diff --git a/composer.lock b/composer.lock
index 7b6f3135dce181ace08cb7df1a4eeb9cc18dcd0e..26747f9b90e94f03fda4f26b01bb85dea328ea39 100644
--- a/composer.lock
+++ b/composer.lock
@@ -1,7 +1,7 @@
{
"_readme": [
"This file locks the dependencies of your project to a known state",
- "Read more about it at http://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
+ "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file",
"This file is @generated automatically"
],
"hash": "748ee1c993c5f0ae90ee21769545e4da",
diff --git "a/data/Sql/R\303\264les.sql" "b/data/Sql/R\303\264les.sql"
index d660cb6bb237194a87d3f739abc6f122c148dc7f..8616329ffee491b1c7f87d404b91d70c94499813 100755
--- "a/data/Sql/R\303\264les.sql"
+++ "b/data/Sql/R\303\264les.sql"
@@ -102,15 +102,3 @@ select * from individu_fonct_struct@harpprod ifs where no_dossier_pers = 16956;
select * from individu@harpprod where nom_usuel = 'DENOYES';
-
-
-
-select
-r.code categorie,
-p.code privilege,
-p.id p_id
-from
- privilege p
- join categorie_privilege r on r.id = p.categorie_id
-order by
- categorie, privilege
\ No newline at end of file
diff --git a/data/Sql/intervenant_suppression.sql b/data/Sql/intervenant_suppression.sql
new file mode 100644
index 0000000000000000000000000000000000000000..a382ba73eb917f692f0ae9c94a4935f066c527b5
--- /dev/null
+++ b/data/Sql/intervenant_suppression.sql
@@ -0,0 +1,62 @@
+
+
+
+-- paiements
+select * from mise_en_paiement
+--;delete from mise_en_paiement
+--;update mise_en_paiement set histo_destructeur_id = 4, histo_destruction=sysdate
+where formule_res_service_id IN (
+ select id from formule_resultat_service where service_id IN (
+ select id from service where intervenant_id IN (
+ select id from intervenant where source_code = '100733'
+ )
+ )
+);
+
+
+-- contrats
+select * from contrat
+--;delete from contrat
+--;update contrat set histo_destructeur_id = 4, histo_destruction=sysdate
+where intervenant_id IN (
+ select id from intervenant where source_code = '100733'
+);
+
+
+-- validations de volumes_horaires
+select * from validation_vol_horaire
+--;delete from validation_vol_horaire
+where volume_horaire_id IN (
+ select id FROM volume_horaire WHERE service_id IN (
+ select id from service where intervenant_id IN (
+ select id from intervenant where source_code = '100733'
+ )
+ )
+);
+
+
+-- volumes horaires
+select * from volume_horaire
+--;delete from volume_horaire
+--;update volume_horaire set histo_destructeur_id = 4, histo_destruction=sysdate
+where service_id IN (
+ select id from service where intervenant_id IN (
+ select id from intervenant where source_code = '100733'
+ )
+);
+
+
+-- services
+select * from service
+--;delete from service
+--;update service set histo_destructeur_id = 4, histo_destruction=sysdate
+where intervenant_id IN (
+ select id from intervenant where source_code = '100733'
+);
+
+
+-- intervenant
+select * from intervenant
+--;delete from intervenant
+--;update intervenant set histo_destructeur_id = 4, histo_destruction=sysdate
+where source_code = '100733';
\ No newline at end of file
diff --git a/data/Sql/privileges.sql b/data/Sql/privileges.sql
new file mode 100644
index 0000000000000000000000000000000000000000..69184f4d7561cd91da7031c45b2d4a294213dd99
--- /dev/null
+++ b/data/Sql/privileges.sql
@@ -0,0 +1,68 @@
+
+
+INSERT INTO CATEGORIE_PRIVILEGE (
+ ID,
+ CODE,
+ LIBELLE
+) VALUES (
+ CATEGORIE_PRIVILEGE_ID_SEQ.nextval,
+ 'modification-service-du',
+ 'Modification de service dû'
+);
+
+INSERT INTO PRIVILEGE (
+ ID,
+ CATEGORIE_ID,
+ CODE,
+ LIBELLE
+) VALUES (
+ privilege_id_seq.nextval,
+ (SELECT id FROM CATEGORIE_PRIVILEGE WHERE code = 'modif-service-du' ),
+ 'association',
+ 'Association'
+);
+
+INSERT INTO PRIVILEGE (
+ ID,
+ CATEGORIE_ID,
+ CODE,
+ LIBELLE
+) VALUES (
+ privilege_id_seq.nextval,
+ (SELECT id FROM CATEGORIE_PRIVILEGE WHERE code = 'modif-service-du' ),
+ 'visualisation',
+ 'Visualisation'
+);
+
+INSERT INTO PRIVILEGE (
+ ID,
+ CATEGORIE_ID,
+ CODE,
+ LIBELLE
+) VALUES (
+ privilege_id_seq.nextval,
+ (SELECT id FROM CATEGORIE_PRIVILEGE WHERE code = 'modif-service-du' ),
+ 'edition',
+ 'Édition'
+);
+
+INSERT INTO PRIVILEGE (
+ ID,
+ CATEGORIE_ID,
+ CODE,
+ LIBELLE
+) VALUES (
+ privilege_id_seq.nextval,
+ (SELECT id FROM CATEGORIE_PRIVILEGE WHERE code = 'mise-en-paiement' ),
+ 'export-paie',
+ 'Export vers le logiciel de paie'
+);
+
+select
+ cp.code categorie,
+ p.code privilege
+from
+ privilege p
+ join categorie_privilege cp on cp.id = p.categorie_id
+order by
+ categorie, privilege
\ No newline at end of file
diff --git a/module/Application/config/gestion.config.php b/module/Application/config/gestion.config.php
index a2248ec7b14eea1f63d9a07774bd8f72f087e131..cc6c264b7ea5a3e22cbee851d9ca8a333164eb02 100755
--- a/module/Application/config/gestion.config.php
+++ b/module/Application/config/gestion.config.php
@@ -113,14 +113,14 @@ return [
'title' => "Gestion des rôles",
'route' => 'gestion/droits/roles',
'withtarget' => true,
- 'resource' => 'controller/Application\Controller\Gestion:roles',
+ 'resource' => 'privilege/privilege-visualisation',
],
'privileges' => [
'label' => "Privilèges",
'title' => "Gestion des privilèges",
'route' => 'gestion/droits/privileges',
'withtarget' => true,
- 'resource' => 'controller/Application\Controller\Gestion:privileges',
+ 'resource' => 'privilege/privilege-visualisation',
],
],
],
@@ -143,7 +143,7 @@ return [
[
'controller' => 'Application\Controller\Gestion',
'action' => ['droits', 'roles', 'privileges'],
- 'privileges' => ['privilege-visualisation', 'privilege-edition']
+ 'privileges' => ['privilege-visualisation', 'privilege-edition'],
],
[
'controller' => 'Application\Controller\Gestion',
diff --git a/module/Application/config/module.config.php b/module/Application/config/module.config.php
index 940dbedf44e1d3c075e91238ec881f13864f601e..65b056de95646634c47ba06fe323c96d83b662aa 100755
--- a/module/Application/config/module.config.php
+++ b/module/Application/config/module.config.php
@@ -179,6 +179,9 @@ $main = [
'Application\\Acl\\IntervenantPermanentRole',
],
],
+ 'resource_providers' => [
+ 'ApplicationPrivilege' => [],
+ ],
],
'service_manager' => [
'invokables' => [
@@ -197,12 +200,16 @@ $main = [
'ApplicationPays' => 'Application\\Service\\Pays',
'ApplicationDepartement' => 'Application\\Service\\Departement',
'IntervenantNavigationPageVisibility' => 'Application\\Service\\IntervenantNavigationPageVisibility',
- 'ApplicationRuleProvider' => 'Application\Provider\Rule\RuleProvider',
+ 'TestAssertion' => 'Application\\Assertion\\TestAssertion',
],
+ 'aliases' => array(
+ 'PrivilegeProvider' => 'ApplicationPrivilege'
+ ),
'factories' => [
'navigation' => 'Application\Service\NavigationFactoryFactory',
'ApplicationRoleProvider' => 'Application\Provider\Role\RoleProviderFactory',
'ApplicationIdentityProvider' => 'Application\Provider\Identity\IdentityProviderFactory',
+ 'BjyAuthorize\Service\Authorize' => 'Application\Service\AuthorizeFactory', // surcharge!!!
],
'abstract_factories' => [
],
diff --git a/module/Application/config/paiement.config.php b/module/Application/config/paiement.config.php
index 8011f47e1e012050159b8993f85d9b869afc236f..54068877b60d8b4688d97a4d63a8ce84fbe50cb8 100644
--- a/module/Application/config/paiement.config.php
+++ b/module/Application/config/paiement.config.php
@@ -2,6 +2,8 @@
namespace Application;
+use Application\Entity\Db\Privilege;
+
return [
'router' => [
'routes' => [
@@ -110,47 +112,52 @@ return [
],
'bjyauthorize' => [
'guards' => [
- 'BjyAuthorize\Guard\Controller' => [
+ 'Application\Guard\PrivilegeController' => [
[
'controller' => 'Application\Controller\Paiement',
- 'action' => ['index','demandeMiseEnPaiement','etatPaiement','misesEnPaiementCsv'],
- 'roles' => [R_COMPOSANTE, R_ADMINISTRATEUR, R_DRH],
+ 'action' => ['index','etatPaiement','misesEnPaiementCsv'],
+ 'privileges' => [
+ Privilege::MISE_EN_PAIEMENT_DEMANDE,
+ Privilege::MISE_EN_PAIEMENT_VISUALISATION,
+ Privilege::MISE_EN_PAIEMENT_VALIDATION,
+ ],
+ 'assertion' => 'MiseEnPaiementAssertion',
],
[
'controller' => 'Application\Controller\Paiement',
- 'action' => ['miseEnPaiement','extractionWinpaie'],
- 'roles' => [R_ADMINISTRATEUR, R_DRH],
+ 'action' => ['demandeMiseEnPaiement'],
+ 'privileges' => [Privilege::MISE_EN_PAIEMENT_DEMANDE],
+ 'assertion' => 'MiseEnPaiementAssertion',
],
- ],
- ],
- 'resource_providers' => [
- 'BjyAuthorize\Provider\Resource\Config' => [
- 'MiseEnPaiement' => [],
- ],
- ],
- 'rule_providers' => [
- 'BjyAuthorize\Provider\Rule\Config' => [
- 'allow' => [
- [
- [R_ROLE],
- 'MiseEnPaiement',
- [
- Assertion\MiseEnPaiementAssertion::PRIVILEGE_VISUALISATION,
- Assertion\MiseEnPaiementAssertion::PRIVILEGE_DEMANDE,
- Assertion\MiseEnPaiementAssertion::PRIVILEGE_VALIDATION,
- Assertion\MiseEnPaiementAssertion::PRIVILEGE_MISE_EN_PAIEMENT,
- ],
- Assertion\MiseEnPaiementAssertion::getAssertionId(),
- ],
- [
- [R_ADMINISTRATEUR, R_DRH],
- 'MiseEnPaiement',
- ['export-csv-winpaie'],
-
- ],
+ [
+ 'controller' => 'Application\Controller\Paiement',
+ 'action' => ['miseEnPaiement'],
+ 'privileges' => [Privilege::MISE_EN_PAIEMENT_MISE_EN_PAIEMENT]
+ ],
+ [
+ 'controller' => 'Application\Controller\Paiement',
+ 'action' => ['extractionWinpaie'],
+ 'privileges' => [Privilege::MISE_EN_PAIEMENT_EXPORT_PAIE]
],
],
],
+// 'rule_providers' => [
+// 'Application\Provider\Rule\RuleProvider' => [
+// 'allow' => [
+// [
+// [
+// 'mise-en-paiement-demande',
+// 'mise-en-paiement-mise-en-paiement',
+// 'mise-en-paiement-visualisation',
+// 'mise-en-paiement-validation'
+// ],
+// 'MiseEnPaiement',
+// [],
+// 'MiseEnPaiementAssertion',
+// ]
+// ],
+// ],
+// ],
],
'service_manager' => [
'invokables' => [
diff --git a/module/Application/config/service.config.php b/module/Application/config/service.config.php
index 063d9f642b7dbea9f4371c62695e8cb439ce9fbc..a5de998656970ecfbb455e883c37dec71085a763 100644
--- a/module/Application/config/service.config.php
+++ b/module/Application/config/service.config.php
@@ -236,7 +236,7 @@ return [
'controller' => 'Application\Controller\ServiceReferentiel',
'action' => ['index', 'saisie', 'suppression', 'rafraichir-ligne', 'constatation'],
'roles' => [R_ROLE],
- ],
+ ]
],
],
'resource_providers' => [
@@ -248,8 +248,16 @@ return [
],
],
'rule_providers' => [
- 'BjyAuthorize\Provider\Rule\Config' => [
- 'allow' => [
+ 'Application\Provider\Rule\RuleProvider' => [
+ 'allow' => [
+ [
+ 'mep-visualisation',
+ 'Service',
+ ['create', 'read', 'delete', 'update'],
+ 'ServiceAssertion',
+ ]
+ ],
+ /*'allow' => [
[
[R_ROLE],
'Service',
@@ -274,7 +282,7 @@ return [
['create', 'read', 'delete', 'update'],
'ServiceReferentielAssertion'
]
- ],
+ ],*/
],
],
],
diff --git a/module/Application/src/Application/Assertion/AbstractAssertion.php b/module/Application/src/Application/Assertion/AbstractAssertion.php
index 48e1982e12a68846cb5e395ec76588d4c7610ded..47cacf5cdbd6c35f14ad3c730e77d9c6407913a0 100644
--- a/module/Application/src/Application/Assertion/AbstractAssertion.php
+++ b/module/Application/src/Application/Assertion/AbstractAssertion.php
@@ -2,8 +2,6 @@
namespace Application\Assertion;
-use DateTime;
-use Application\Acl\IntervenantPermanentRole;
use Zend\Mvc\MvcEvent;
use Zend\Permissions\Acl\Acl;
use Zend\Permissions\Acl\Assertion\AssertionInterface;
@@ -11,7 +9,6 @@ use Zend\Permissions\Acl\Resource\ResourceInterface;
use Zend\Permissions\Acl\Role\RoleInterface;
use Zend\ServiceManager\ServiceLocatorAwareInterface;
use Zend\ServiceManager\ServiceLocatorAwareTrait;
-use Application\Acl\Role;
/**
* Description of AbstractAssertion
@@ -20,49 +17,13 @@ use Application\Acl\Role;
*/
abstract class AbstractAssertion implements AssertionInterface, ServiceLocatorAwareInterface
{
- use ServiceLocatorAwareTrait,
- \Application\Service\Traits\ContextAwareTrait
- ;
+ use ServiceLocatorAwareTrait;
+
-
const PRIVILEGE_CREATE = 'create';
const PRIVILEGE_READ = 'read';
const PRIVILEGE_UPDATE = 'update';
const PRIVILEGE_DELETE = 'delete';
-
- /**
- * @var Acl
- */
- protected $acl;
-
- /**
- * copntrôle par les privileges activés ou non
- *
- * @var boolean
- */
- protected $assertPrivilegesEnabled = false;
-
- /**
- * contrôle par les ressources activés ou non
- *
- * @var boolean
- */
- protected $assertResourcesEnabled = true;
-
- /**
- * @var string
- */
- protected $privilege;
-
- /**
- * @var ResourceInterface|string
- */
- protected $resource;
-
- /**
- * @var RoleInterface
- */
- protected $role;
/**
* !!!! Pour éviter l'erreur "Serialization of 'Closure' is not allowed"... !!!!
@@ -81,56 +42,138 @@ abstract class AbstractAssertion implements AssertionInterface, ServiceLocatorAw
* $role, $this->resource, or $privilege parameters are null, it means that the query applies to all Roles, Resources, or
* privileges, respectively.
*
- * @param Acl $acl
- * @param RoleInterface $role
- * @param ResourceInterface $resource
- * @param string $privilege
+ * @param Acl $acl
+ * @param RoleInterface $role
+ * @param ResourceInterface $resource
+ * @param string $privilege
* @return bool
*/
public function assert(Acl $acl, RoleInterface $role = null, ResourceInterface $resource = null, $privilege = null)
{
+ /** @deprecated */
$this->acl = $acl;
$this->resource = $resource;
$this->privilege = $privilege;
- $this->role = $this->getSelectedIdentityRole();
+ $this->role = $role;
+ /* fin de deprecated */
+
+ // gestion des privilèges
+ if ($this->detectPrivilege($resource)){
+ if (! $this->assertPrivilege ($acl, $role, ltrim( strstr( $resource, '/' ), '/'), $privilege)) return false;
+
+ // gestion des contrôleurs
+ }else if($this->detectController($resource)){
+ $spos = strpos($resource,'/')+1;
+ $dpos = strrpos($resource, ':')+1;
+ $controller = substr( $resource, $spos, $dpos-$spos-1);
+ $action = substr( $resource, $dpos );
+ if (! $this->assertController ($acl, $role, $controller, $action, $privilege)) return false;
+
+ // gestion des entités
+ }else if($this->detectEntity($resource)){
+ if (! $this->assertEntity ($acl, $role, $resource, $privilege)) return false;
+
+ // gestion de tout le reste
+ }else{
+ if (! $this->assertOther ($acl, $role, $resource, $privilege)) return false;
+
+ }
- if (! $this->assertPrivilege() ) return false;
- if (! $this->assertResource() ) return false;
return true;
}
- private function assertPrivilege()
+
+ /**
+ *
+ * @param string $resource
+ * @return boolean
+ */
+ private function detectPrivilege( $resource=null )
+ {
+ return is_string($resource) && 0 === strpos($resource, 'privilege/');
+ }
+
+ /**
+ *
+ * @param Acl $acl
+ * @param RoleInterface $role
+ * @param string $privilege
+ * @param string $subPrivilege
+ * @return boolean
+ */
+ protected function assertPrivilege(Acl $acl, RoleInterface $role=null, $privilege=null, $subPrivilege=null)
{
- if (! $this->assertPrivilegesEnabled) return true; // si pas activé alors on sort
- if ($this->role instanceof Role && ! empty($this->resource) && ! empty($this->privilege)){
- return $this->role->hasPrivilege($this->privilege, $this->resource);
- }
return true;
}
- private function assertResource()
+
+ /**
+ *
+ * @param string $resource
+ * @return boolean
+ */
+ private function detectController( $resource=null )
{
- if (! $this->assertResourcesEnabled) return true; // si pas activé alors on sort
- if (! $this->resource instanceof ResourceInterface) return true; // pas assez de précisions
- $resourceId = $this->resource->getResourceId();
+ return is_string($resource) && 0 === strpos($resource, 'controller/');
+ }
- if (method_exists( $this, 'assertResource'.$resourceId)){
- return $this->{'assertResource'.$resourceId}( $this->resource );
- }
+ /**
+ *
+ * @param Acl $acl
+ * @param RoleInterface $role
+ * @param string $controller
+ * @param string $action
+ * @param string $privilege
+ * @return boolean
+ */
+ protected function assertController(Acl $acl, RoleInterface $role=null, $controller=null, $action=null, $privilege=null)
+ {
+ return true;
+ }
+
+
+ /**
+ *
+ * @param string $resource
+ * @return boolean
+ */
+ private function detectEntity( $resource=null )
+ {
+ return
+ is_object($resource)
+ && method_exists($resource, 'getId');
+ }
+ /**
+ *
+ * @param Acl $acl
+ * @param RoleInterface $role
+ * @param ResourceInterface $entity
+ * @param string $privilege
+ * @return boolean
+ */
+ protected function assertEntity(Acl $acl, RoleInterface $role=null, ResourceInterface $entity=null, $privilege=null)
+ {
return true;
}
+
/**
- *
- * @return MvcEvent
+ *
+ * @param Acl $acl
+ * @param RoleInterface $role
+ * @param ResourceInterface $entity
+ * @param string $privilege
+ * @return boolean
*/
- protected function getMvcEvent()
+ protected function assertOther(Acl $acl, RoleInterface $role=null, ResourceInterface $entity=null, $privilege=null)
{
- return $this->getServiceLocator()->get('Application')->getMvcEvent();
+ return true;
}
+
/**
+ * @deprecated ?
* @return boolean
*/
protected function assertCRUD()
@@ -138,69 +181,42 @@ abstract class AbstractAssertion implements AssertionInterface, ServiceLocatorAw
if (!$this->privilege) {
return true;
}
-
+
switch ($this->privilege) {
case self::PRIVILEGE_CREATE:
- return $this->_assertCreate();
+ return ! (is_object($this->resource) && $this->resource->getId());
case self::PRIVILEGE_READ:
- return $this->_assertRead();
+ return ! (is_object($this->resource) && !$this->resource->getId());
case self::PRIVILEGE_UPDATE:
- return $this->_assertUpdate();
+ return ! (is_object($this->resource) && !$this->resource->getId());
case self::PRIVILEGE_DELETE:
- return $this->_assertDelete();
+ return ! (is_object($this->resource) && !$this->resource->getId());
default:
return true;
}
}
-
- private function _assertCreate()
- {
- if (is_object($this->resource) && $this->resource->getId()) {
- return false;
- }
-
- return true;
- }
-
- private function _assertRead()
- {
- if (is_object($this->resource) && !$this->resource->getId()) {
- return false;
- }
-
- return true;
- }
-
- private function _assertUpdate()
- {
- if (is_object($this->resource) && !$this->resource->getId()) {
- return false;
- }
-
- return true;
- }
-
- private function _assertDelete()
- {
- if (is_object($this->resource) && !$this->resource->getId()) {
- return false;
- }
-
- return true;
- }
-
- protected function getSelectedIdentityRole()
+
+
+ /**
+ *
+ * @return MvcEvent
+ */
+ protected function getMvcEvent()
{
- return $this->getServiceContext()->getSelectedIdentityRole();
+ $application = $this->getServiceLocator()->get('Application');
+ return $application->getMvcEvent();
}
-
+
+
/**
+ * @deprecated
+ *
* Retourne un privilège "normalisé" en fonction du type de ressource spécifié.
- *
+ *
* - Si la ressource est un objet, le privilège est directement utilisable.
* - Sinon la ressource est sans doute de la forme "controller/Application\Controller\MonController:monAction"
* (module BjyAuthorize) et le privilège sera le nom de l'action.
- *
+ *
* @param string $privilege
* @param string|object $resource Ex: "Application\Controller\MonController:monAction"
* @return string
@@ -210,57 +226,11 @@ abstract class AbstractAssertion implements AssertionInterface, ServiceLocatorAw
if (is_object($resource)) {
return $privilege;
}
-
+
if (!$privilege) {
$privilege = ($tmp = strrchr($resource, $c = ':')) ? ltrim($tmp, $c) : null;
}
-
- return $privilege;
- }
-
- /**
- * Teste si la date de fin de "privilège" du rôle courant est dépassée ou non.
- *
- * @return boolean
- */
- protected function isDateFinPrivilegeDepassee()
- {
- $dateFin = null;
-
- /**
- * Rôle Intervenant Permanent
- */
- if ($this->role instanceof IntervenantPermanentRole) {
- // il existe une date de fin de saisie (i.e. ajout, modif, suppression) de service par les intervenants permanents eux-mêmes
- if (in_array($this->privilege, [self::PRIVILEGE_CREATE, self::PRIVILEGE_UPDATE, self::PRIVILEGE_DELETE])) {
- $dateFin = $this->getServiceContext()->getDateFinSaisiePermanents();
-
- /**
- * Vilaine verrue pour prolonger la période de saisie des permanents de l'ESPE
- * @todo Virer cette verrue après le 27/03/2015 !!
- */
- if ($this->role->getIntervenant()->getStructure()->getSourceCode() === 'E01') {
- $dateFin = new \DateTime('2015-03-27');
- }
- }
- }
- if (null === $dateFin) {
- return false;
- }
-
- $now = new DateTime();
-
- $now->setTime(0, 0, 0);
- $dateFin->setTime(0, 0, 0);
-
- return $now > $dateFin;
- }
-
- public static function getAssertionId()
- {
- $getCalledClass = get_called_class();
- $getCalledClass = substr( $getCalledClass, strrpos( $getCalledClass, '\\')+1 );
- return $getCalledClass;
+ return $privilege;
}
}
\ No newline at end of file
diff --git a/module/Application/src/Application/Assertion/AgrementAssertion.php b/module/Application/src/Application/Assertion/AgrementAssertion.php
index 2bce7205aab2fb701cce03249bd91086fd4383b0..8ac31c4d0bbe00db9de0678cc691e213d3e945fd 100644
--- a/module/Application/src/Application/Assertion/AgrementAssertion.php
+++ b/module/Application/src/Application/Assertion/AgrementAssertion.php
@@ -54,7 +54,7 @@ class AgrementAssertion extends AbstractAssertion implements AgrementServiceAwar
* Cas N°1 : la ressource spécifiée est une entité ; un privilège est spécifié.
*/
if ($resource instanceof Agrement) {
- return $this->assertEntity();
+ return $this->assertEntityOld();
}
/**
@@ -107,7 +107,7 @@ class AgrementAssertion extends AbstractAssertion implements AgrementServiceAwar
*
* @return boolean
*/
- protected function assertEntity()
+ protected function assertEntityOld()
{
if (!parent::assertCRUD()) {
return false;
diff --git a/module/Application/src/Application/Assertion/ContratAssertion.php b/module/Application/src/Application/Assertion/ContratAssertion.php
index 711d87d984c858180a79c16527f6d0ecce7e919b..ada01f10ba783fc1ba4cebe86407830fcfe8b1f1 100644
--- a/module/Application/src/Application/Assertion/ContratAssertion.php
+++ b/module/Application/src/Application/Assertion/ContratAssertion.php
@@ -50,7 +50,7 @@ class ContratAssertion extends AbstractAssertion implements WorkflowIntervenantA
parent::assert($acl, $role, $resource, $privilege);
if ($resource instanceof Contrat) {
- return $this->assertEntity();
+ return $this->assertEntityOld();
}
return true;
@@ -60,7 +60,7 @@ class ContratAssertion extends AbstractAssertion implements WorkflowIntervenantA
*
* @return boolean
*/
- protected function assertEntity()
+ protected function assertEntityOld()
{
if (!parent::assertCRUD()) {
return false;
diff --git a/module/Application/src/Application/Assertion/FichierAssertion.php b/module/Application/src/Application/Assertion/FichierAssertion.php
index 18a050aaee498a44de545cc1c35357d15e710e1d..d5f89c56a41f795d04ea4df8978e0988b0245154 100644
--- a/module/Application/src/Application/Assertion/FichierAssertion.php
+++ b/module/Application/src/Application/Assertion/FichierAssertion.php
@@ -48,7 +48,7 @@ class FichierAssertion extends AbstractAssertion implements /*FichierServiceAwar
* Cas N°1 : la ressource spécifiée est une entité ; un privilège est spécifié.
*/
if ($resource instanceof Fichier) {
- return $this->assertEntity();
+ return $this->assertEntityOld();
}
/**
@@ -65,7 +65,7 @@ class FichierAssertion extends AbstractAssertion implements /*FichierServiceAwar
*
* @return boolean
*/
- protected function assertEntity()
+ protected function assertEntityOld()
{
if (!parent::assertCRUD()) {
return false;
diff --git a/module/Application/src/Application/Assertion/IntervenantAssertion.php b/module/Application/src/Application/Assertion/IntervenantAssertion.php
index cc082322fdef53cafabaaa726038795a3198105b..2050f57f513262123713fef04091309abee30a3d 100644
--- a/module/Application/src/Application/Assertion/IntervenantAssertion.php
+++ b/module/Application/src/Application/Assertion/IntervenantAssertion.php
@@ -30,14 +30,14 @@ class IntervenantAssertion extends AbstractAssertion
public function assert(Acl $acl, RoleInterface $role = null, ResourceInterface $resource = null, $privilege = null)
{
parent::assert($acl, $role, $resource, $privilege);
-
+
$privilege = $this->normalizedPrivilege($privilege, $resource);
-
+
if ('total-heures-comp' == $privilege){
$resource = $this->getMvcEvent()->getParam('intervenant');
return $this->assertIntervenantTotalHeuresComp($this->getSelectedIdentityRole(), $resource);
}
-
+
return true;
}
diff --git a/module/Application/src/Application/Assertion/MiseEnPaiementAssertion.php b/module/Application/src/Application/Assertion/MiseEnPaiementAssertion.php
index fad3b4918ee8c7087f95b7690e42e0130a57c4b9..91af192392a8d5a6cac694eef40340e91804225e 100644
--- a/module/Application/src/Application/Assertion/MiseEnPaiementAssertion.php
+++ b/module/Application/src/Application/Assertion/MiseEnPaiementAssertion.php
@@ -5,6 +5,7 @@ namespace Application\Assertion;
use Application\Interfaces\StructureAwareInterface;
use Application\Entity\Db\ServiceAPayerInterface;
use Application\Entity\Db\MiseEnPaiement;
+use Zend\Permissions\Acl;
/**
* Description of MiseEnPaiementAssertion
@@ -18,17 +19,20 @@ class MiseEnPaiementAssertion extends AbstractAssertion
const PRIVILEGE_VALIDATION = 'validation';
const PRIVILEGE_MISE_EN_PAIEMENT = 'mise-en-paiement';
- protected $assertPrivilegesEnabled = true;
+ protected function assertEntity(Acl\Acl $acl, Acl\Role\RoleInterface $role = null, Acl\Resource\ResourceInterface $entity = null, $privilege = null)
+ {
+ if ($entity instanceof MiseEnPaiement)
+ return $this->assertEntityMiseEnPaiement($entity);
+
+ return true;
+ }
- protected function assertResourceMiseEnPaiement( MiseEnPaiement $miseEnPaiement )
+ protected function assertEntityMiseEnPaiement( MiseEnPaiement $miseEnPaiement )
{
if ($miseEnPaiement->getValidation() && $this->privilege == self::PRIVILEGE_DEMANDE){
return false; // pas de nouvelle demande si la mise en paiement est déjà validée
}
-// if ($miseEnPaiement->getValidation() === null && $this->privilege == self::PRIVILEGE_MISE_EN_PAIEMENT){
-// return false; // impossible de mettre en paiement une demande non validée
-// }
if ($serviceAPayer = $miseEnPaiement->getServiceAPayer()){
return $this->assertResourceServiceAPayer($serviceAPayer);
diff --git a/module/Application/src/Application/Assertion/PieceJointeAssertion.php b/module/Application/src/Application/Assertion/PieceJointeAssertion.php
index b762e19949c0d067f3ad7287c13f16a4975c5e50..5a82fee992cd1328b9b8920d4c85c71f4ee09ff2 100644
--- a/module/Application/src/Application/Assertion/PieceJointeAssertion.php
+++ b/module/Application/src/Application/Assertion/PieceJointeAssertion.php
@@ -40,7 +40,7 @@ class PieceJointeAssertion extends AbstractAssertion implements WorkflowInterven
* Cas N°1 : la ressource spécifiée est une entité ; un privilège est spécifié.
*/
if ($resource instanceof PieceJointe) {
- return $this->assertEntity($acl, $role, $resource, $privilege);
+ return $this->assertEntityOld($acl, $role, $resource, $privilege);
}
/**
@@ -57,7 +57,7 @@ class PieceJointeAssertion extends AbstractAssertion implements WorkflowInterven
*
* @return boolean
*/
- protected function assertEntity()
+ protected function assertEntityOld()
{
if (!parent::assertCRUD()) {
return false;
diff --git a/module/Application/src/Application/Assertion/ServiceAssertion.php b/module/Application/src/Application/Assertion/ServiceAssertion.php
index b600f0139da2ecb4588b9d28860f39c9bd5d5092..8b88edc3a9844652d553741c6b143ffaf1544dad 100644
--- a/module/Application/src/Application/Assertion/ServiceAssertion.php
+++ b/module/Application/src/Application/Assertion/ServiceAssertion.php
@@ -13,6 +13,8 @@ use Zend\Permissions\Acl\Acl;
use Zend\Permissions\Acl\Resource\ResourceInterface;
use Zend\Permissions\Acl\Role\RoleInterface;
use Application\Entity\Db\TypeVolumeHoraire;
+use DateTime;
+use Application\Acl\IntervenantPermanentRole;
/**
* Description of Service
@@ -44,7 +46,7 @@ class ServiceAssertion extends AbstractAssertion
parent::assert($acl, $role, $resource, $privilege);
if ($resource instanceof Service) {
- return $this->assertEntity();
+ return $this->assertEntityOld();
}
return true;
@@ -56,7 +58,7 @@ class ServiceAssertion extends AbstractAssertion
*
* @return boolean
*/
- protected function assertEntity()
+ protected function assertEntityOld()
{
/*********************************************************
* Rôle administrateur
@@ -166,4 +168,35 @@ class ServiceAssertion extends AbstractAssertion
return false;
}
+
+ /**
+ * Teste si la date de fin de "privilège" du rôle courant est dépassée ou non.
+ *
+ * @return boolean
+ */
+ protected function isDateFinPrivilegeDepassee()
+ {
+ $dateFin = null;
+
+ /**
+ * Rôle Intervenant Permanent
+ */
+ if ($this->role instanceof IntervenantPermanentRole) {
+ // il existe une date de fin de saisie (i.e. ajout, modif, suppression) de service par les intervenants permanents eux-mêmes
+ if (in_array($this->privilege, [self::PRIVILEGE_CREATE, self::PRIVILEGE_UPDATE, self::PRIVILEGE_DELETE])) {
+ $dateFin = $this->getServiceContext()->getDateFinSaisiePermanents();
+ }
+ }
+
+ if (null === $dateFin) {
+ return false;
+ }
+
+ $now = new DateTime();
+
+ $now->setTime(0, 0, 0);
+ $dateFin->setTime(0, 0, 0);
+
+ return $now > $dateFin;
+ }
}
\ No newline at end of file
diff --git a/module/Application/src/Application/Assertion/ServiceReferentielAssertion.php b/module/Application/src/Application/Assertion/ServiceReferentielAssertion.php
index f23de6cb713553b8d9c60967425864e062336674..7ff09637d3455b9c28b9f0515a73ccb3f4afb4f2 100644
--- a/module/Application/src/Application/Assertion/ServiceReferentielAssertion.php
+++ b/module/Application/src/Application/Assertion/ServiceReferentielAssertion.php
@@ -13,6 +13,7 @@ use Application\Entity\Db\ServiceReferentiel;
use Zend\Permissions\Acl\Acl;
use Zend\Permissions\Acl\Resource\ResourceInterface;
use Zend\Permissions\Acl\Role\RoleInterface;
+use DateTime;
/**
*
@@ -38,7 +39,7 @@ class ServiceReferentielAssertion extends AbstractAssertion
parent::assert($acl, $role, $resource, $privilege);
if ($resource instanceof ServiceReferentiel) {
- return $this->assertEntity();
+ return $this->assertEntityOld();
}
return true;
@@ -50,7 +51,7 @@ class ServiceReferentielAssertion extends AbstractAssertion
*
* @return boolean
*/
- protected function assertEntity()
+ protected function assertEntityOld()
{
$intervenant = $this->resource->getIntervenant();
$serviceStructure = $this->resource->getStructure();
@@ -132,4 +133,35 @@ class ServiceReferentielAssertion extends AbstractAssertion
return true;
}
+
+ /**
+ * Teste si la date de fin de "privilège" du rôle courant est dépassée ou non.
+ *
+ * @return boolean
+ */
+ protected function isDateFinPrivilegeDepassee()
+ {
+ $dateFin = null;
+
+ /**
+ * Rôle Intervenant Permanent
+ */
+ if ($this->role instanceof IntervenantPermanentRole) {
+ // il existe une date de fin de saisie (i.e. ajout, modif, suppression) de service par les intervenants permanents eux-mêmes
+ if (in_array($this->privilege, [self::PRIVILEGE_CREATE, self::PRIVILEGE_UPDATE, self::PRIVILEGE_DELETE])) {
+ $dateFin = $this->getServiceContext()->getDateFinSaisiePermanents();
+ }
+ }
+
+ if (null === $dateFin) {
+ return false;
+ }
+
+ $now = new DateTime();
+
+ $now->setTime(0, 0, 0);
+ $dateFin->setTime(0, 0, 0);
+
+ return $now > $dateFin;
+ }
}
\ No newline at end of file
diff --git a/module/Application/src/Application/Assertion/TestAssertion.php b/module/Application/src/Application/Assertion/TestAssertion.php
new file mode 100644
index 0000000000000000000000000000000000000000..7d1e934c797161de1efdf5cca461795bd651f28c
--- /dev/null
+++ b/module/Application/src/Application/Assertion/TestAssertion.php
@@ -0,0 +1,46 @@
+<?php
+
+namespace Application\Assertion;
+
+use Application\Entity\Db\Service;
+use Zend\Permissions\Acl\Acl;
+use Zend\Permissions\Acl\Resource\ResourceInterface;
+use Zend\Permissions\Acl\Role\RoleInterface;
+
+/**
+ * Description of TestAssertion
+ *
+ * @author Laurent LÉCLUSE <laurent.lecluse at unicaen.fr>
+ */
+class TestAssertion extends AbstractAssertion
+{
+ /**
+ * @var Service
+ */
+ protected $resource;
+
+ /**
+ * Returns true if and only if the assertion conditions are met
+ *
+ * This method is passed the ACL, Role, Resource, and privilege to which the authorization query applies. If the
+ * $role, $resource, or $privilege parameters are null, it means that the query applies to all Roles, Resources, or
+ * privileges, respectively.
+ *
+ * @param Acl $acl
+ * @param RoleInterface $role
+ * @param ResourceInterface $resource
+ * @param string $privilege
+ * @return bool
+ */
+ public function assert(Acl $acl, RoleInterface $role = null, ResourceInterface $resource = null, $privilege = null)
+ {
+ parent::assert($acl, $role, $resource, $privilege);
+var_dump($acl->getRoles());
+// var_dump($acl);
+// var_dump($role);
+// var_dump($resource);
+// var_dump($privilege);
+
+ return true;
+ }
+}
\ No newline at end of file
diff --git a/module/Application/src/Application/Assertion/ValidationEnsRefAbstractAssertion.php b/module/Application/src/Application/Assertion/ValidationEnsRefAbstractAssertion.php
index d89d4310365fecc69983b2b7b7efdad5d9f25991..292a6d11ae4bada1ad6a170f481cc7da2a37a023 100644
--- a/module/Application/src/Application/Assertion/ValidationEnsRefAbstractAssertion.php
+++ b/module/Application/src/Application/Assertion/ValidationEnsRefAbstractAssertion.php
@@ -37,7 +37,7 @@ abstract class ValidationEnsRefAbstractAssertion extends AbstractAssertion
parent::assert($acl, $role, $resource, $privilege);
if ($resource instanceof ValidationEntity) {
- return $this->assertEntity();
+ return $this->assertEntityOld();
}
return true;
diff --git a/module/Application/src/Application/Assertion/ValidationReferentielAssertion.php b/module/Application/src/Application/Assertion/ValidationReferentielAssertion.php
index 70e669f24ae4345c2a49113df4edb4b04d5d5c7e..5e6a1b176acb836cd0de3a7b9a3985c7a97f8662 100644
--- a/module/Application/src/Application/Assertion/ValidationReferentielAssertion.php
+++ b/module/Application/src/Application/Assertion/ValidationReferentielAssertion.php
@@ -79,7 +79,7 @@ class ValidationReferentielAssertion extends ValidationEnsRefAbstractAssertion
//
// return false;
// }
- protected function assertEntity()
+ protected function assertEntityOld()
{
$rule = $this->getServiceLocator()->get('ValidationReferentielRule')
->setIntervenant($this->resource->getIntervenant())
diff --git a/module/Application/src/Application/Assertion/ValidationServiceAssertion.php b/module/Application/src/Application/Assertion/ValidationServiceAssertion.php
index e91a78164b6ad689d98653cfed06031b349d8a56..dba68ed36a34bfa1f90a27d669b9f9d2a396a980 100644
--- a/module/Application/src/Application/Assertion/ValidationServiceAssertion.php
+++ b/module/Application/src/Application/Assertion/ValidationServiceAssertion.php
@@ -94,7 +94,7 @@ class ValidationServiceAssertion extends ValidationEnsRefAbstractAssertion
//
// return false;
// }
- protected function assertEntity()
+ protected function assertEntityOld()
{
$rule = $this->getServiceLocator()->get('ValidationEnseignementRule')
->setIntervenant($this->resource->getIntervenant())
diff --git a/module/Application/src/Application/Entity/Db/Privilege.php b/module/Application/src/Application/Entity/Db/Privilege.php
index d744bfc288418a101b4edbec9d4e0f58188146bc..78965e4572bb4055472eef5552af77ccc0b86f63 100644
--- a/module/Application/src/Application/Entity/Db/Privilege.php
+++ b/module/Application/src/Application/Entity/Db/Privilege.php
@@ -7,6 +7,17 @@ namespace Application\Entity\Db;
*/
class Privilege
{
+ const MISE_EN_PAIEMENT_DEMANDE = 'mise-en-paiement-demande';
+ const MISE_EN_PAIEMENT_EXPORT_PAIE = 'mise-en-paiement-export-paie';
+ const MISE_EN_PAIEMENT_MISE_EN_PAIEMENT = 'mise-en-paiement-mise-en-paiement';
+ const MISE_EN_PAIEMENT_VALIDATION = 'mise-en-paiement-validation';
+ const MISE_EN_PAIEMENT_VISUALISATION = 'mise-en-paiement-visualisation';
+ const MODIF_SERVICE_DU_ASSOCIATION = 'modif-service-du-association';
+ const MODIF_SERVICE_DU_EDITION = 'modif-service-du-edition';
+ const MODIF_SERVICE_DU_VISUALISATION = 'modif-service-du-visualisation';
+ const PRIVILEGE_EDITION = 'privilege-edition';
+ const PRIVILEGE_VISUALISATION = 'privilege-visualisation';
+
/**
* @var string
*/
@@ -69,6 +80,11 @@ class Privilege
return $this->code;
}
+ public function getFullCode()
+ {
+ return $this->getCategorie()->getCode().'-'.$this->getCode();
+ }
+
/**
* Set libelle
*
diff --git a/module/Application/src/Application/Guard/PrivilegeController.php b/module/Application/src/Application/Guard/PrivilegeController.php
index 38be6e6b4c1f60b133a19b1309c7f0528c2c3706..a7dd68951697b7da7ee78e26835d4ae8738567ec 100644
--- a/module/Application/src/Application/Guard/PrivilegeController.php
+++ b/module/Application/src/Application/Guard/PrivilegeController.php
@@ -12,7 +12,7 @@ use Zend\ServiceManager\ServiceLocatorInterface;
*/
class PrivilegeController extends Controller
{
- use \Application\Service\Traits\PrivilegeAwareTrait
+ use \Application\Provider\Privilege\PrivilegeProviderAwareTrait
;
public function __construct(array $rules, ServiceLocatorInterface $serviceLocator)
@@ -23,7 +23,7 @@ class PrivilegeController extends Controller
protected function privilegesToRoles( array $rules )
{
- $pr = $this->getPrivilegesRoles();
+ $pr = $this->getPrivilegeProvider()->getPrivilegesRoles();
foreach( $rules as $index => $rule ){
if (isset($rule['privileges'])){
@@ -41,21 +41,6 @@ class PrivilegeController extends Controller
return $rules;
}
- protected function getPrivilegesRoles()
- {
- $privileges = $this->getServicePrivilege()->getList();
- /* @var $privileges \Application\Entity\Db\Privilege[] */
-
- $pr = [];
- foreach( $privileges as $privilege ){
- $roles = $privilege->getRoleCodes();
- if (! empty($roles)){
- $pr[$privilege->getCode()] = $roles;
- }
- }
- return $pr;
- }
-
/**
* Pour récupérer le serviceLocator depuis les traits de service
*
diff --git a/module/Application/src/Application/Provider/Identity/IdentityProvider.php b/module/Application/src/Application/Provider/Identity/IdentityProvider.php
index 129a93f1ef431efe4ef9513094d90b0fd5fbf6a8..ce25efedd84190a157ba42090ecbae8501a59084 100644
--- a/module/Application/src/Application/Provider/Identity/IdentityProvider.php
+++ b/module/Application/src/Application/Provider/Identity/IdentityProvider.php
@@ -9,13 +9,14 @@ use UnicaenAuth\Provider\Identity\ChainableProvider;
use UnicaenAuth\Provider\Identity\ChainEvent;
use Zend\ServiceManager\ServiceLocatorAwareInterface;
use Zend\ServiceManager\ServiceLocatorAwareTrait;
+use BjyAuthorize\Provider\Identity\ProviderInterface as IdentityProviderInterface;
/**
* Classe chargée de fournir les rôles que possède l'identité authentifiée.
*
* @author Bertrand GAUTHIER <bertrand.gauthier at unicaen.fr>
*/
-class IdentityProvider implements ServiceLocatorAwareInterface, ChainableProvider, EntityManagerAwareInterface
+class IdentityProvider implements ServiceLocatorAwareInterface, ChainableProvider, EntityManagerAwareInterface, IdentityProviderInterface
{
use ServiceLocatorAwareTrait;
use EntityManagerAwareTrait;
diff --git a/module/Application/src/Application/Provider/IdentityProvider.php b/module/Application/src/Application/Provider/IdentityProvider.php
deleted file mode 100644
index 5f2c8538f0d4e1d5fcfc5484e2936f660b41c293..0000000000000000000000000000000000000000
--- a/module/Application/src/Application/Provider/IdentityProvider.php
+++ /dev/null
@@ -1,79 +0,0 @@
-<?php
-namespace Application\Provider\Identity;
-
-use Application\Acl;
-use Application\Entity\Db\IntervenantExterieur;
-use Application\Entity\Db\IntervenantPermanent;
-use Application\Entity\Db\Affectation;
-use Application\Entity\Db\Utilisateur;
-use Common\Exception\RuntimeException;
-use UnicaenApp\Service\EntityManagerAwareInterface;
-use UnicaenApp\Service\EntityManagerAwareTrait;
-use UnicaenAuth\Provider\Identity\ChainableProvider;
-use UnicaenAuth\Provider\Identity\ChainEvent;
-use Zend\Permissions\Acl\Role\RoleInterface;
-use Zend\ServiceManager\ServiceLocatorAwareInterface;
-use Zend\ServiceManager\ServiceLocatorAwareTrait;
-
-/**
- * Classe chargée de fournir les rôles que possède l'identité authentifiée.
- *
- * @author Bertrand GAUTHIER <bertrand.gauthier at unicaen.fr>
- */
-class IdentityProvider implements ServiceLocatorAwareInterface, ChainableProvider, EntityManagerAwareInterface
-{
- use ServiceLocatorAwareTrait;
- use EntityManagerAwareTrait;
-
- /**
- * @var array
- */
- protected $roles;
-
- /**
- * {@inheritDoc}
- */
- public function injectIdentityRoles(ChainEvent $event)
- {
- $event->addRoles($this->getIdentityRoles());
- }
-
- /**
- * {@inheritDoc}
- */
- public function getIdentityRoles()
- {
- if (null === $this->roles) {
- $this->roles = [];
-
- $serviceAuthUserContext = $this->getServiceLocator()->get('AuthUserContext');
- /* @var $serviceAuthUserContext \UnicaenAuth\Service\UserContext */
- $utilisateur = $serviceAuthUserContext->getDbUser();
-
- if (! $utilisateur) return $this->roles; // pas connecté
-
- /**
- * Rôles que possède l'utilisateur dans la base de données.
- */
- if ($utilisateur->getPersonnel()) {
- foreach ($utilisateur->getPersonnel()->getAffectation() as $affectation) {
- /* @var $affectation Affectation */
- $roleId = $affectation->getRole()->getCode();
- if ($structure = $affectation->getStructure()){
- $roleId .= '-'.$structure->getSourceCode();
- }
- $this->roles[] = $roleId;
- }
- }
-
- /**
- * Rôle correspondant au type d'intervenant auquel appartient l'utilisateur
- */
- $intervenant = $utilisateur->getIntervenant();
- if ($intervenant){
- $this->roles[] = Acl\IntervenantRole::ROLE_ID;
- }
- }
- return $this->roles;
- }
-}
diff --git a/module/Application/src/Application/Provider/Privilege/PrivilegeProviderAwareTrait.php b/module/Application/src/Application/Provider/Privilege/PrivilegeProviderAwareTrait.php
new file mode 100644
index 0000000000000000000000000000000000000000..1a5e2f6f8b8aa8756b88318748ce3a26866aa18f
--- /dev/null
+++ b/module/Application/src/Application/Provider/Privilege/PrivilegeProviderAwareTrait.php
@@ -0,0 +1,50 @@
+<?php
+
+namespace Application\Provider\Privilege;
+
+use Common\Exception\RuntimeException;
+
+trait PrivilegeProviderAwareTrait
+{
+ /**
+ * description
+ *
+ * @var PrivilegeProviderInterface
+ */
+ private $privilegeProvider;
+
+ /**
+ *
+ * @param PrivilegeProviderInterface $privilegeProvider
+ * @return self
+ */
+ public function setPrivilegeProvider( PrivilegeProviderInterface $privilegeProvider )
+ {
+ $this->privilegeProvider = $privilegeProvider;
+ return $this;
+ }
+
+ /**
+ *
+ * @return PrivilegeProviderInterface
+ * @throws \Common\Exception\RuntimeException
+ */
+ public function getPrivilegeProvider()
+ {
+ if (empty($this->privilegeProvider)){
+ if (! method_exists($this, 'getServiceLocator')) {
+ throw new RuntimeException( 'La classe '.get_class($this).' n\'a pas accès au ServiceLocator.');
+ }
+
+ $serviceLocator = $this->getServiceLocator();
+ if (method_exists($serviceLocator, 'getServiceLocator')) {
+ $serviceLocator = $serviceLocator->getServiceLocator();
+ }
+
+ return $serviceLocator->get('PrivilegeProvider');
+ }else{
+ return $this->privilegeProvider;
+ }
+ }
+
+}
\ No newline at end of file
diff --git a/module/Application/src/Application/Provider/Privilege/PrivilegeProviderInterface.php b/module/Application/src/Application/Provider/Privilege/PrivilegeProviderInterface.php
new file mode 100644
index 0000000000000000000000000000000000000000..940e61e4a4f2614c9e7350524f97d0adfced3697
--- /dev/null
+++ b/module/Application/src/Application/Provider/Privilege/PrivilegeProviderInterface.php
@@ -0,0 +1,19 @@
+<?php
+
+namespace Application\Provider\Privilege;
+
+interface PrivilegeProviderInterface {
+
+ /**
+ * Retourne un tableau à deux dimentions composé de chaînes de caractère UNIQUEMENT
+ *
+ * Format du tableau :
+ * [
+ * 'privilege_a' => ['role_1', ...],
+ * 'privilege_b' => ['role_1', 'role_2', ...],
+ * ]
+ * @return string[][]
+ */
+ public function getPrivilegesRoles();
+
+}
\ No newline at end of file
diff --git a/module/Application/src/Application/Provider/Role/RoleProvider.php b/module/Application/src/Application/Provider/Role/RoleProvider.php
index ff48f63ae675fce60f49584a6a8fd52b59a75429..2deacdaba2e36b58e2169882e0cf1c49efc25970 100644
--- a/module/Application/src/Application/Provider/Role/RoleProvider.php
+++ b/module/Application/src/Application/Provider/Role/RoleProvider.php
@@ -105,8 +105,39 @@ class RoleProvider implements ProviderInterface, EntityManagerAwareInterface
->andWhere('1=compriseEntre(r.histoCreation,r.histoDestruction)')
->andWhere("a.personnel = :personnel")->setParameter(':personnel', $personnel);
foreach ($qb->getQuery()->getResult() as $affectation) { /* @var $affectation Affectation */
- $dbRole = $affectation->getRole();
- $role = new Role( $dbRole->getCode(), 'user', $dbRole->getLibelle());
+ $dbRole = $affectation->getRole();
+
+ $roleId = $dbRole->getCode();
+ $roleLibelle = $dbRole->getLibelle();
+ if ($structure = $affectation->getStructure()){
+ $roleId .= '-'.$structure->getSourceCode();
+ $roleLibelle .= ' ('.$structure->getLibelleCourt().')';
+ }
+
+ /** @deprecated */
+ $parents = [
+ 'gestionnaire-composante',
+ 'responsable-recherche-labo',
+ 'directeur-composante',
+ 'administrateur',
+ 'responsable-composante',
+ 'superviseur-etablissement',
+ ];
+ if (in_array($dbRole->getCode(), $parents)){
+ $parent = $dbRole->getCode();
+ }else{
+ $parent = 'user';
+ }
+
+ if (isset($roles[$roleId])){
+ $role = $roles[$roleId];
+ }else{
+ $role = new Role( $roleId, $parent, $roleLibelle);
+ }
+
+ /* fin de deprecated */
+
+ //$role = new Role( $roleId, $parent, $roleLibelle);
$role->setDbRole( $dbRole );
$role->setPersonnel( $personnel );
@@ -115,7 +146,9 @@ class RoleProvider implements ProviderInterface, EntityManagerAwareInterface
}else{
$role->setStructure( $affectation->getStructure() );
}
- $roles[$role->getRoleId()] = $role;
+
+
+ $roles[$roleId] = $role;
}
}
return $roles;
diff --git a/module/Application/src/Application/Provider/Rule/RuleProvider.php b/module/Application/src/Application/Provider/Rule/RuleProvider.php
index 0d143aa9db1857788831ccd4c547ca2180b7fb4e..5abc556ec5039a9b88a80f5459f61eabd031fc45 100644
--- a/module/Application/src/Application/Provider/Rule/RuleProvider.php
+++ b/module/Application/src/Application/Provider/Rule/RuleProvider.php
@@ -2,22 +2,64 @@
namespace Application\Provider\Rule;
-use Zend\ServiceManager\ServiceLocatorAwareInterface;
use BjyAuthorize\Provider\Rule\ProviderInterface;
+use Zend\ServiceManager\ServiceLocatorInterface;
/**
- * Description of RuleProvider
+ * Rule provider based on a given array of rules
*
- * @author Laurent LECLUSE <laurent.lecluse at unicaen.fr>
+ * @author Laurent LÉCLUSE <laurent.lecluse at unicaen.fr>
*/
-class RuleProvider implements ProviderInterface, ServiceLocatorAwareInterface
+class RuleProvider implements ProviderInterface
{
- use \Zend\ServiceManager\ServiceLocatorAwareTrait;
+ use \Zend\ServiceManager\ServiceLocatorAwareTrait,
+ \Application\Provider\Privilege\PrivilegeProviderAwareTrait
+ ;
- public function getRules()
+ /**
+ * @var array
+ */
+ protected $rules = array();
+
+ /**
+ * @param array $config
+ */
+ public function __construct( array $config, ServiceLocatorInterface $serviceLocator )
{
- return [];
+ $this->setServiceLocator($serviceLocator);
+
+ $pr = $this->getPrivilegeProvider()->getPrivilegesRoles();
+
+ foreach( $config as $grant => $rules ){
+ foreach( $rules as $index => $rule ){
+ if (is_array($rule)){
+ $privileges = (array)$rule[0];
+ $rs = [];
+ foreach( $pr as $privilege => $roles ){
+ if (in_array($privilege, $privileges)){
+ $rs = array_unique( array_merge($rs, $roles) );
+ }
+ }
+ $config[$grant][$index][0] = $rs;
+ }
+ }
+ }
+ $this->rules = $config;
+ if (! isset($this->rules['allow'])) $this->rules['allow'] = [];
+ foreach( $pr as $privilege => $roles ){
+ $this->rules['allow'][] = [
+ $roles,
+ 'privilege/'.$privilege
+ ];
+ }
}
+ /**
+ * {@inheritDoc}
+ */
+ public function getRules()
+ {
+ return $this->rules;
+ }
}
diff --git a/module/Application/src/Application/Service/Authorize.php b/module/Application/src/Application/Service/Authorize.php
new file mode 100644
index 0000000000000000000000000000000000000000..ea03db44a4cab9d70606e0712cfbda30781d06cc
--- /dev/null
+++ b/module/Application/src/Application/Service/Authorize.php
@@ -0,0 +1,61 @@
+<?php
+/**
+ * BjyAuthorize Module (https://github.com/bjyoungblood/BjyAuthorize)
+ *
+ * @link https://github.com/bjyoungblood/BjyAuthorize for the canonical source repository
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ */
+
+namespace Application\Service;
+
+/**
+ * Authorize service
+ *
+ * @author Ben Youngblood <bx.youngblood@gmail.com>
+ */
+class Authorize extends \BjyAuthorize\Service\Authorize
+{
+ use Traits\ContextAwareTrait;
+
+ /**
+ * Loading...
+ *
+ * @var boolean
+ */
+ protected $loading;
+
+
+ public function getServiceLocator()
+ {
+ return $this->serviceLocator;
+ }
+
+ /**
+ * @deprecated this method will be removed in BjyAuthorize 1.4.x+,
+ * please retrieve the identity from the
+ * `BjyAuthorize\Provider\Identity\ProviderInterface` service
+ *
+ * @return string
+ */
+ public function getIdentity()
+ {
+ $this->loaded && $this->loaded->__invoke();
+ if ($this->loading) return 'bjyauthorize-identity';
+ return $this->getServiceContext()->getSelectedIdentityRole();
+ }
+
+ /**
+ * Initializes the service
+ *
+ * @internal
+ *
+ * @return void
+ */
+ public function load()
+ {
+ $this->loading = true;
+ parent::load();
+ $this->loading = false;
+ }
+
+}
diff --git a/module/Application/src/Application/Service/AuthorizeFactory.php b/module/Application/src/Application/Service/AuthorizeFactory.php
new file mode 100644
index 0000000000000000000000000000000000000000..f543c3cf93814419965a16ad664db43c7b514543
--- /dev/null
+++ b/module/Application/src/Application/Service/AuthorizeFactory.php
@@ -0,0 +1,30 @@
+<?php
+/**
+ * BjyAuthorize Module (https://github.com/bjyoungblood/BjyAuthorize)
+ *
+ * @link https://github.com/bjyoungblood/BjyAuthorize for the canonical source repository
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ */
+
+namespace Application\Service;
+
+use Zend\ServiceManager\FactoryInterface;
+use Zend\ServiceManager\ServiceLocatorInterface;
+
+/**
+ * Factory responsible of building the {@see \BjyAuthorize\Service\Authorize} service
+ *
+ * @author Ben Youngblood <bx.youngblood@gmail.com>
+ */
+class AuthorizeFactory implements FactoryInterface
+{
+ /**
+ * {@inheritDoc}
+ *
+ * @return \Application\Service\Authorize
+ */
+ public function createService(ServiceLocatorInterface $serviceLocator)
+ {
+ return new Authorize($serviceLocator->get('BjyAuthorize\Config'), $serviceLocator);
+ }
+}
diff --git a/module/Application/src/Application/Service/Privilege.php b/module/Application/src/Application/Service/Privilege.php
index f8e8ab35c696a3cff3d081661397b80f1a9e3c2b..1192b0a0edbcc42ff783f52e2c4348b953a34435 100644
--- a/module/Application/src/Application/Service/Privilege.php
+++ b/module/Application/src/Application/Service/Privilege.php
@@ -2,13 +2,23 @@
namespace Application\Service;
+use Application\Provider\Privilege\PrivilegeProviderInterface;
+use \BjyAuthorize\Provider\Resource\ProviderInterface as ResourceProviderInterface;
+
+
/**
* Description of Privilege
*
* @author Laurent LÉCLUSE <laurent.lecluse at unicaen.fr>
*/
-class Privilege extends AbstractEntityService
+class Privilege extends AbstractEntityService implements PrivilegeProviderInterface, ResourceProviderInterface
{
+ /**
+ *
+ * @var array
+ */
+ private $privilegesRoles;
+
/**
* retourne la classe des entités
@@ -30,4 +40,40 @@ class Privilege extends AbstractEntityService
return 'priv';
}
+ /**
+ * Retourne un tableau à deux dimentions composé de chaînes de caractère UNIQUEMENT
+ *
+ * Format du tableau :
+ * [
+ * 'privilege_a' => ['role_1', ...],
+ * 'privilege_b' => ['role_1', 'role_2', ...],
+ * ]
+ * @return string[][]
+ */
+ public function getPrivilegesRoles()
+ {
+ if (empty($this->privilegesRoles)){
+ $privileges = $this->getList();
+ /* @var $privileges \Application\Entity\Db\Privilege[] */
+
+ $this->privilegesRoles = [];
+ foreach( $privileges as $privilege ){
+ $roles = $privilege->getRoleCodes();
+ if (! empty($roles)){
+ $this->privilegesRoles[$privilege->getFullCode()] = $roles;
+ }
+ }
+ }
+ return $this->privilegesRoles;
+ }
+
+ public function getResources()
+ {
+ $resources = [];
+ $privileges = array_keys( $this->getPrivilegesRoles() );
+ foreach( $privileges as $privilege ){
+ $resources[] = 'privilege/'.$privilege;
+ }
+ return $resources;
+ }
}
\ No newline at end of file