +14,7 @@ $ajoutUrl = $this->url( 'droits/roles/edition' );
<th>Nom</th> <th>Nom</th>
<th>Parent</th> <th>Parent</th>
<th>Filtre LDAP</th> <th>Filtre LDAP</th>
<th>Accessible de l'extérieur</th>
<?php if ($canEdit): ?><th>Action</th><?php endif; ?> <?php if ($canEdit): ?><th>Action</th><?php endif; ?>
</tr> </tr>
<?php foreach( $roles as $role ): <?php foreach( $roles as $role ):
...@@ -24,6 +25,7 @@ $ajoutUrl = $this->url( 'droits/roles/edition' ); ...@@ -24,6 +25,7 @@ $ajoutUrl = $this->url( 'droits/roles/edition' );
<td><?php echo $role->getRoleId(); ?></td> <td><?php echo $role->getRoleId(); ?></td>
<td><?php echo $role->getParent(); ?></td> <td><?php echo $role->getParent(); ?></td>
<td><?php echo $role->getLdapFilter(); ?></td> <td><?php echo $role->getLdapFilter(); ?></td>
<td><?php echo $role->getAccessibleExterieur() ? 'Oui' : 'Non'; ?></td>
<?php if ($canEdit): ?> <?php if ($canEdit): ?>
<td style="width:1%;white-space: nowrap;text-align: center"> <td style="width:1%;white-space: nowrap;text-align: center">
<a href="<?php echo $editionUrl; ?>" class="ajax-modal" data-event="role-edition"><span class="glyphicon glyphicon-edit"></span></a> <a href="<?php echo $editionUrl; ?>" class="ajax-modal" data-event="role-edition"><span class="glyphicon glyphicon-edit"></span></a>
......