feat: ROLE_PRODUCER become ROLE_MANAGER

CHANGELOG.md

@@ -3,6 +3,15 @@
 Ce fichier est basé sur [Keep a Changelog](http://keepachangelog.com/)
 et le projet utilise [Semantic Versioning](http://semver.org/).
 
+## [Unreleased]
+
+## [0.9.1] - 2022-04-07
+
+# Modification
+
+- Le rôle ROLE_PRODUCER devient ROLE_MANAGER (Référent)
+- Les administrateurs peuvent maintenant modifier le rôles des utilisateurs
+
 ## [0.9.0] - 2022-04-05
 
 ### Ajout

composer.json

@@ -2,7 +2,7 @@
   "name": "datatourisme/quality-platform-webapp",
   "type": "project",
   "description": "DATAtourisme - Quality Platform web application",
-  "version": "0.9.0",
+  "version": "0.9.1",
   "license": "GPL-3.0-or-later",
   "authors": [
     {

config/packages/security.yaml

@@ -41,8 +41,8 @@ security:
             # switch_user: true
 
     role_hierarchy:
-        ROLE_PRODUCER: [ROLE_USER]
-        ROLE_ADMIN: [ROLE_PRODUCER]
+        ROLE_MANAGER: [ROLE_USER]
+        ROLE_ADMIN: [ROLE_MANAGER]
         ROLE_SUPER_ADMIN: [ROLE_ADMIN]
 
     # Easy way to control access for large sections of your site

migrations/Version20220405144431.php

+<?php
+
+declare(strict_types=1);
+
+namespace DoctrineMigrations;
+
+use Doctrine\DBAL\Schema\Schema;
+use Doctrine\Migrations\AbstractMigration;
+
+/**
+ * Auto-generated Migration: Please modify to your needs!
+ */
+final class Version20220405144431 extends AbstractMigration
+{
+    public function getDescription(): string
+    {
+        return '';
+    }
+
+    public function up(Schema $schema): void
+    {
+        $this->addSql('UPDATE "user" SET role = \'ROLE_MANAGER\' WHERE role = \'ROLE_PRODUCER\'');
+
+    }
+
+    public function down(Schema $schema): void
+    {
+        $this->addSql('UPDATE "user" SET role = \'ROLE_PRODUCER\' WHERE role = \'ROLE_MANAGER\'');
+    }
+}

src/Command/CreateUserCommand.php

@@ -79,7 +79,7 @@ class CreateUserCommand extends Command
         $helper = $this->getHelper('question');
         $question = new Question('Role (ROLE_USER) : ', 'ROLE_USER');
         $question->setValidator(function ($role) {
-            if (!in_array($role, ['ROLE_USER', 'ROLE_ADMIN', 'ROLE_PRODUCER'])) {
+            if (!in_array($role, ['ROLE_USER', 'ROLE_ADMIN', 'ROLE_MANAGER'])) {
                 throw new \RuntimeException('Role ' . $role . ' does not exists.');
             }
             return $role;

src/Controller/Administration/UserController.php

@@ -30,7 +30,7 @@ use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
 
 /**
  * @Route("/admin/user", name="user.")
- * @Security("is_granted('ROLE_ADMIN') or is_granted('ROLE_PRODUCER')")
+ * @Security("is_granted('ROLE_ADMIN') or is_granted('ROLE_MANAGER')")
  */
 class UserController extends AbstractController
 {
@@ -78,7 +78,7 @@ class UserController extends AbstractController
 
         $user = new User();
         $user->setCreatedBy($currentUser);
-        $user->setRole($this->isGranted('ROLE_ADMIN') ? 'ROLE_PRODUCER' : 'ROLE_USER');
+        $user->setRole($this->isGranted('ROLE_ADMIN') ? 'ROLE_MANAGER' : 'ROLE_USER');
         $user->setProducer($currentUser->getProducer());
         $user->setPlainPassword(strval(rand(10000000, 9999999999999)));
         $user->setEnabled(false);

src/Controller/SsoController.php

@@ -25,7 +25,6 @@ use Symfony\Component\Routing\Annotation\Route;
 use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
 use Symfony\Component\Security\Core\Exception\AuthenticationException;
 use Symfony\Component\Security\Core\Signature\Exception\ExpiredSignatureException;
-use Symfony\Component\Security\Core\User\UserCheckerInterface;
 use Symfony\Component\Security\Http\Authentication\UserAuthenticatorInterface;
 use Symfony\Component\Security\Http\Authenticator\FormLoginAuthenticator;
 
@@ -128,7 +127,7 @@ class SsoController extends AbstractController
             $user = new User();
             $user->setEmail($payload['email']);
             $user->setPlainPassword(md5(time()));
-            $user->setRole('ROLE_PRODUCER');
+            $user->setRole('ROLE_USER'); // do not assign ROLE_MANAGER to avoid wide permission
             $user->setEnabled(true);
             $this->em->persist($user);
         }

src/Entity/User.php

@@ -127,7 +127,7 @@ class User implements UserInterface, PasswordAuthenticatedUserInterface, GroupSe
      * @var Producer
      * @ORM\ManyToOne(targetEntity="Producer", inversedBy="users")
      * @ORM\JoinColumn(nullable=true)
-     * @Assert\NotBlank(groups = {"ROLE_PRODUCER", "ROLE_USER"})
+     * @Assert\NotBlank(groups = {"ROLE_MANAGER", "ROLE_USER"})
      */
     private $producer;
 

src/Form/Filter/UserFilter.php

@@ -69,7 +69,7 @@ class UserFilter extends AbstractType
         $builder->add('role', ChoiceFilterType::class, [
             'choices' => [
                 'Utilisateur' => 'ROLE_USER',
-                'Producteur' => 'ROLE_PRODUCER',
+                'Référent' => 'ROLE_MANAGER',
                 'Administrateur' => 'ROLE_ADMIN',
                 'Super administrateur' => 'ROLE_SUPER_ADMIN',
             ],

src/Form/Type/UserType.php

@@ -76,7 +76,7 @@ class UserType extends AbstractType
             $builder = $form->getConfig()->getFormFactory()->createNamedBuilder('role', RoleType::class, null, [
                 'choice_label' => [
                     'ROLE_USER' => 'Utilisateur',
-                    'ROLE_PRODUCER' => 'Producteur',
+                    'ROLE_MANAGER' => 'Référent',
                     'ROLE_ADMIN' => 'Administrateur',
                     'ROLE_SUPER_ADMIN' => 'Super administrateur',
                 ],
@@ -105,7 +105,7 @@ class UserType extends AbstractType
      */
     private function addProducerField(FormInterface $form, string $role, User $account)
     {
-        if (!in_array($role, ['ROLE_PRODUCER', 'ROLE_USER'])) {
+        if (!in_array($role, ['ROLE_MANAGER', 'ROLE_USER'])) {
             $account->setProducer(null);
             return;
         }

src/Menu/MenuBuilder.php

@@ -70,7 +70,7 @@ class MenuBuilder
         ]);
 
         // Administration
-        if ($this->authorizationChecker->isGranted('ROLE_ADMIN') || $this->authorizationChecker->isGranted('ROLE_PRODUCER')) {
+        if ($this->authorizationChecker->isGranted('ROLE_ADMIN') || $this->authorizationChecker->isGranted('ROLE_MANAGER')) {
             $admin = $menu->addChild('Administration', [
                 'uri' => '#',
                 'extras' => [

src/Security/Voter/UserVoter.php

@@ -77,7 +77,7 @@ class UserVoter extends AbstractVoter
         }
 
         // producer can administrate user from the same SIT
-        if ($this->hasRole('ROLE_PRODUCER', $user) && $user->getProducer() && $user->getProducer() == $account->getProducer()) {
+        if ($this->hasRole('ROLE_MANAGER', $user) && $user->getProducer() && $user->getProducer() == $account->getProducer()) {
             return true;
         }
 
@@ -90,7 +90,7 @@ class UserVoter extends AbstractVoter
      */
     private function canCreate(User $user): bool
     {
-        // return $this->hasRole('ROLE_PRODUCER', $user);
+        // return $this->hasRole('ROLE_MANAGER', $user);
         return $this->hasRole('ROLE_ADMIN', $user);
     }
 
@@ -157,8 +157,8 @@ class UserVoter extends AbstractVoter
      */
     private function canSetRole(User $account, User $user): bool
     {
-        // only super-admin can set role
-        if (!$this->hasRole('ROLE_SUPER_ADMIN', $user)) {
+        // only admin can set role
+        if (!$this->hasRole('ROLE_ADMIN', $user)) {
             return false;
         }
 

templates/macros.html.twig

@@ -48,7 +48,7 @@
     {{ {
         ROLE_SUPER_ADMIN: "Super administrateur",
         ROLE_ADMIN: "Administrateur",
-        ROLE_PRODUCER: "Producteur",
+        ROLE_MANAGER: "Référent",
         ROLE_USER: "Utilisateur"
     }[role] }}
 {% endmacro %}