Commit d52d9e4583f2da8d8dd63ce47f230c27016878a0
1 parent
a395b7e1
Exists in
master
and in
2 other branches
simplification des vues et acl (materiel)
Showing
6 changed files
with
107 additions
and
17 deletions
Show diff stats
src/Controller/AppController.php
... | ... | @@ -362,6 +362,8 @@ class AppController extends Controller |
362 | 362 | */ |
363 | 363 | public function initialize() |
364 | 364 | { |
365 | + $this->myDebug("step AVANT 0: AppController.initialize()"); | |
366 | + | |
365 | 367 | parent::initialize(); |
366 | 368 | |
367 | 369 | $this->loadComponent('RequestHandler'); |
... | ... | @@ -428,6 +430,8 @@ class AppController extends Controller |
428 | 430 | */ |
429 | 431 | public function isAuthorized($user) |
430 | 432 | { |
433 | + $this->myDebug("step 1: AppController.isAuthorized()"); | |
434 | + | |
431 | 435 | /* |
432 | 436 | * // ATTENTION, normalement, on devrait tester si role est défini..., mais c'est sans doute pas utile |
433 | 437 | * // cf https://book.cakephp.org/3.0/fr/tutorials-and-examples/blog-auth-example/auth.html |
... | ... | @@ -596,6 +600,8 @@ class AppController extends Controller |
596 | 600 | */ |
597 | 601 | public function beforeFilter(Event $event) |
598 | 602 | { |
603 | + $this->myDebug("step 0: AppController.beforeFilter()"); | |
604 | + | |
599 | 605 | // !!! Ne jamais autoriser l'action 'login', sinon cela va créer des problèmes sur le fonctionnement normal de AuthComponent (cf doc) !!! |
600 | 606 | // parent::beforeFilter($event); |
601 | 607 | |
... | ... | @@ -615,9 +621,10 @@ class AppController extends Controller |
615 | 621 | |
616 | 622 | // (EP 21/5/19) NEW |
617 | 623 | |
618 | - // TODO: (EP) A quoi ça sert ??? | |
619 | 624 | $configuration = $this->confLabinvent; |
620 | - //$this->set('configuration', $configuration); | |
625 | + //$this->myDebug($configuration); | |
626 | + | |
627 | + // TODO: (EP) A quoi ça sert ??? | |
621 | 628 | $this->request->getSession()->write("authType", $configuration->ldap_authenticationType); |
622 | 629 | |
623 | 630 | // ATTENTION, $priviledgedUser = NULL si l'utilisateur courant n'est pas un utilisateur privilégié |
... | ... | @@ -634,13 +641,13 @@ class AppController extends Controller |
634 | 641 | $this->userName = $this->LdapAuth->user('sn')[0] . ' ' . $this->LdapAuth->user('givenname')[0]; |
635 | 642 | //$this->set('username', $this->LdapAuth->user('sn')[0] . ' ' . $this->LdapAuth->user('givenname')[0]); |
636 | 643 | |
637 | - | |
638 | 644 | $this->USER_IS_UTILISATEUR = ($profile == self::PROFILE_USER); |
645 | + $this->USER_IS_RESPONSABLE = ($profile == self::PROFILE_RESPONSABLE); | |
639 | 646 | $this->USER_IS_ADMIN = ($profile == self::PROFILE_ADMIN); |
640 | 647 | $this->USER_IS_ADMINPLUS = ($profile == self::PROFILE_ADMINPLUS); |
641 | 648 | $this->USER_IS_SUPERADMIN = ($profile == self::PROFILE_SUPERADMIN); |
649 | + | |
642 | 650 | $this->USER_IS_RESPONSABLE_OR_MORE = ($profile >= self::PROFILE_RESPONSABLE); |
643 | - $this->USER_IS_RESPONSABLE = ($profile == self::PROFILE_RESPONSABLE); | |
644 | 651 | $this->USER_IS_ADMIN_OR_MORE = ($profile >= self::PROFILE_ADMIN); |
645 | 652 | $this->USER_IS_ADMINPLUS_OR_MORE = ($profile >= self::PROFILE_ADMINPLUS); |
646 | 653 | |
... | ... | @@ -675,7 +682,16 @@ class AppController extends Controller |
675 | 682 | $this->set('USER_IS_ADMIN_OR_MORE', $this->USER_IS_ADMIN_OR_MORE); |
676 | 683 | $this->set('USER_IS_ADMINPLUS_OR_MORE', $this->USER_IS_ADMINPLUS_OR_MORE); |
677 | 684 | |
678 | - $configuration = $this->confLabinvent; | |
685 | + // (EP) TODO: vraiment utile ??? A virer, non ? | |
686 | + $this->set('PROFILE_USER', self::PROFILE_USER); | |
687 | + $this->set('PROFILE_ADMIN', self::PROFILE_ADMIN); | |
688 | + $this->set('PROFILE_RESPONSABLE', self::PROFILE_RESPONSABLE); | |
689 | + $this->set('PROFILE_ADMINPLUS', self::PROFILE_ADMINPLUS); | |
690 | + $this->set('PROFILE_SUPERADMIN', self::PROFILE_SUPERADMIN); | |
691 | + // $this->set('allProfiles', $this->allProfiles); | |
692 | + $this->set('allProfiles', self::PROFILES); | |
693 | + | |
694 | + //$configuration = $this->confLabinvent; | |
679 | 695 | if ($configuration->mode_install) |
680 | 696 | $this->LdapAuth->allow([ |
681 | 697 | 'display', |
... | ... | @@ -712,6 +728,10 @@ class AppController extends Controller |
712 | 728 | */ |
713 | 729 | public function beforeRender(Event $event) |
714 | 730 | { |
731 | + $this->myDebug("step 3: AppController.beforeRender()"); | |
732 | + | |
733 | + // (EP 23/5/19) moved to beforeFilter() | |
734 | + /* | |
715 | 735 | $this->set('PROFILE_USER', self::PROFILE_USER); |
716 | 736 | $this->set('PROFILE_ADMIN', self::PROFILE_ADMIN); |
717 | 737 | $this->set('PROFILE_RESPONSABLE', self::PROFILE_RESPONSABLE); |
... | ... | @@ -719,7 +739,9 @@ class AppController extends Controller |
719 | 739 | $this->set('PROFILE_SUPERADMIN', self::PROFILE_SUPERADMIN); |
720 | 740 | // $this->set('allProfiles', $this->allProfiles); |
721 | 741 | $this->set('allProfiles', self::PROFILES); |
742 | + */ | |
722 | 743 | |
744 | + // Ca sert à quoi ??? | |
723 | 745 | if (! array_key_exists('_serialize', $this->viewVars) && in_array($this->response->type(), [ |
724 | 746 | 'application/json', |
725 | 747 | 'application/xml' | ... | ... |
src/Controller/MaterielsController.php
... | ... | @@ -152,14 +152,18 @@ class MaterielsController extends AppController |
152 | 152 | //use Cake\Event\Event; |
153 | 153 | public function beforeFilter(\Cake\Event\Event $event) |
154 | 154 | { |
155 | - $this->myDebug("step 0: beforeFilter()"); | |
155 | + $this->myDebug("step 0: MaterielsController.beforeFilter()"); | |
156 | + | |
156 | 157 | // ICI CEST OK |
158 | + /* | |
157 | 159 | $toto="tititoto"; |
158 | 160 | $this->set(compact('toto')); |
161 | + */ | |
159 | 162 | |
160 | 163 | parent::beforeFilter($event); |
161 | 164 | } |
162 | 165 | |
166 | + | |
163 | 167 | /* |
164 | 168 | * EP added 13/6/17 |
165 | 169 | * Set some useful global variables for all (Materiel) views |
... | ... | @@ -173,7 +177,7 @@ class MaterielsController extends AppController |
173 | 177 | */ |
174 | 178 | public function beforeRender(\Cake\Event\Event $event) |
175 | 179 | { |
176 | - $this->myDebug("step 3: beforeRender()"); | |
180 | + $this->myDebug("step 3: MaterielsController.beforeRender()"); | |
177 | 181 | |
178 | 182 | parent::beforeRender($event); |
179 | 183 | |
... | ... | @@ -234,7 +238,7 @@ class MaterielsController extends AppController |
234 | 238 | public function isAuthorized($userFromSession) |
235 | 239 | { |
236 | 240 | //if (parent::isAuthorized($userFromSession)) return TRUE; |
237 | - $this->myDebug("step 1: isAuthorized()"); | |
241 | + $this->myDebug("step 1: MaterielsController.isAuthorized()"); | |
238 | 242 | |
239 | 243 | /* ICI C'EST OK |
240 | 244 | $toto="tititoto"; |
... | ... | @@ -366,11 +370,49 @@ class MaterielsController extends AppController |
366 | 370 | * |
367 | 371 | */ |
368 | 372 | |
373 | + // (EP 23/5/19) NEW optimization | |
374 | + $materiel = $this->Materiels->get($id, ['contain' => [ | |
375 | + 'SurCategories', | |
376 | + 'Categories', | |
377 | + 'SousCategories', | |
378 | + 'GroupesThematiques', | |
379 | + 'GroupesMetiers', | |
380 | + 'Organismes', | |
381 | + 'Sites', | |
382 | + 'Documents', | |
383 | + 'Emprunts', | |
384 | + 'Suivis', | |
385 | + 'Fournisseurs' | |
386 | + ] | |
387 | + ]); | |
388 | + | |
389 | + $IS_CREATED = $materiel->status == 'CREATED'; | |
390 | + $USER_IS_CREATOR_OR_OWNER = in_array($this->userName, [ | |
391 | + $materiel->nom_createur, | |
392 | + $materiel->nom_responsable | |
393 | + ]); | |
394 | + // Current user is same group as current materiel | |
395 | + $USER_IS_SAME_GROUP = ( | |
396 | + ( isset($this->priviledgedUser->groupes_metier_id) && $this->priviledgedUser->groupes_metier_id != $this->idGmNa && $materiel->groupes_metier_id == $this->priviledgedUser->groupes_metier_id ) | |
397 | + || | |
398 | + ( isset($this->priviledgedUser->groupe_thematique_id) && $this->priviledgedUser->groupe_thematique_id != $this->idGtNa && $materiel->groupes_thematique_id == $this->priviledgedUser->groupe_thematique_id ) | |
399 | + ); | |
400 | + $CAN_EDIT = $IS_CREATED && ( | |
401 | + $this->USER_IS_ADMIN_OR_MORE | |
402 | + || | |
403 | + $USER_IS_CREATOR_OR_OWNER | |
404 | + || | |
405 | + ($this->USER_IS_RESPONSABLE && $USER_IS_SAME_GROUP) | |
406 | + ); | |
407 | + return $CAN_EDIT; | |
408 | + | |
409 | + // (EP 23/5/19) OLD METHOD | |
410 | + /* | |
369 | 411 | // (EP 17/5/19) ON AUTORISE SEULEMENT LA MODIF D'UN MATOS CREATED |
370 | 412 | // UN user Admin ou plus ne pourra le modifier qu'à condition de le "dé-valider" avant |
371 | 413 | if ($this->isCreated($id)) { |
372 | 414 | //if ($this->isCreated($id) || $this->isValidated($id)) { |
373 | - /* | |
415 | + /STAR | |
374 | 416 | * if ($role == 'Utilisateur' && $this->isOwnedBy($id, $user['sn'][0] . ' ' . $user['givenname'][0])) { |
375 | 417 | * return true; |
376 | 418 | * } else if ($role == 'Responsable' && $this->isRespGroup($id, $user[$configuration->authentificationType_ldap][0])) { |
... | ... | @@ -378,7 +420,7 @@ class MaterielsController extends AppController |
378 | 420 | * } else if ($this->userHasRoleAtLeast('Administration')) { |
379 | 421 | * return true; |
380 | 422 | * } |
381 | - */ | |
423 | + STAR/ | |
382 | 424 | switch ($role) { |
383 | 425 | case 'Utilisateur': |
384 | 426 | //return $this->isOwnedBy($id, $user['sn'][0] . ' ' . $user['givenname'][0]); |
... | ... | @@ -394,13 +436,14 @@ class MaterielsController extends AppController |
394 | 436 | break; |
395 | 437 | } |
396 | 438 | } |
397 | - /* | |
439 | + /STAR | |
398 | 440 | (EP 17/5/19) : Ben non, pas le droit, faudra dé-valider avant, non mais !!! |
399 | 441 | if ($this->userHasRoleAtLeast('Administration Plus')) { |
400 | 442 | return true; |
401 | 443 | } |
402 | - */ | |
444 | + STAR/ | |
403 | 445 | break; // EDIT |
446 | + */ | |
404 | 447 | |
405 | 448 | // DELETE |
406 | 449 | case 'delete': |
... | ... | @@ -618,7 +661,7 @@ class MaterielsController extends AppController |
618 | 661 | */ |
619 | 662 | public function index() |
620 | 663 | { |
621 | - $this->myDebug("step 2: index()"); | |
664 | + $this->myDebug("step 2: MaterielsController.index()"); | |
622 | 665 | |
623 | 666 | $condition = ''; |
624 | 667 | if (isset($this->request->getAttribute('params')['pass'][0])) { |
... | ... | @@ -758,7 +801,8 @@ class MaterielsController extends AppController |
758 | 801 | */ |
759 | 802 | public function view($id = null) |
760 | 803 | { |
761 | - $this->myDebug("step 2: view()"); | |
804 | + $this->myDebug("step 2: MaterielsController.view()"); | |
805 | + | |
762 | 806 | $materiel = $this->Materiels->get($id, [ |
763 | 807 | 'contain' => [ |
764 | 808 | 'SurCategories', |
... | ... | @@ -832,9 +876,9 @@ class MaterielsController extends AppController |
832 | 876 | |
833 | 877 | // NEW |
834 | 878 | // TODO: marche pas !!! |
835 | - //$CAN_EDIT = $this->isAuthorizedAction($this->userRole, 'edit', $id, $this->userFromSession, $this->userCname); | |
879 | + $CAN_EDIT = $this->isAuthorizedAction($this->userRole, 'edit', $id, $this->userFromSession, $this->userCname); | |
836 | 880 | // OLD |
837 | - $CAN_EDIT = $IS_CREATED && $CAN_ATTACH_A_DOC; | |
881 | + //$CAN_EDIT = $IS_CREATED && $CAN_ATTACH_A_DOC; | |
838 | 882 | $this->set(compact('CAN_EDIT')); |
839 | 883 | |
840 | 884 | $CAN_COPY = $CAN_EDIT; |
... | ... | @@ -896,7 +940,7 @@ class MaterielsController extends AppController |
896 | 940 | */ |
897 | 941 | public function add_or_edit($is_add, $id=null, $valeurs=null, $erreurs=null) |
898 | 942 | { |
899 | - $this->myDebug("step 2: add_or_edit()"); | |
943 | + $this->myDebug("step 2: MaterielsController.add_or_edit()"); | |
900 | 944 | |
901 | 945 | $usersTable = TableRegistry::getTableLocator()->get('Users'); |
902 | 946 | ... | ... |
src/Controller/PagesController.php
... | ... | @@ -68,6 +68,14 @@ class PagesController extends AppController |
68 | 68 | */ |
69 | 69 | public function display() |
70 | 70 | { |
71 | + // (EP 21/5/19) | |
72 | + // On ne voit ce message que sur la page "about" | |
73 | + // En effet, les autres pages nécessitant un login, | |
74 | + // on est redirigé sur la page login et donc la methode login() du controleur UsersController | |
75 | + // Du coup, il faut décommenter la ligne "exit" juste après pour voir ce message (évite la redirection). | |
76 | + $this->myDebug("step 2: PagesController.display()"); | |
77 | + //exit; | |
78 | + | |
71 | 79 | $configuration = $this->confLabinvent; |
72 | 80 | |
73 | 81 | $path = func_get_args(); | ... | ... |
src/Controller/UsersController.php
... | ... | @@ -63,6 +63,8 @@ class UsersController extends AppController |
63 | 63 | |
64 | 64 | public function login() |
65 | 65 | { |
66 | + $this->myDebug("step 2: UsersController.login()"); | |
67 | + | |
66 | 68 | // Un utilisateur a essayé de se loguer |
67 | 69 | if ($this->request->is('post')) { |
68 | 70 | $user = $this->LdapAuth->connection(); | ... | ... |
src/Template/Materiels/index.ctp
... | ... | @@ -34,6 +34,13 @@ $USER_IS_ADMIN_OR_MORE = $USER_IS_ADMIN_OR_MORE; |
34 | 34 | $USER_IS_ADMINPLUS = $USER_IS_ADMINPLUS; |
35 | 35 | $USER_IS_ADMINPLUS_OR_MORE = $USER_IS_ADMINPLUS_OR_MORE; |
36 | 36 | $USER_IS_SUPERADMIN = $USER_IS_SUPERADMIN; |
37 | +// (EP) TODO: Vraiment utile ??? A virer je pense | |
38 | +$PROFILE_USER = $PROFILE_USER; | |
39 | +$PROFILE_ADMIN = $PROFILE_ADMIN; | |
40 | +$PROFILE_RESPONSABLE = $PROFILE_RESPONSABLE; | |
41 | +$PROFILE_ADMINPLUS = $PROFILE_ADMINPLUS; | |
42 | +$PROFILE_SUPERADMIN = $PROFILE_SUPERADMIN; | |
43 | +$allProfiles = $allProfiles; | |
37 | 44 | |
38 | 45 | // - Fonctions : |
39 | 46 | $displayElement = $displayElement; | ... | ... |
src/Template/Materiels/view.ctp
... | ... | @@ -25,6 +25,13 @@ $USER_IS_ADMINPLUS_OR_MORE = $USER_IS_ADMINPLUS_OR_MORE; |
25 | 25 | $USER_IS_SUPERADMIN = $USER_IS_SUPERADMIN; |
26 | 26 | $USER_IS_CREATOR_OR_OWNER = $USER_IS_CREATOR_OR_OWNER; |
27 | 27 | $USER_IS_SAME_GROUP = $USER_IS_SAME_GROUP; |
28 | +// (EP) TODO: Vraiment utile ??? A virer je pense | |
29 | +$PROFILE_USER = $PROFILE_USER; | |
30 | +$PROFILE_ADMIN = $PROFILE_ADMIN; | |
31 | +$PROFILE_RESPONSABLE = $PROFILE_RESPONSABLE; | |
32 | +$PROFILE_ADMINPLUS = $PROFILE_ADMINPLUS; | |
33 | +$PROFILE_SUPERADMIN = $PROFILE_SUPERADMIN; | |
34 | +$allProfiles = $allProfiles; | |
28 | 35 | |
29 | 36 | // - Materiel status: |
30 | 37 | $idGmNa = $idGmNa; | ... | ... |