allow superadmin to delete users in tav env + fix impersonating + return to…

allow superadmin to delete users in tav env + fix impersonating + return to preventing impersonating in prod envs

allow superadmin to delete users in tav env + fix impersonating + return to…
allow superadmin to delete users in tav env + fix impersonating + return to preventing impersonating in prod envs
099c7f78 · Damien Moulard · e7ac1e34 · 099c7f78 · 099c7f78 · 099c7f78
Commit 099c7f78 authored Feb 29, 2024 by Damien Moulard
5 changed files
--- a/src/Admin/UserAdmin.php
+++ b/src/Admin/UserAdmin.php
@@ -53,9 +53,7 @@ class UserAdmin extends SonataUserAdmin
        parent::configureListFields($listMapper);
        unset($this->listModes['mosaic']);
-        // TODO: SECURITY BREACH, RESET ASAP!!!
+        if ('dev' == $_ENV['APP_ENV'] && $this->isGranted('ROLE_ALLOWED_TO_SWITCH')) {
-        // if ('dev' == $_ENV['APP_ENV'] && $this->isGranted('ROLE_ALLOWED_TO_SWITCH')) {
-        if ($this->isGranted('ROLE_ALLOWED_TO_SWITCH')) {
            $listMapper
                ->add('impersonating', 'string', ['template' => '@SonataUser/Admin/Field/impersonating.html.twig'])
            ;

--- a/src/Application/Sonata/UserBundle/Admin/UserAdmin.php
+++ b/src/Application/Sonata/UserBundle/Admin/UserAdmin.php
@@ -48,14 +48,17 @@ class UserAdmin extends BaseUserAdmin
    protected function configureRoutes(RouteCollection $collection)
    {
-        if ($this->isChild()) {
+        // Remove 'delete' action for non tav envs
-            $collection->remove('delete');
+        if (!$this->getConfigurationPool()->getContainer()->getParameter('tav_env')) {
+            if ($this->isChild()) {
+                $collection->remove('delete');
-            return;
+                return;
-        }
+            }
-        // This is the route configuration as a parent
+            // This is the route configuration as a parent
-        $collection->remove('delete');
+            $collection->remove('delete');
+        }
    }
    /**
@@ -83,9 +86,21 @@ class UserAdmin extends BaseUserAdmin
            ])
        ;
-        // TODO: SECURITY BREACH, RESET ASAP!!!
+        // Add delete action on users in TAV envs for super admin
-        // if ('dev' == $_ENV['APP_ENV'] && $this->isGranted('ROLE_ALLOWED_TO_SWITCH')) {
+        if ($this->isGranted('ROLE_SUPER_ADMIN') && $this->getConfigurationPool()->getContainer()->getParameter('tav_env')) {
-        if ($this->isGranted('ROLE_ALLOWED_TO_SWITCH')) {
+            $listMapper
+                ->remove('_action')
+                ->add('_action', null, [
+                    'label' => 'Actions',
+                    'actions' => [
+                        'edit' => [],
+                        'delete' => []
+                    ],
+                ])
+            ;
+        }
+        if ('dev' == $_ENV['APP_ENV'] && $this->isGranted('ROLE_ALLOWED_TO_SWITCH')) {
            $listMapper
                ->add('impersonating', 'string', ['template' => '@SonataUser/Admin/Field/impersonating.html.twig'])
            ;

--- a/src/Controller/CRUD/CRUDController.php
+++ b/src/Controller/CRUD/CRUDController.php
@@ -211,6 +211,14 @@ class CRUDController extends Controller
            return $this->redirectTo($object);
        }
+        if ($object->hasRole('ROLE_API')) {
+            $this->addFlash(
+                'sonata_flash_error',
+                'Vous ne pouvez pas supprimer le compte API !'
+            );
+            return $this->redirectTo($object);
+        }
        return parent::deleteAction($id);
    }

--- a/src/Entity/Adherent.php
+++ b/src/Entity/Adherent.php
@@ -76,7 +76,7 @@ class Adherent extends AccountableObject implements AccountableInterface
    /**
     * @var ArrayCollection|AccountAdherent[]
-     * @ORM\OneToMany(targetEntity="AccountAdherent", mappedBy="adherent")
+     * @ORM\OneToMany(targetEntity="AccountAdherent", mappedBy="adherent", cascade={"remove"})
     */
    private $accounts;

--- a/templates/themes/kohinos/common/menu.html.twig
+++ b/templates/themes/kohinos/common/menu.html.twig
@@ -80,7 +80,7 @@
 				</a>
                <div class="dropdown-menu dropdown-menu-right" aria-labelledby="navbarDropdownUC">
                	{# COMPTE ou ECOMPTE  : @TODO : mettre plutôt dans le header en visible tout le temps ? #}
-                	{% if app.user and is_granted('ROLE_ADHERENT') %}
+                	{% if app.user and app.user.adherent and is_granted('ROLE_ADHERENT') %}
                		<b class="dropdown-item bg-primary text-white"> Ecompte : {{app.user.adherent.emlcAccount.balance }}</b>
                	{% elseif app.user and is_granted('ROLE_PRESTATAIRE') and getCurrentPrestataire() != null %}
                		<b class="dropdown-item bg-primary text-white"> Ecompte : {{getCurrentPrestataire().emlcAccount.balance }}</b>