From b7b9ae6ec127d5ee92c3314df02fefed7cc20717 Mon Sep 17 00:00:00 2001
From: afornerot <afornerot@cadoles.com>
Date: Thu, 19 Nov 2020 11:01:43 +0100
Subject: [PATCH] =?UTF-8?q?acc=C3=A8s=20=C3=A0=20l'annuaire=20via=20config?=
 =?UTF-8?q?uration=20(fixes=20#31092)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../src/Cadoles/CoreBundle/Controller/GroupController.php | 3 ++-
 .../src/Cadoles/CoreBundle/Controller/UserController.php  | 8 ++++++++
 .../src/Cadoles/CoreBundle/Form/ConfigType.php            | 1 +
 .../CoreBundle/Resources/views/Group/list.html.twig       | 2 +-
 .../CoreBundle/Resources/views/Include/menu.html.twig     | 5 +++++
 .../Resources/views/Pagewidget/viewgroup.html.twig        | 2 +-
 tmpl/ninegate-init-01.sql                                 | 3 ++-
 7 files changed, 20 insertions(+), 4 deletions(-)

diff --git a/src/ninegate-1.0/src/Cadoles/CoreBundle/Controller/GroupController.php b/src/ninegate-1.0/src/Cadoles/CoreBundle/Controller/GroupController.php
index a20ed7e0..2497836f 100644
--- a/src/ninegate-1.0/src/Cadoles/CoreBundle/Controller/GroupController.php
+++ b/src/ninegate-1.0/src/Cadoles/CoreBundle/Controller/GroupController.php
@@ -715,10 +715,11 @@ class GroupController extends Controller
         $em = $this->getDoctrine()->getManager();
 
         // Permission
-        $permgroup=$this->get('session')->get('permgroup');
         if($access=="user") {
+            $permgroup=$this->get('session')->get('permgroup');
             if($permgroup=="NO_BODY") throw $this->createNotFoundException('Permission denied');
             if($permgroup=="ROLE_ANIM" && $this->isGranted('ROLE_USER')) throw $this->createNotFoundException('Permission denied');
+            if($permgroup=="ROLE_MODO" && ($this->isGranted('ROLE_ANIM') || $this->isGranted('ROLE_USER'))) throw $this->createNotFoundException('Permission denied');
         }
 
         // Initialisation de l'enregistrement
diff --git a/src/ninegate-1.0/src/Cadoles/CoreBundle/Controller/UserController.php b/src/ninegate-1.0/src/Cadoles/CoreBundle/Controller/UserController.php
index af26b137..b811677b 100644
--- a/src/ninegate-1.0/src/Cadoles/CoreBundle/Controller/UserController.php
+++ b/src/ninegate-1.0/src/Cadoles/CoreBundle/Controller/UserController.php
@@ -40,6 +40,14 @@ class UserController extends Controller
 
     public function listAction($access)
     {
+        // Permission
+        if($access=="user") {
+            $permannu=$this->get('session')->get('permannu');
+            if($permannu=="NO_BODY") throw $this->createNotFoundException('Permission denied');
+            if($permannu=="ROLE_ANIM" && $this->isGranted('ROLE_USER')) throw $this->createNotFoundException('Permission denied');
+            if($permannu=="ROLE_MODO" && ($this->isGranted('ROLE_ANIM') || $this->isGranted('ROLE_USER'))) throw $this->createNotFoundException('Permission denied');
+        }
+
         $em = $this->getDoctrine()->getManager();
         $config=$em->getRepository('CadolesCoreBundle:Config')->find("datausers");
         $fields=$config->getValue();
diff --git a/src/ninegate-1.0/src/Cadoles/CoreBundle/Form/ConfigType.php b/src/ninegate-1.0/src/Cadoles/CoreBundle/Form/ConfigType.php
index d81c713b..925756cd 100644
--- a/src/ninegate-1.0/src/Cadoles/CoreBundle/Form/ConfigType.php
+++ b/src/ninegate-1.0/src/Cadoles/CoreBundle/Form/ConfigType.php
@@ -156,6 +156,7 @@ class ConfigType extends AbstractType
                     "NO_BODY" => "NO_BODY",
                     "ROLE_USER" => "ROLE_USER",
                     "ROLE_ANIM" => "ROLE_ANIM",
+                    "ROLE_MODO" => "ROLE_MODO",
                 );
 
                 $builder->add("value", ChoiceType::class,
diff --git a/src/ninegate-1.0/src/Cadoles/CoreBundle/Resources/views/Group/list.html.twig b/src/ninegate-1.0/src/Cadoles/CoreBundle/Resources/views/Group/list.html.twig
index 597d3bd7..73c862af 100644
--- a/src/ninegate-1.0/src/Cadoles/CoreBundle/Resources/views/Group/list.html.twig
+++ b/src/ninegate-1.0/src/Cadoles/CoreBundle/Resources/views/Group/list.html.twig
@@ -10,7 +10,7 @@
     </h1>
 
     {% set permgroup = app.session.get('permgroup') %}
-    {% if is_granted('ROLE_ADMIN') or is_granted('ROLE_MODO') or (is_granted('ROLE_ANIM') and (permgroup=="ROLE_USER" or permgroup=="ROLE_ANIM")) or (is_granted('ROLE_USER') and permgroup=="ROLE_USER") %}
+    {% if is_granted('ROLE_ADMIN') or (is_granted('ROLE_MODO') and (permgroup=="ROLE_MODO" or permgroup=="ROLE_ANIM" or permgroup=="ROLE_USER")) or (is_granted('ROLE_ANIM') and (permgroup=="ROLE_ANIM" or permgroup=="ROLE_USER")) or (is_granted('ROLE_USER') and permgroup=="ROLE_USER") %}
         <p><a class="btn btn-success" href={{ path('cadoles_core_'~access~'_group_submit') }}>
             {% if access=="config" %}
                 Ajouter
diff --git a/src/ninegate-1.0/src/Cadoles/CoreBundle/Resources/views/Include/menu.html.twig b/src/ninegate-1.0/src/Cadoles/CoreBundle/Resources/views/Include/menu.html.twig
index 47dcf2e4..9d84cf3c 100644
--- a/src/ninegate-1.0/src/Cadoles/CoreBundle/Resources/views/Include/menu.html.twig
+++ b/src/ninegate-1.0/src/Cadoles/CoreBundle/Resources/views/Include/menu.html.twig
@@ -2,7 +2,12 @@
         {% if is_granted('ROLE_ADMIN') or is_granted('ROLE_MODO') %}
             <li><a href="{{ path('cadoles_core_config') }}" title="Configuration"><i class="fa fa-cog fa-fw"></i></a>
         {% endif %}
+
+        {% set permannu = app.session.get('permannu') %}
+        {% if is_granted('ROLE_ADMIN') or (is_granted('ROLE_MODO') and (permannu=="ROLE_MODO" or permannu=="ROLE_ANIM" or permannu=="ROLE_USER")) or (is_granted('ROLE_ANIM') and (permannu=="ROLE_ANIM" or permannu=="ROLE_USER")) or (is_granted('ROLE_USER') and permannu=="ROLE_USER") %}
         <li id="menu-annuaire"><a href="{{ path('cadoles_core_user_users') }}" title="Annuaire"><i class="fa fa-address-book fa-fw"></i></a>
+        {%endif%}
+
         <li id="menu-group"><a href="{{ path('cadoles_core_user_group') }}" title="Groupes"><i class="fa fa-users fa-fw"></i></a>
         <li id="menu-notice"><a href="{{ path('cadoles_portal_user_notice_view') }}" title="Charte"><i class="fa fa-info fa-fw"></i></a>
         <li id="menu-profil"><a href="{{ path('cadoles_core_user') }}" title="Profil"><img class='avatar' src="/{{ alias }}/uploads/avatar/{{ app.user.avatar }}"></a></li>
diff --git a/src/ninegate-1.0/src/Cadoles/PortalBundle/Resources/views/Pagewidget/viewgroup.html.twig b/src/ninegate-1.0/src/Cadoles/PortalBundle/Resources/views/Pagewidget/viewgroup.html.twig
index aeeb6d51..e03dcf9b 100644
--- a/src/ninegate-1.0/src/Cadoles/PortalBundle/Resources/views/Pagewidget/viewgroup.html.twig
+++ b/src/ninegate-1.0/src/Cadoles/PortalBundle/Resources/views/Pagewidget/viewgroup.html.twig
@@ -14,7 +14,7 @@
 
 {% set permgroup = app.session.get('permgroup') %}
 {% set canadd = false %}
-{% if is_granted('ROLE_ADMIN') or is_granted('ROLE_MODO') or (is_granted('ROLE_ANIM') and (permgroup=="ROLE_ADMIN" or permgroup=="ROLE_USER")) or (is_granted('ROLE_USER') and permgroup=="ROLE_USER") %}
+{% if is_granted('ROLE_ADMIN') or (is_granted('ROLE_MODO') and (permgroup=="ROLE_MODO" or permgroup=="ROLE_ANIM" or permgroup=="ROLE_USER")) or (is_granted('ROLE_ANIM') and (permgroup=="ROLE_ANIM" or permgroup=="ROLE_USER")) or (is_granted('ROLE_USER') and permgroup=="ROLE_USER") %}
     {% set canadd = true %}
 {% endif %}
 
diff --git a/tmpl/ninegate-init-01.sql b/tmpl/ninegate-init-01.sql
index f444de52..9d54f3fa 100644
--- a/tmpl/ninegate-init-01.sql
+++ b/tmpl/ninegate-init-01.sql
@@ -119,6 +119,7 @@ INSERT IGNORE INTO `config` (`order`, `visible`, `changeable`, `required`, `type
 ('202', 1, 0, 1, 'string', 			'PROXYport',		'',															'PROXYactivate','Port du Proxy'),
 %end if
 
-('500', 1, 1, 1, 'permgroup',		'permgroup',        'ROLE_ANIM',											    '',				'Determine quel rôle aura la permission de créer des groupes de travail');
+('500', 1, 1, 1, 'permgroup',		'permgroup',        'ROLE_ANIM',											    '',				'Determine quel rôle aura la permission de créer des groupes de travail'),
+('501', 1, 1, 1, 'permgroup',		'permannu',         'ROLE_USER',											    '',				'Determine quel rôle aura la permission de voir l\'annuaire');