Commit e8888d38 authored by Blaise de Carné's avatar Blaise de Carné
Browse files

feat: ROLE_PRODUCER become ROLE_MANAGER

parent 8ce9ba77
......@@ -3,6 +3,15 @@
Ce fichier est basé sur [Keep a Changelog](http://keepachangelog.com/)
et le projet utilise [Semantic Versioning](http://semver.org/).
## [Unreleased]
## [0.9.1] - 2022-04-07
# Modification
- Le rôle ROLE_PRODUCER devient ROLE_MANAGER (Référent)
- Les administrateurs peuvent maintenant modifier le rôles des utilisateurs
## [0.9.0] - 2022-04-05
### Ajout
......
......@@ -2,7 +2,7 @@
"name": "datatourisme/quality-platform-webapp",
"type": "project",
"description": "DATAtourisme - Quality Platform web application",
"version": "0.9.0",
"version": "0.9.1",
"license": "GPL-3.0-or-later",
"authors": [
{
......
......@@ -41,8 +41,8 @@ security:
# switch_user: true
role_hierarchy:
ROLE_PRODUCER: [ROLE_USER]
ROLE_ADMIN: [ROLE_PRODUCER]
ROLE_MANAGER: [ROLE_USER]
ROLE_ADMIN: [ROLE_MANAGER]
ROLE_SUPER_ADMIN: [ROLE_ADMIN]
# Easy way to control access for large sections of your site
......
<?php
declare(strict_types=1);
namespace DoctrineMigrations;
use Doctrine\DBAL\Schema\Schema;
use Doctrine\Migrations\AbstractMigration;
/**
* Auto-generated Migration: Please modify to your needs!
*/
final class Version20220405144431 extends AbstractMigration
{
public function getDescription(): string
{
return '';
}
public function up(Schema $schema): void
{
$this->addSql('UPDATE "user" SET role = \'ROLE_MANAGER\' WHERE role = \'ROLE_PRODUCER\'');
}
public function down(Schema $schema): void
{
$this->addSql('UPDATE "user" SET role = \'ROLE_PRODUCER\' WHERE role = \'ROLE_MANAGER\'');
}
}
......@@ -79,7 +79,7 @@ class CreateUserCommand extends Command
$helper = $this->getHelper('question');
$question = new Question('Role (ROLE_USER) : ', 'ROLE_USER');
$question->setValidator(function ($role) {
if (!in_array($role, ['ROLE_USER', 'ROLE_ADMIN', 'ROLE_PRODUCER'])) {
if (!in_array($role, ['ROLE_USER', 'ROLE_ADMIN', 'ROLE_MANAGER'])) {
throw new \RuntimeException('Role ' . $role . ' does not exists.');
}
return $role;
......
......@@ -30,7 +30,7 @@ use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
/**
* @Route("/admin/user", name="user.")
* @Security("is_granted('ROLE_ADMIN') or is_granted('ROLE_PRODUCER')")
* @Security("is_granted('ROLE_ADMIN') or is_granted('ROLE_MANAGER')")
*/
class UserController extends AbstractController
{
......@@ -78,7 +78,7 @@ class UserController extends AbstractController
$user = new User();
$user->setCreatedBy($currentUser);
$user->setRole($this->isGranted('ROLE_ADMIN') ? 'ROLE_PRODUCER' : 'ROLE_USER');
$user->setRole($this->isGranted('ROLE_ADMIN') ? 'ROLE_MANAGER' : 'ROLE_USER');
$user->setProducer($currentUser->getProducer());
$user->setPlainPassword(strval(rand(10000000, 9999999999999)));
$user->setEnabled(false);
......
......@@ -25,7 +25,6 @@ use Symfony\Component\Routing\Annotation\Route;
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
use Symfony\Component\Security\Core\Exception\AuthenticationException;
use Symfony\Component\Security\Core\Signature\Exception\ExpiredSignatureException;
use Symfony\Component\Security\Core\User\UserCheckerInterface;
use Symfony\Component\Security\Http\Authentication\UserAuthenticatorInterface;
use Symfony\Component\Security\Http\Authenticator\FormLoginAuthenticator;
......@@ -128,7 +127,7 @@ class SsoController extends AbstractController
$user = new User();
$user->setEmail($payload['email']);
$user->setPlainPassword(md5(time()));
$user->setRole('ROLE_PRODUCER');
$user->setRole('ROLE_USER'); // do not assign ROLE_MANAGER to avoid wide permission
$user->setEnabled(true);
$this->em->persist($user);
}
......
......@@ -127,7 +127,7 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface, GroupSe
* @var Producer
* @ORM\ManyToOne(targetEntity="Producer", inversedBy="users")
* @ORM\JoinColumn(nullable=true)
* @Assert\NotBlank(groups = {"ROLE_PRODUCER", "ROLE_USER"})
* @Assert\NotBlank(groups = {"ROLE_MANAGER", "ROLE_USER"})
*/
private $producer;
......
......@@ -69,7 +69,7 @@ class UserFilter extends AbstractType
$builder->add('role', ChoiceFilterType::class, [
'choices' => [
'Utilisateur' => 'ROLE_USER',
'Producteur' => 'ROLE_PRODUCER',
'Référent' => 'ROLE_MANAGER',
'Administrateur' => 'ROLE_ADMIN',
'Super administrateur' => 'ROLE_SUPER_ADMIN',
],
......
......@@ -76,7 +76,7 @@ class UserType extends AbstractType
$builder = $form->getConfig()->getFormFactory()->createNamedBuilder('role', RoleType::class, null, [
'choice_label' => [
'ROLE_USER' => 'Utilisateur',
'ROLE_PRODUCER' => 'Producteur',
'ROLE_MANAGER' => 'Référent',
'ROLE_ADMIN' => 'Administrateur',
'ROLE_SUPER_ADMIN' => 'Super administrateur',
],
......@@ -105,7 +105,7 @@ class UserType extends AbstractType
*/
private function addProducerField(FormInterface $form, string $role, User $account)
{
if (!in_array($role, ['ROLE_PRODUCER', 'ROLE_USER'])) {
if (!in_array($role, ['ROLE_MANAGER', 'ROLE_USER'])) {
$account->setProducer(null);
return;
}
......
......@@ -70,7 +70,7 @@ class MenuBuilder
]);
// Administration
if ($this->authorizationChecker->isGranted('ROLE_ADMIN') || $this->authorizationChecker->isGranted('ROLE_PRODUCER')) {
if ($this->authorizationChecker->isGranted('ROLE_ADMIN') || $this->authorizationChecker->isGranted('ROLE_MANAGER')) {
$admin = $menu->addChild('Administration', [
'uri' => '#',
'extras' => [
......
......@@ -77,7 +77,7 @@ class UserVoter extends AbstractVoter
}
// producer can administrate user from the same SIT
if ($this->hasRole('ROLE_PRODUCER', $user) && $user->getProducer() && $user->getProducer() == $account->getProducer()) {
if ($this->hasRole('ROLE_MANAGER', $user) && $user->getProducer() && $user->getProducer() == $account->getProducer()) {
return true;
}
......@@ -90,7 +90,7 @@ class UserVoter extends AbstractVoter
*/
private function canCreate(User $user): bool
{
// return $this->hasRole('ROLE_PRODUCER', $user);
// return $this->hasRole('ROLE_MANAGER', $user);
return $this->hasRole('ROLE_ADMIN', $user);
}
......@@ -157,8 +157,8 @@ class UserVoter extends AbstractVoter
*/
private function canSetRole(User $account, User $user): bool
{
// only super-admin can set role
if (!$this->hasRole('ROLE_SUPER_ADMIN', $user)) {
// only admin can set role
if (!$this->hasRole('ROLE_ADMIN', $user)) {
return false;
}
......
......@@ -48,7 +48,7 @@
{{ {
ROLE_SUPER_ADMIN: "Super administrateur",
ROLE_ADMIN: "Administrateur",
ROLE_PRODUCER: "Producteur",
ROLE_MANAGER: "Référent",
ROLE_USER: "Utilisateur"
}[role] }}
{% endmacro %}
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment