permettre au ROLE_USER de créer des groupes de travail (fixes #9)

2019-08-19 10:57:31 +02:00 · 2019-08-19 10:57:31 +02:00 · 0f01430d81
parent 2477fa187b
commit 0f01430d81
6 changed files with 38 additions and 13 deletions
--- a/src/ninegate-1.0/app/config/security.yml
+++ b/src/ninegate-1.0/app/config/security.yml
@ -42,9 +42,6 @@ security:
            
    access_control:
            - { path: ^/websocket, roles: [ROLE_ADMIN, ROLE_MODO, ROLE_ANIM, ROLE_USER] }
-            - { path: ^/user/group/submit, roles: [ROLE_ADMIN, ROLE_MODO, ROLE_ANIM] }
-            - { path: ^/user/group/update, roles: [ROLE_ADMIN, ROLE_MODO, ROLE_ANIM] }
-            - { path: ^/user/group/delete, roles: [ROLE_ADMIN, ROLE_MODO, ROLE_ANIM] }
            - { path: ^/user, roles: [ROLE_ADMIN, ROLE_MODO, ROLE_ANIM, ROLE_USER] }
            - { path: ^/config, roles: [ROLE_ADMIN, ROLE_MODO] }
                    
--- a/src/ninegate-1.0/src/Cadoles/CoreBundle/Command/data/core-init-01.sql
+++ b/src/ninegate-1.0/src/Cadoles/CoreBundle/Command/data/core-init-01.sql
@ -8,7 +8,7 @@ INSERT IGNORE INTO `niveau01` (`id`, `label`, `siren`) VALUES
 (-100, 'DRAAF', '130007107');

 INSERT IGNORE INTO `user` (`id`, `niveau01_id`, `username`, `firstname`, `lastname`, `password`, `email`, `avatar`, `role`,`siren`,`authlevel`) VALUES
-(-100, -100, 'admin', 'Administrateur', 'draaf', '{SSHA}7d5OuaGuX92B8iwYzkNe1P7C4reX07En
+(-100, -100, 'admin', 'Administrateur', 'draaf', '{SSHA}MBogNANkXtDRLDro8qSoCT65Wcm00zzJ
 ', 'admin@ldapbundle.ac-arno.fr', 'admin.jpg', 'ROLE_ADMIN', '130007107', 'simple');


@ -90,7 +90,9 @@ INSERT IGNORE INTO `config` (`order`, `visible`, `changeable`, `required`, `type

 ('200', 1, 0, 1, 'boolean', 		'PROXYactivate',	'1',														'',             'Définit un Proxy'),
 ('201', 1, 0, 1, 'string', 			'PROXYserver',		'192.168.57.160',									'PROXYactivate','Adresse du Proxy'),
-('202', 1, 0, 1, 'string', 			'PROXYport',		'8080',										'PROXYactivate','Port du Proxy');
+('202', 1, 0, 1, 'string', 			'PROXYport',		'8080',										'PROXYactivate','Port du Proxy'),
+
+('500', 1, 1, 1, 'permgroup',		'permgroup',        'ROLE_ANIM',											    '',				'Determine quel rôle aura la permission de créer des groupes de travail');


 INSERT IGNORE permmodo (`route`, `visible`) VALUES
--- a/src/ninegate-1.0/src/Cadoles/CoreBundle/Controller/GroupController.php
+++ b/src/ninegate-1.0/src/Cadoles/CoreBundle/Controller/GroupController.php
@ -126,7 +126,7 @@ class GroupController extends Controller
            $qb->orderBy('table.fgcanshare',$order[0]["dir"]);
            break;             
            case 5 : 
-            $qb->orderBy('u.username',$order[0]["dir"]);
+            $qb->orderBy('table.owner',$order[0]["dir"]);
            break;              
            case 6 : 
            $qb->orderBy('table.fgcancreatepage',$order[0]["dir"]);
@ -489,7 +489,7 @@ class GroupController extends Controller
        if (!$request->isXmlHttpRequest()) {
            return new JsonResponse(array('message' => 'Interdit'), 400);
        }
-        
+
        $em = $this->getDoctrine()->getManager();

        $output=array();
@ -524,7 +524,7 @@ class GroupController extends Controller
        if (!$request->isXmlHttpRequest()) {
            return new JsonResponse(array('message' => 'Interdit'), 400);
        }
-        
+       
        $em = $this->getDoctrine()->getManager();

        $output=array();
@ -596,6 +596,13 @@ class GroupController extends Controller
    {
        $em = $this->getDoctrine()->getManager();

+        // Permission
+        $permgroup=$this->get('session')->get('permgroup');
+        if($access="user") {
+            if($permgroup=="NO_BODY") throw $this->createNotFoundException('Permission denied');
+            if($permgroup=="ROLE_ANIM" && $this->isGranted('ROLE_USER')) throw $this->createNotFoundException('Permission denied');
+        }
+
        // Initialisation de l'enregistrement
        $data = new Group();
        $data->setFgopen(false);
@ -682,7 +689,7 @@ class GroupController extends Controller
        // Récupération de l'enregistrement courant 
        $em = $this->getDoctrine()->getManager();
        $data=$this->getData($id);
-                                                
+
        // Création du formulaire
        $form = $this->createForm(GroupType::class,$data,array(
            "mode"              => "update",
@ -803,7 +810,7 @@ class GroupController extends Controller
    }

    public function usersAction($id,Request $request, $access="config")
-    {
+    {      
        // Récupération de l'enregistrement courant 
        $data=$this->getData($id);

--- a/src/ninegate-1.0/src/Cadoles/CoreBundle/Form/ConfigType.php
+++ b/src/ninegate-1.0/src/Cadoles/CoreBundle/Form/ConfigType.php
@ -136,6 +136,21 @@ class ConfigType extends AbstractType
                          "attr"        => array("class" => "pick-a-color form-control"),
                          'required'    => ($options["required"]==0?false:true)));
                break;
+
+            case "permgroup":
+                $choices=array(
+                    "NO_BODY" => "NO_BODY",
+                    "ROLE_USER" => "ROLE_USER",
+                    "ROLE_ANIM" => "ROLE_ANIM",
+                );
+
+                $builder->add("value", ChoiceType::class,
+                    array("label"       =>"Valeur",
+                          "label_attr"  => array("style" => 'margin-top:15px;'),
+                          "attr"        => array("class" => "form-control"),
+                          'required'    => ($options["required"]==0?false:true),
+                          "choices"     => $choices));
+                break;                
        }

        $builder->add('help',
--- a/src/ninegate-1.0/src/Cadoles/CoreBundle/Resources/views/Group/list.html.twig
+++ b/src/ninegate-1.0/src/Cadoles/CoreBundle/Resources/views/Group/list.html.twig
@ -9,7 +9,8 @@
        {%endif%}
    </h1>

-    {% if is_granted('ROLE_ADMIN') or is_granted('ROLE_MODO') or is_granted('ROLE_ANIM') %}
+    {% set permgroup = app.session.get('permgroup') %}
+    {% if is_granted('ROLE_ADMIN') or is_granted('ROLE_MODO') or (is_granted('ROLE_ANIM') and (permgroup=="ROLE_ADMIN" or permgroup=="ROLE_USER")) or (is_granted('ROLE_USER') and permgroup=="ROLE_USER") %}
        <p><a class="btn btn-success" href={{ path('cadoles_core_'~access~'_group_submit') }}>
            {% if access=="config" %}
                Ajouter
@ -18,6 +19,7 @@
            {% endif %}
        </a></p>
    {% endif %}
+
    
    <div class="panel panel-primary">
        <div class="panel-heading">
--- a/tmpl/ninegate-init-01.sql
+++ b/tmpl/ninegate-init-01.sql
@ -102,13 +102,15 @@ INSERT IGNORE INTO `config` (`order`, `visible`, `changeable`, `required`, `type
 %if %%activer_proxy_client == 'oui'
 ('200', 1, 0, 1, 'boolean', 		'PROXYactivate',	'1',														'',             'Définit un Proxy'),
 ('201', 1, 0, 1, 'string', 			'PROXYserver',		'%%proxy_client_adresse',									'PROXYactivate','Adresse du Proxy'),
-('202', 1, 0, 1, 'string', 			'PROXYport',		'%%proxy_client_port',										'PROXYactivate','Port du Proxy');
+('202', 1, 0, 1, 'string', 			'PROXYport',		'%%proxy_client_port',										'PROXYactivate','Port du Proxy'),
 %else
 ('200', 1, 0, 1, 'boolean',			'PROXYactivate',	'0',														'',             'Définit un Proxy'),
 ('201', 1, 0, 1, 'string', 			'PROXYserver',		'',															'PROXYactivate','Adresse du Proxy'),
-('202', 1, 0, 1, 'string', 			'PROXYport',		'',															'PROXYactivate','Port du Proxy');
+('202', 1, 0, 1, 'string', 			'PROXYport',		'',															'PROXYactivate','Port du Proxy'),
 %end if

+('500', 1, 1, 1, 'permgroup',		'permgroup',        'ROLE_ANIM',											    '',				'Determine quel rôle aura la permission de créer des groupes de travail');
+

 INSERT IGNORE permmodo (`route`, `visible`) VALUES
 ('cadoles_core_config_commun',0),