permettre au ROLE_USER de créer des groupes de travail (fixes #9)

This commit is contained in:
afornerot 2019-08-19 10:57:31 +02:00
parent 2477fa187b
commit 0f01430d81
6 changed files with 38 additions and 13 deletions

View File

@ -42,9 +42,6 @@ security:
access_control:
- { path: ^/websocket, roles: [ROLE_ADMIN, ROLE_MODO, ROLE_ANIM, ROLE_USER] }
- { path: ^/user/group/submit, roles: [ROLE_ADMIN, ROLE_MODO, ROLE_ANIM] }
- { path: ^/user/group/update, roles: [ROLE_ADMIN, ROLE_MODO, ROLE_ANIM] }
- { path: ^/user/group/delete, roles: [ROLE_ADMIN, ROLE_MODO, ROLE_ANIM] }
- { path: ^/user, roles: [ROLE_ADMIN, ROLE_MODO, ROLE_ANIM, ROLE_USER] }
- { path: ^/config, roles: [ROLE_ADMIN, ROLE_MODO] }

View File

@ -8,7 +8,7 @@ INSERT IGNORE INTO `niveau01` (`id`, `label`, `siren`) VALUES
(-100, 'DRAAF', '130007107');
INSERT IGNORE INTO `user` (`id`, `niveau01_id`, `username`, `firstname`, `lastname`, `password`, `email`, `avatar`, `role`,`siren`,`authlevel`) VALUES
(-100, -100, 'admin', 'Administrateur', 'draaf', '{SSHA}7d5OuaGuX92B8iwYzkNe1P7C4reX07En
(-100, -100, 'admin', 'Administrateur', 'draaf', '{SSHA}MBogNANkXtDRLDro8qSoCT65Wcm00zzJ
', 'admin@ldapbundle.ac-arno.fr', 'admin.jpg', 'ROLE_ADMIN', '130007107', 'simple');
@ -90,7 +90,9 @@ INSERT IGNORE INTO `config` (`order`, `visible`, `changeable`, `required`, `type
('200', 1, 0, 1, 'boolean', 'PROXYactivate', '1', '', 'Définit un Proxy'),
('201', 1, 0, 1, 'string', 'PROXYserver', '192.168.57.160', 'PROXYactivate','Adresse du Proxy'),
('202', 1, 0, 1, 'string', 'PROXYport', '8080', 'PROXYactivate','Port du Proxy');
('202', 1, 0, 1, 'string', 'PROXYport', '8080', 'PROXYactivate','Port du Proxy'),
('500', 1, 1, 1, 'permgroup', 'permgroup', 'ROLE_ANIM', '', 'Determine quel rôle aura la permission de créer des groupes de travail');
INSERT IGNORE permmodo (`route`, `visible`) VALUES

View File

@ -126,7 +126,7 @@ class GroupController extends Controller
$qb->orderBy('table.fgcanshare',$order[0]["dir"]);
break;
case 5 :
$qb->orderBy('u.username',$order[0]["dir"]);
$qb->orderBy('table.owner',$order[0]["dir"]);
break;
case 6 :
$qb->orderBy('table.fgcancreatepage',$order[0]["dir"]);
@ -596,6 +596,13 @@ class GroupController extends Controller
{
$em = $this->getDoctrine()->getManager();
// Permission
$permgroup=$this->get('session')->get('permgroup');
if($access="user") {
if($permgroup=="NO_BODY") throw $this->createNotFoundException('Permission denied');
if($permgroup=="ROLE_ANIM" && $this->isGranted('ROLE_USER')) throw $this->createNotFoundException('Permission denied');
}
// Initialisation de l'enregistrement
$data = new Group();
$data->setFgopen(false);

View File

@ -136,6 +136,21 @@ class ConfigType extends AbstractType
"attr" => array("class" => "pick-a-color form-control"),
'required' => ($options["required"]==0?false:true)));
break;
case "permgroup":
$choices=array(
"NO_BODY" => "NO_BODY",
"ROLE_USER" => "ROLE_USER",
"ROLE_ANIM" => "ROLE_ANIM",
);
$builder->add("value", ChoiceType::class,
array("label" =>"Valeur",
"label_attr" => array("style" => 'margin-top:15px;'),
"attr" => array("class" => "form-control"),
'required' => ($options["required"]==0?false:true),
"choices" => $choices));
break;
}
$builder->add('help',

View File

@ -9,7 +9,8 @@
{%endif%}
</h1>
{% if is_granted('ROLE_ADMIN') or is_granted('ROLE_MODO') or is_granted('ROLE_ANIM') %}
{% set permgroup = app.session.get('permgroup') %}
{% if is_granted('ROLE_ADMIN') or is_granted('ROLE_MODO') or (is_granted('ROLE_ANIM') and (permgroup=="ROLE_ADMIN" or permgroup=="ROLE_USER")) or (is_granted('ROLE_USER') and permgroup=="ROLE_USER") %}
<p><a class="btn btn-success" href={{ path('cadoles_core_'~access~'_group_submit') }}>
{% if access=="config" %}
Ajouter
@ -19,6 +20,7 @@
</a></p>
{% endif %}
<div class="panel panel-primary">
<div class="panel-heading">
<i class="fa fa-table fa-fw"></i>Liste des Groupes

View File

@ -102,13 +102,15 @@ INSERT IGNORE INTO `config` (`order`, `visible`, `changeable`, `required`, `type
%if %%activer_proxy_client == 'oui'
('200', 1, 0, 1, 'boolean', 'PROXYactivate', '1', '', 'Définit un Proxy'),
('201', 1, 0, 1, 'string', 'PROXYserver', '%%proxy_client_adresse', 'PROXYactivate','Adresse du Proxy'),
('202', 1, 0, 1, 'string', 'PROXYport', '%%proxy_client_port', 'PROXYactivate','Port du Proxy');
('202', 1, 0, 1, 'string', 'PROXYport', '%%proxy_client_port', 'PROXYactivate','Port du Proxy'),
%else
('200', 1, 0, 1, 'boolean', 'PROXYactivate', '0', '', 'Définit un Proxy'),
('201', 1, 0, 1, 'string', 'PROXYserver', '', 'PROXYactivate','Adresse du Proxy'),
('202', 1, 0, 1, 'string', 'PROXYport', '', 'PROXYactivate','Port du Proxy');
('202', 1, 0, 1, 'string', 'PROXYport', '', 'PROXYactivate','Port du Proxy'),
%end if
('500', 1, 1, 1, 'permgroup', 'permgroup', 'ROLE_ANIM', '', 'Determine quel rôle aura la permission de créer des groupes de travail');
INSERT IGNORE permmodo (`route`, `visible`) VALUES
('cadoles_core_config_commun',0),