accès à l'annuaire via configuration (fixes #31092)

This commit is contained in:
afornerot 2020-11-19 11:01:43 +01:00
parent 9b877c2de0
commit b7b9ae6ec1
7 changed files with 20 additions and 4 deletions

View File

@ -715,10 +715,11 @@ class GroupController extends Controller
$em = $this->getDoctrine()->getManager(); $em = $this->getDoctrine()->getManager();
// Permission // Permission
$permgroup=$this->get('session')->get('permgroup');
if($access=="user") { if($access=="user") {
$permgroup=$this->get('session')->get('permgroup');
if($permgroup=="NO_BODY") throw $this->createNotFoundException('Permission denied'); if($permgroup=="NO_BODY") throw $this->createNotFoundException('Permission denied');
if($permgroup=="ROLE_ANIM" && $this->isGranted('ROLE_USER')) throw $this->createNotFoundException('Permission denied'); if($permgroup=="ROLE_ANIM" && $this->isGranted('ROLE_USER')) throw $this->createNotFoundException('Permission denied');
if($permgroup=="ROLE_MODO" && ($this->isGranted('ROLE_ANIM') || $this->isGranted('ROLE_USER'))) throw $this->createNotFoundException('Permission denied');
} }
// Initialisation de l'enregistrement // Initialisation de l'enregistrement

View File

@ -40,6 +40,14 @@ class UserController extends Controller
public function listAction($access) public function listAction($access)
{ {
// Permission
if($access=="user") {
$permannu=$this->get('session')->get('permannu');
if($permannu=="NO_BODY") throw $this->createNotFoundException('Permission denied');
if($permannu=="ROLE_ANIM" && $this->isGranted('ROLE_USER')) throw $this->createNotFoundException('Permission denied');
if($permannu=="ROLE_MODO" && ($this->isGranted('ROLE_ANIM') || $this->isGranted('ROLE_USER'))) throw $this->createNotFoundException('Permission denied');
}
$em = $this->getDoctrine()->getManager(); $em = $this->getDoctrine()->getManager();
$config=$em->getRepository('CadolesCoreBundle:Config')->find("datausers"); $config=$em->getRepository('CadolesCoreBundle:Config')->find("datausers");
$fields=$config->getValue(); $fields=$config->getValue();

View File

@ -156,6 +156,7 @@ class ConfigType extends AbstractType
"NO_BODY" => "NO_BODY", "NO_BODY" => "NO_BODY",
"ROLE_USER" => "ROLE_USER", "ROLE_USER" => "ROLE_USER",
"ROLE_ANIM" => "ROLE_ANIM", "ROLE_ANIM" => "ROLE_ANIM",
"ROLE_MODO" => "ROLE_MODO",
); );
$builder->add("value", ChoiceType::class, $builder->add("value", ChoiceType::class,

View File

@ -10,7 +10,7 @@
</h1> </h1>
{% set permgroup = app.session.get('permgroup') %} {% set permgroup = app.session.get('permgroup') %}
{% if is_granted('ROLE_ADMIN') or is_granted('ROLE_MODO') or (is_granted('ROLE_ANIM') and (permgroup=="ROLE_USER" or permgroup=="ROLE_ANIM")) or (is_granted('ROLE_USER') and permgroup=="ROLE_USER") %} {% if is_granted('ROLE_ADMIN') or (is_granted('ROLE_MODO') and (permgroup=="ROLE_MODO" or permgroup=="ROLE_ANIM" or permgroup=="ROLE_USER")) or (is_granted('ROLE_ANIM') and (permgroup=="ROLE_ANIM" or permgroup=="ROLE_USER")) or (is_granted('ROLE_USER') and permgroup=="ROLE_USER") %}
<p><a class="btn btn-success" href={{ path('cadoles_core_'~access~'_group_submit') }}> <p><a class="btn btn-success" href={{ path('cadoles_core_'~access~'_group_submit') }}>
{% if access=="config" %} {% if access=="config" %}
Ajouter Ajouter

View File

@ -2,7 +2,12 @@
{% if is_granted('ROLE_ADMIN') or is_granted('ROLE_MODO') %} {% if is_granted('ROLE_ADMIN') or is_granted('ROLE_MODO') %}
<li><a href="{{ path('cadoles_core_config') }}" title="Configuration"><i class="fa fa-cog fa-fw"></i></a> <li><a href="{{ path('cadoles_core_config') }}" title="Configuration"><i class="fa fa-cog fa-fw"></i></a>
{% endif %} {% endif %}
{% set permannu = app.session.get('permannu') %}
{% if is_granted('ROLE_ADMIN') or (is_granted('ROLE_MODO') and (permannu=="ROLE_MODO" or permannu=="ROLE_ANIM" or permannu=="ROLE_USER")) or (is_granted('ROLE_ANIM') and (permannu=="ROLE_ANIM" or permannu=="ROLE_USER")) or (is_granted('ROLE_USER') and permannu=="ROLE_USER") %}
<li id="menu-annuaire"><a href="{{ path('cadoles_core_user_users') }}" title="Annuaire"><i class="fa fa-address-book fa-fw"></i></a> <li id="menu-annuaire"><a href="{{ path('cadoles_core_user_users') }}" title="Annuaire"><i class="fa fa-address-book fa-fw"></i></a>
{%endif%}
<li id="menu-group"><a href="{{ path('cadoles_core_user_group') }}" title="Groupes"><i class="fa fa-users fa-fw"></i></a> <li id="menu-group"><a href="{{ path('cadoles_core_user_group') }}" title="Groupes"><i class="fa fa-users fa-fw"></i></a>
<li id="menu-notice"><a href="{{ path('cadoles_portal_user_notice_view') }}" title="Charte"><i class="fa fa-info fa-fw"></i></a> <li id="menu-notice"><a href="{{ path('cadoles_portal_user_notice_view') }}" title="Charte"><i class="fa fa-info fa-fw"></i></a>
<li id="menu-profil"><a href="{{ path('cadoles_core_user') }}" title="Profil"><img class='avatar' src="/{{ alias }}/uploads/avatar/{{ app.user.avatar }}"></a></li> <li id="menu-profil"><a href="{{ path('cadoles_core_user') }}" title="Profil"><img class='avatar' src="/{{ alias }}/uploads/avatar/{{ app.user.avatar }}"></a></li>

View File

@ -14,7 +14,7 @@
{% set permgroup = app.session.get('permgroup') %} {% set permgroup = app.session.get('permgroup') %}
{% set canadd = false %} {% set canadd = false %}
{% if is_granted('ROLE_ADMIN') or is_granted('ROLE_MODO') or (is_granted('ROLE_ANIM') and (permgroup=="ROLE_ADMIN" or permgroup=="ROLE_USER")) or (is_granted('ROLE_USER') and permgroup=="ROLE_USER") %} {% if is_granted('ROLE_ADMIN') or (is_granted('ROLE_MODO') and (permgroup=="ROLE_MODO" or permgroup=="ROLE_ANIM" or permgroup=="ROLE_USER")) or (is_granted('ROLE_ANIM') and (permgroup=="ROLE_ANIM" or permgroup=="ROLE_USER")) or (is_granted('ROLE_USER') and permgroup=="ROLE_USER") %}
{% set canadd = true %} {% set canadd = true %}
{% endif %} {% endif %}

View File

@ -119,6 +119,7 @@ INSERT IGNORE INTO `config` (`order`, `visible`, `changeable`, `required`, `type
('202', 1, 0, 1, 'string', 'PROXYport', '', 'PROXYactivate','Port du Proxy'), ('202', 1, 0, 1, 'string', 'PROXYport', '', 'PROXYactivate','Port du Proxy'),
%end if %end if
('500', 1, 1, 1, 'permgroup', 'permgroup', 'ROLE_ANIM', '', 'Determine quel rôle aura la permission de créer des groupes de travail'); ('500', 1, 1, 1, 'permgroup', 'permgroup', 'ROLE_ANIM', '', 'Determine quel rôle aura la permission de créer des groupes de travail'),
('501', 1, 1, 1, 'permgroup', 'permannu', 'ROLE_USER', '', 'Determine quel rôle aura la permission de voir l\'annuaire');