Skip to content
Snippets Groups Projects
Commit b00c5d19 authored by Jean-Philippe Metivier's avatar Jean-Philippe Metivier
Browse files

Blocage de l'action d'annulation d'inscription via un privilège/assertion

parent 59812d3f
No related branches found
No related tags found
No related merge requests found
......@@ -32,3 +32,10 @@ FROM d
JOIN unicaen_parametre_categorie cp ON cp.CODE = 'GLOBAL';
INSERT INTO unicaen_privilege_privilege(CATEGORIE_ID, CODE, LIBELLE, ORDRE)
WITH d(code, lib, ordre) AS (
select 'inscription_annuler', 'Annuler l''inscription', 60
)
SELECT cp.id, d.code, d.lib, d.ordre
FROM d
JOIN unicaen_privilege_categorie cp ON cp.CODE = 'inscription';
\ No newline at end of file
......@@ -46,6 +46,7 @@ return [
[
'privileges' => [
InscriptionPrivileges::INSCRIPTION_AFFICHER,
InscriptionPrivileges::INSCRIPTION_ANNULER,
],
'resources' => ['Inscription'],
'assertion' => InscriptionAssertion::class
......@@ -140,13 +141,21 @@ return [
'controller' => InscriptionController::class,
'action' => [
'inscription',
'desinscription',
],
'roles' => [
'Agent',
'Stagiaire externe',
],
],
[
'controller' => InscriptionController::class,
'action' => [
'desinscription',
],
'privileges' => [
InscriptionPrivileges::INSCRIPTION_ANNULER,
],
],
[
'controller' => InscriptionController::class,
'action' => [
......
......@@ -9,6 +9,8 @@ use Agent\Service\Agent\AgentServiceAwareTrait;
use Agent\Service\AgentValidateur\AgentValidateurServiceAwareTrait;
use Agent\Provider\Privilege\AgentPrivileges;
use Formation\Entity\Db\Inscription;
use Formation\Provider\Etat\InscriptionEtats;
use Formation\Provider\Etat\SessionEtats;
use Formation\Provider\Privilege\InscriptionPrivileges;
use Formation\Provider\Role\FormationRoles;
use Formation\Service\Inscription\InscriptionServiceAwareTrait;
......@@ -64,10 +66,16 @@ class InscriptionAssertion extends AbstractAssertion
if (!$this->getPrivilegeService()->checkPrivilege($privilege, $role)) return false;
$session = $entity->getSession();
$sessionEtat = $session->getEtatActif()?->getType()->getCode();
switch ($privilege) {
case InscriptionPrivileges::INSCRIPTION_AFFICHER:
return $this->isScopeCompatible($entity, $user, $role);
case InscriptionPrivileges::INSCRIPTION_ANNULER:
if (!$this->isScopeCompatible($entity, $user, $role)) return false;
if (!in_array($role->getRoleId(), [RolesProvider::ROLE_AGENT, FormationRoles::STAGIAIRE_EXTERNE])) return true;
return ($sessionEtat AND in_array($sessionEtat, SessionEtats::ETATS_INSCRIPTION_ANNULABLE));
}
return true;
......
......@@ -32,4 +32,10 @@ class SessionEtats {
SessionEtats::ETAT_SESSION_ANNULEE,
SessionEtats::ETAT_CLOTURE_INSTANCE,
];
const ETATS_INSCRIPTION_ANNULABLE = [
SessionEtats::ETAT_CREATION_EN_COURS,
SessionEtats::ETAT_INSCRIPTION_OUVERTE,
SessionEtats::ETAT_INSCRIPTION_FERMEE,
];
}
\ No newline at end of file
......@@ -7,5 +7,6 @@ use UnicaenPrivilege\Provider\Privilege\Privileges;
class InscriptionPrivileges extends Privileges
{
const INSCRIPTION_AFFICHER = 'inscription-inscription_afficher';
const INSCRIPTION_ANNULER = 'inscription-inscription_annuler';
const INSCRIPTION_ENQUETE = 'inscription-inscription_enquete';
}
......@@ -18,6 +18,7 @@ use Agent\Entity\Db\Agent;
use DemandeExterne\Entity\Db\DemandeExterne;
use Formation\Entity\Db\Inscription;
use Formation\Provider\Etat\SessionEtats;
use Formation\Provider\Privilege\InscriptionPrivileges;
?>
......@@ -64,13 +65,15 @@ use Formation\Provider\Etat\SessionEtats;
<strong>Inscrit en liste <?php echo $inscription->getListe(); ?></strong>
</div>
<div class="col-md-4">
<?php if ($this->isAllowed($inscription, InscriptionPrivileges::INSCRIPTION_ANNULER)) : ?>
<a
<?php /** @see \Formation\Controller\FormationInstanceInscritController::desinscriptionAction() */ ?>
<?php /** @see \Formation\Controller\InscriptionController::desinscriptionAction() */ ?>
href="<?php echo $this->url('inscription/annuler-inscription', ['inscription' => $inscription->getId()], [], true); ?>"
class="btn btn-danger ajax-modal" data-event="modification"
>
<span class="icon icon-unchecked"> J'annule mon inscription </span>
</a>
<?php endif; ?>
<?php if ($instance->isEtatActif(SessionEtats::ETAT_FORMATION_CONVOCATION) && $inscription->getListe() === Inscription::PRINCIPALE) : ?>
<br/>
<a
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment