Skip to content

GitLab

Commit 2ddf5906 authored by Christian BUFFIN's avatar Christian BUFFIN
Browse files

Corrections concernant la suppression d'un utilisateur.

parent 7af537b4
Expand all Hide whitespace changes
Inline Side-by-side
app/Config/Schema/CreationBase/patchs/1.1.0_to_1.2.0.sql
View file @ 2ddf5906
......@@ -370,4 +370,14 @@ DELETE FROM valeurs WHERE champ_name IN (
'soustraitantemail'
);
ALTER TABLE users DROP COLUMN createdby;
ALTER TABLE commentaires DROP CONSTRAINT "commentaires_user_id_fkey";
ALTER TABLE commentaires ALTER COLUMN user_id DROP NOT NULL;
ALTER TABLE commentaires ADD FOREIGN KEY (user_id) REFERENCES users(id) ON DELETE SET NULL ON UPDATE CASCADE;
ALTER TABLE commentaires DROP CONSTRAINT "commentaires_destinataire_id_fkey";
ALTER TABLE commentaires ALTER COLUMN destinataire_id DROP NOT NULL;
ALTER TABLE commentaires ADD FOREIGN KEY (destinataire_id) REFERENCES users(id) ON DELETE SET NULL ON UPDATE CASCADE;
COMMIT;
app/Controller/Component/BanettesComponent.php
View file @ 2ddf5906
......@@ -68,7 +68,8 @@ class BanettesComponent extends Component {
'fields' => [
'id',
'nom',
'prenom'
'prenom',
$this->Fiche->User->vfNomComplet()
]
],
'Valeur' => [
......
app/Controller/PannelController.php
View file @ 2ddf5906
......@@ -483,7 +483,8 @@ class PannelController extends AppController {
'User' => [
'id',
'nom',
'prenom'
'prenom',
'nom_complet'
],
],
'User' => [
......@@ -494,7 +495,8 @@ class PannelController extends AppController {
'User' => [
'id',
'nom',
'prenom'
'prenom',
'nom_complet'
]
],
],
......@@ -844,7 +846,8 @@ class PannelController extends AppController {
'fields' => [
'User.id',
'User.nom',
'User.prenom'
'User.prenom',
'User.nom_complet',
],
'joins' => [
$this->Droit->join('OrganisationUser', ['type' => "INNER"]),
......
app/Controller/UsersController.php
View file @ 2ddf5906
......@@ -85,6 +85,7 @@ class UsersController extends AppController {
$query = [
'fields' => [
'User.id',
'User.is_dpo',
'User.username',
'User.nom_complet'
],
......@@ -688,57 +689,108 @@ class UsersController extends AppController {
* @created 17/06/2015
* @version V1.0.0
*/
public function delete($id = null) {
if ($this->Session->read('Auth.User.id') != $id) {
if ($this->Droits->authorized(ListeDroit::SUPPRIMER_UTILISATEUR)) {
$this->User->id = $id;
public function delete($id) {
// La même logique que dans la vue et que dans AdminsController
if ($id == 1 || $id == $this->Session->read('Auth.User.id')) {
throw new ForbiddenException(__d('default', 'default.flasherrorPasDroitPage'));
}
if (!$this->User->exists()) {
throw new NotFoundException('User invalide');
}
$query = [
'fields' => [
'Admin.id',
'User.id',
'User.nom',
'User.prenom',
'User.is_dpo',
],
'contain' => [
'Admin'
],
'conditions' => [
'User.id' => $id
]
];
$user = $this->User->find('first', $query);
if ($id != 1) {
$success = true;
$this->User->begin();
if (empty($user) === true) {
throw new NotFoundException();
}
$success = $success && $this->OrganisationUser->deleteAll(['user_id' => $id]);
// Impossible de supprimer un Superadmin ou un DPO
if (empty($user['Admin']['id']) === false || $user['User']['is_dpo'] === true) {
$msgid = 'Impossible de supprimer un Superadmin ou un DPO';
throw new RuntimeException(sprintf($msgid, $id));
}
if ($success == true) {
if ($this->Droits->isDpo()) {
$success = $success && $this->Organisation->updateAll([
'Organisation.dpo' => null
], [
'Organisation.dpo' => $id
]
) !== false;
}
$success = true;
$this->User->begin();
if ($success == true) {
$success = $success && $this->User->delete();
}
}
// 1. Mise à jour de EtatFiche.user_id, puis de EtatFiche.previous_user_id avec l'id du DPO de l'entité
foreach (['user_id', 'previous_user_id'] as $fieldName) {
$query = [
'fields' => [
'EtatFiche.id',
'Organisation.dpo',
],
'joins' => [
$this->User->Fiche->join('EtatFiche', ['type' => 'INNER']),
$this->User->Fiche->join('Organisation', ['type' => 'INNER'])
],
'conditions' => [
"EtatFiche.{$fieldName}" => $id,
],
];
foreach ($this->User->Fiche->find('all', $query) as $fiche) {
$success = $success && $this->User->Fiche->EtatFiche->updateAll(
[$fieldName => $fiche['Organisation']['dpo']],
['id' => $fiche['EtatFiche']['id']]
);
}
}
if ($success == true) {
$this->User->commit();
$this->Session->setFlash(__d('user', 'user.flashsuccessUserSupprimer'), 'flashsuccess');
} else {
$this->User->rollback();
$this->Session->setFlash(__d('default', 'default.flasherrorEnregistrementErreur'), 'flasherror');
}
// 2. Mise à jour de Fiche.user_id avec l'id du DPO de l'entité
$query = [
'fields' => [
'Fiche.id',
'Organisation.dpo',
],
'joins' => [
$this->User->Fiche->join('Organisation', ['type' => 'INNER'])
],
'conditions' => [
'Fiche.user_id' => $id,
],
];
foreach ($this->User->Fiche->find('all', $query) as $fiche) {
$success = $success && $this->User->Fiche->updateAll(
['user_id' => $fiche['Organisation']['dpo']],
['id' => $fiche['Fiche']['id']]
);
}
$this->redirect($this->Referers->get());
}
$success = $success && $this->User->Fiche->EtatFiche->Commentaire->updateAll(
['user_id' => null],
['user_id' => $id]
);
$this->Session->setFlash(__d('user', 'user.flasherrorErreurSupprimerUser'), 'flasherror');
$this->redirect($this->Referers->get());
} else {
$this->Session->setFlash(__d('default', 'default.flasherrorPasDroitPage'), 'flasherror');
$this->redirect($this->Referers->get());
}
$success = $success && $this->User->Fiche->EtatFiche->Commentaire->updateAll(
['destinataire_id' => null],
['destinataire_id' => $id]
);
$success = $success && $this->User->Notification->deleteAll(['user_id' => $id], false);
$success = $success && $this->User->delete($id);
if ($success == true) {
$this->User->commit();
$this->Session->setFlash(__d('user', 'user.flashsuccessUserSupprimer'), 'flashsuccess');
} else {
$this->Session->setFlash(__d('user', 'user.flasherrorErreurSuppressionImpossibleUser'), 'flasherror');
$this->redirect($this->referer());
$this->User->rollback();
$this->Session->setFlash(__d('default', 'default.flasherrorEnregistrementErreur'), 'flasherror');
}
$this->redirect($this->Referers->get());
}
/**
......
app/Locale/fra/LC_MESSAGES/element.po
View file @ 2ddf5906
......@@ -21,6 +21,9 @@ msgstr "Rédaction"
msgid "element.CreePar"
msgstr "Créé par"
msgid "element.Cree"
msgstr "Créé"
msgid "element.Le"
msgstr "le"
......@@ -36,12 +39,18 @@ msgstr "En attente de validation"
msgid "element.RecuePar"
msgstr "Reçu par"
msgid "element.Recue"
msgstr "Reçu"
msgid "element.Verrouille"
msgstr "Traitement verrouillé"
msgid "element.VerrouilleePar"
msgstr "Verrouillée par"
msgid "element.Verrouillee"
msgstr "Verrouillée"
msgid "element.ModificationTraitementRegistre"
msgstr "Modification du traitement inséré dans le registre"
......@@ -66,6 +75,12 @@ msgstr "Validé et inscrit au registre"
msgid "element.CommenterPar"
msgstr "Commenté par"
msgid "element.Commenter"
msgstr "Commenté"
msgid "element.CommenterLe"
msgstr "Commenté le"
msgid "element.AttenteConsultation"
msgstr "En attente de consultation"
......
app/Model/User.php
View file @ 2ddf5906
......@@ -59,6 +59,7 @@ class User extends AppModel {
* @var array
*/
public $virtualFields = [
'is_dpo' => '( EXISTS( SELECT * FROM "organisations" WHERE "organisations"."dpo" = "User"."id" ) )',
'nom_complet' => '( COALESCE( "User"."civilite", \'\' ) || \' \' || COALESCE( "User"."prenom", \'\' ) || \' \' || COALESCE( "User"."nom", \'\' ) )',
'nom_complet_court' => '( COALESCE( "User"."prenom", \'\' ) || \' \' || COALESCE( "User"."nom", \'\' ) )'
];
......@@ -480,4 +481,10 @@ class User extends AppModel {
return false;
}
}
public function vfNomComplet($alias = null, $fieldName = 'nom_complet') {
$alias = $alias === null ? $this->alias : $alias;
$sql = str_replace("\"{$this->name}\"", "\"{$alias}\"", $this->virtualFields['nom_complet']);
return "{$sql} AS \"{$alias}__{$fieldName}\"";
}
}
app/View/Elements/parcours.ctp
View file @ 2ddf5906
This diff is collapsed.
app/View/Users/index.ctp
View file @ 2ddf5906
......@@ -229,7 +229,7 @@ if (empty($results) === false) {
//Bouton de suppression
if ($this->Session->read('Auth.User.id') != $result['User']['id']) {
if ($this->Autorisation->authorized(10, $droits)) {
if ($result['User']['id'] != 1) {
if ($result['User']['id'] !== 1 && $result['User']['is_dpo'] === false) {
//Bouton de suppression
$actions .= $this->Html->link('<span class="fa fa-trash fa-lg"><!----></span>', [
'controller' => 'users',
......@@ -238,19 +238,8 @@ if (empty($results) === false) {
], [
'class' => 'btn btn-default-danger btn-sm my-tooltip',
'title' => __d('user', 'user.commentaireSupprimerUser'),
'escapeTitle' => false
], __d('user', 'user.confirmationSupprimerUser') . $result['User']['nom_complet'] . ' ?');
} else {
$actions .= $this->Html->link('<span class="glyphicon glyphicon-trash"><!----></span>', [
'controller' => 'users',
'action' => 'delete',
$result['User']['id']
], [
'class' => 'btn btn-default-danger btn-sm my-tooltip',
'escapeTitle' => false,
'title' => __d('user', 'user.commentaireSupprimerUser'),
"disabled" => "disabled"
], __d('user', 'user.confirmationSupprimerUser') . $result['User']['prenom'] . ' ' . $result['User']['nom'] . ' ?');
], __d('user', 'user.confirmationSupprimerUser') . $result['User']['nom_complet'] . ' ?');
}
}
}
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment