permettre au ROLE_USER de créer des groupes de travail (fixes #9)

This commit is contained in:
afornerot 2019-08-19 10:57:31 +02:00
parent 2477fa187b
commit 0f01430d81
6 changed files with 38 additions and 13 deletions

View File

@ -42,9 +42,6 @@ security:
access_control: access_control:
- { path: ^/websocket, roles: [ROLE_ADMIN, ROLE_MODO, ROLE_ANIM, ROLE_USER] } - { path: ^/websocket, roles: [ROLE_ADMIN, ROLE_MODO, ROLE_ANIM, ROLE_USER] }
- { path: ^/user/group/submit, roles: [ROLE_ADMIN, ROLE_MODO, ROLE_ANIM] }
- { path: ^/user/group/update, roles: [ROLE_ADMIN, ROLE_MODO, ROLE_ANIM] }
- { path: ^/user/group/delete, roles: [ROLE_ADMIN, ROLE_MODO, ROLE_ANIM] }
- { path: ^/user, roles: [ROLE_ADMIN, ROLE_MODO, ROLE_ANIM, ROLE_USER] } - { path: ^/user, roles: [ROLE_ADMIN, ROLE_MODO, ROLE_ANIM, ROLE_USER] }
- { path: ^/config, roles: [ROLE_ADMIN, ROLE_MODO] } - { path: ^/config, roles: [ROLE_ADMIN, ROLE_MODO] }

View File

@ -8,7 +8,7 @@ INSERT IGNORE INTO `niveau01` (`id`, `label`, `siren`) VALUES
(-100, 'DRAAF', '130007107'); (-100, 'DRAAF', '130007107');
INSERT IGNORE INTO `user` (`id`, `niveau01_id`, `username`, `firstname`, `lastname`, `password`, `email`, `avatar`, `role`,`siren`,`authlevel`) VALUES INSERT IGNORE INTO `user` (`id`, `niveau01_id`, `username`, `firstname`, `lastname`, `password`, `email`, `avatar`, `role`,`siren`,`authlevel`) VALUES
(-100, -100, 'admin', 'Administrateur', 'draaf', '{SSHA}7d5OuaGuX92B8iwYzkNe1P7C4reX07En (-100, -100, 'admin', 'Administrateur', 'draaf', '{SSHA}MBogNANkXtDRLDro8qSoCT65Wcm00zzJ
', 'admin@ldapbundle.ac-arno.fr', 'admin.jpg', 'ROLE_ADMIN', '130007107', 'simple'); ', 'admin@ldapbundle.ac-arno.fr', 'admin.jpg', 'ROLE_ADMIN', '130007107', 'simple');
@ -90,7 +90,9 @@ INSERT IGNORE INTO `config` (`order`, `visible`, `changeable`, `required`, `type
('200', 1, 0, 1, 'boolean', 'PROXYactivate', '1', '', 'Définit un Proxy'), ('200', 1, 0, 1, 'boolean', 'PROXYactivate', '1', '', 'Définit un Proxy'),
('201', 1, 0, 1, 'string', 'PROXYserver', '192.168.57.160', 'PROXYactivate','Adresse du Proxy'), ('201', 1, 0, 1, 'string', 'PROXYserver', '192.168.57.160', 'PROXYactivate','Adresse du Proxy'),
('202', 1, 0, 1, 'string', 'PROXYport', '8080', 'PROXYactivate','Port du Proxy'); ('202', 1, 0, 1, 'string', 'PROXYport', '8080', 'PROXYactivate','Port du Proxy'),
('500', 1, 1, 1, 'permgroup', 'permgroup', 'ROLE_ANIM', '', 'Determine quel rôle aura la permission de créer des groupes de travail');
INSERT IGNORE permmodo (`route`, `visible`) VALUES INSERT IGNORE permmodo (`route`, `visible`) VALUES

View File

@ -126,7 +126,7 @@ class GroupController extends Controller
$qb->orderBy('table.fgcanshare',$order[0]["dir"]); $qb->orderBy('table.fgcanshare',$order[0]["dir"]);
break; break;
case 5 : case 5 :
$qb->orderBy('u.username',$order[0]["dir"]); $qb->orderBy('table.owner',$order[0]["dir"]);
break; break;
case 6 : case 6 :
$qb->orderBy('table.fgcancreatepage',$order[0]["dir"]); $qb->orderBy('table.fgcancreatepage',$order[0]["dir"]);
@ -596,6 +596,13 @@ class GroupController extends Controller
{ {
$em = $this->getDoctrine()->getManager(); $em = $this->getDoctrine()->getManager();
// Permission
$permgroup=$this->get('session')->get('permgroup');
if($access="user") {
if($permgroup=="NO_BODY") throw $this->createNotFoundException('Permission denied');
if($permgroup=="ROLE_ANIM" && $this->isGranted('ROLE_USER')) throw $this->createNotFoundException('Permission denied');
}
// Initialisation de l'enregistrement // Initialisation de l'enregistrement
$data = new Group(); $data = new Group();
$data->setFgopen(false); $data->setFgopen(false);

View File

@ -136,6 +136,21 @@ class ConfigType extends AbstractType
"attr" => array("class" => "pick-a-color form-control"), "attr" => array("class" => "pick-a-color form-control"),
'required' => ($options["required"]==0?false:true))); 'required' => ($options["required"]==0?false:true)));
break; break;
case "permgroup":
$choices=array(
"NO_BODY" => "NO_BODY",
"ROLE_USER" => "ROLE_USER",
"ROLE_ANIM" => "ROLE_ANIM",
);
$builder->add("value", ChoiceType::class,
array("label" =>"Valeur",
"label_attr" => array("style" => 'margin-top:15px;'),
"attr" => array("class" => "form-control"),
'required' => ($options["required"]==0?false:true),
"choices" => $choices));
break;
} }
$builder->add('help', $builder->add('help',

View File

@ -9,7 +9,8 @@
{%endif%} {%endif%}
</h1> </h1>
{% if is_granted('ROLE_ADMIN') or is_granted('ROLE_MODO') or is_granted('ROLE_ANIM') %} {% set permgroup = app.session.get('permgroup') %}
{% if is_granted('ROLE_ADMIN') or is_granted('ROLE_MODO') or (is_granted('ROLE_ANIM') and (permgroup=="ROLE_ADMIN" or permgroup=="ROLE_USER")) or (is_granted('ROLE_USER') and permgroup=="ROLE_USER") %}
<p><a class="btn btn-success" href={{ path('cadoles_core_'~access~'_group_submit') }}> <p><a class="btn btn-success" href={{ path('cadoles_core_'~access~'_group_submit') }}>
{% if access=="config" %} {% if access=="config" %}
Ajouter Ajouter
@ -19,6 +20,7 @@
</a></p> </a></p>
{% endif %} {% endif %}
<div class="panel panel-primary"> <div class="panel panel-primary">
<div class="panel-heading"> <div class="panel-heading">
<i class="fa fa-table fa-fw"></i>Liste des Groupes <i class="fa fa-table fa-fw"></i>Liste des Groupes

View File

@ -102,13 +102,15 @@ INSERT IGNORE INTO `config` (`order`, `visible`, `changeable`, `required`, `type
%if %%activer_proxy_client == 'oui' %if %%activer_proxy_client == 'oui'
('200', 1, 0, 1, 'boolean', 'PROXYactivate', '1', '', 'Définit un Proxy'), ('200', 1, 0, 1, 'boolean', 'PROXYactivate', '1', '', 'Définit un Proxy'),
('201', 1, 0, 1, 'string', 'PROXYserver', '%%proxy_client_adresse', 'PROXYactivate','Adresse du Proxy'), ('201', 1, 0, 1, 'string', 'PROXYserver', '%%proxy_client_adresse', 'PROXYactivate','Adresse du Proxy'),
('202', 1, 0, 1, 'string', 'PROXYport', '%%proxy_client_port', 'PROXYactivate','Port du Proxy'); ('202', 1, 0, 1, 'string', 'PROXYport', '%%proxy_client_port', 'PROXYactivate','Port du Proxy'),
%else %else
('200', 1, 0, 1, 'boolean', 'PROXYactivate', '0', '', 'Définit un Proxy'), ('200', 1, 0, 1, 'boolean', 'PROXYactivate', '0', '', 'Définit un Proxy'),
('201', 1, 0, 1, 'string', 'PROXYserver', '', 'PROXYactivate','Adresse du Proxy'), ('201', 1, 0, 1, 'string', 'PROXYserver', '', 'PROXYactivate','Adresse du Proxy'),
('202', 1, 0, 1, 'string', 'PROXYport', '', 'PROXYactivate','Port du Proxy'); ('202', 1, 0, 1, 'string', 'PROXYport', '', 'PROXYactivate','Port du Proxy'),
%end if %end if
('500', 1, 1, 1, 'permgroup', 'permgroup', 'ROLE_ANIM', '', 'Determine quel rôle aura la permission de créer des groupes de travail');
INSERT IGNORE permmodo (`route`, `visible`) VALUES INSERT IGNORE permmodo (`route`, `visible`) VALUES
('cadoles_core_config_commun',0), ('cadoles_core_config_commun',0),