Skip to content

K
kohinos-tav
Commit 9b772f29 by Julien Jorry
Options

Fix gestionnaire groupe local can see every presta and adherent from mlc… 

Fix gestionnaire groupe local can see every presta and adherent from mlc including operation (can be revert if needed)
parent 462de980
Showing with 193 additions and 192 deletions
src/Admin/AdherentAdmin.php
......@@ -73,18 +73,18 @@ class AdherentAdmin extends AbstractAdmin
->innerJoin($query->getRootAliases()[0] . '.user', 'u')
->addSelect('u')
;
if ($this->hasRequest()) {
if (empty($this->getRequest()->getSession()->get('_groupegere'))) {
if ($this->security->isGranted('ROLE_GESTION_GROUPE') || $this->security->isGranted('ROLE_CONTACT')) {
$query->andWhere('false = true');
}
} else {
$query
->andWhere($query->getRootAliases()[0] . '.groupe = :groupe')
->setParameter('groupe', $this->getRequest()->getSession()->get('_groupegere'))
;
}
}
// if ($this->hasRequest()) {
// if (empty($this->getRequest()->getSession()->get('_groupegere'))) {
// if ($this->security->isGranted('ROLE_GESTION_GROUPE') || $this->security->isGranted('ROLE_CONTACT')) {
// $query->andWhere('false = true');
// }
// } else {
// $query
// ->andWhere($query->getRootAliases()[0] . '.groupe = :groupe')
// ->setParameter('groupe', $this->getRequest()->getSession()->get('_groupegere'))
// ;
// }
// }
return $query;
}
......
src/Admin/ComptoirAdmin.php
......@@ -51,18 +51,18 @@ class ComptoirAdmin extends AbstractAdmin
{
$query = parent::createQuery($context);
$user = $this->security->getUser();
if ($this->hasRequest()) {
if (empty($this->getRequest()->getSession()->get('_groupegere'))) {
if ($this->security->isGranted('ROLE_GESTION_GROUPE') || $this->security->isGranted('ROLE_CONTACT')) {
$query->andWhere('false = true');
}
} else {
$query
->andWhere($query->getRootAliases()[0] . '.groupe = :groupe')
->setParameter('groupe', $this->getRequest()->getSession()->get('_groupegere'))
;
}
}
// if ($this->hasRequest()) {
// if (empty($this->getRequest()->getSession()->get('_groupegere'))) {
// if ($this->security->isGranted('ROLE_GESTION_GROUPE') || $this->security->isGranted('ROLE_CONTACT')) {
// $query->andWhere('false = true');
// }
// } else {
// $query
// ->andWhere($query->getRootAliases()[0] . '.groupe = :groupe')
// ->setParameter('groupe', $this->getRequest()->getSession()->get('_groupegere'))
// ;
// }
// }
return $query;
}
......@@ -92,24 +92,24 @@ class ComptoirAdmin extends AbstractAdmin
}
$formMapper
->with('Comptoir', ['class' => 'col-md-6']);
if ($user && ($this->security->isGranted('ROLE_GESTION_GROUPE') || $this->security->isGranted('ROLE_CONTACT')) && !empty($this->getRequest()->getSession()->get('_groupegere'))) {
// if ($user && ($this->security->isGranted('ROLE_GESTION_GROUPE') || $this->security->isGranted('ROLE_CONTACT')) && !empty($this->getRequest()->getSession()->get('_groupegere'))) {
// $formMapper->add('groupe', null, [
// 'label' => 'Groupe local',
// 'required' => true,
// 'query_builder' => function (EntityRepository $repo) use ($user) {
// return $repo->createQueryBuilder('g')
// ->select('g')
// ->join('g.gestionnaires', 'c')
// ->where('c.id = :user')
// ->setParameter('user', $user->getId());
// },
// ]);
// } else {
$formMapper->add('groupe', null, [
'label' => 'Groupe local',
'required' => true,
'query_builder' => function (EntityRepository $repo) use ($user) {
return $repo->createQueryBuilder('g')
->select('g')
->join('g.gestionnaires', 'c')
->where('c.id = :user')
->setParameter('user', $user->getId());
},
]);
} else {
$formMapper->add('groupe', null, [
'label' => 'Groupe local',
'required' => true,
]);
}
// }
$formMapper
->add('name', null, [
'label' => 'Nom',
......
src/Admin/CotisationAdherentAdmin.php
......@@ -43,29 +43,29 @@ class CotisationAdherentAdmin extends CotisationAdmin
->andWhere($query->getRootAliases()[0] . ".type='cotisation_adherent'")
// ->andWhere('u.adherent IS NOT NULL')
;
if ($this->hasRequest()) {
if (empty($this->getRequest()->getSession()->get('_groupegere'))) {
if ($this->security->isGranted('ROLE_GESTION_GROUPE') || $this->security->isGranted('ROLE_CONTACT') || $this->security->isGranted('ROLE_TRESORIER')) {
if (!$this->security->isGranted('ROLE_TRESORIER')) {
$query->andWhere('false = true');
}
}
} else {
$groupe = $this->getRequest()->getSession()->get('_groupegere');
$em = $this->getConfigurationPool()->getContainer()->get('doctrine')->getManager();
$adhTable = $em->getMetadataFactory()->getMetadataFor(Adherent::class)->getTableName();
$fluxTable = $em->getMetadataFactory()->getMetadataFor(Flux::class)->getTableName();
$connection = $em->getConnection();
$statement = $connection->prepare("SELECT f.id FROM $fluxTable f INNER JOIN $adhTable a ON (a.id = f.adherent_id OR a.id = f.adherent_dest_id) WHERE a.groupe_id = :groupe_id");
$statement->bindValue(':groupe_id', $groupe->getId());
$statement->execute();
$ids = $statement->fetchAll();
$query
->andWhere($query->expr()->in($query->getRootAliases()[0] . '.id', ':ids'))
->setParameter('ids', $ids)
;
}
}
// if ($this->hasRequest()) {
// if (empty($this->getRequest()->getSession()->get('_groupegere'))) {
// if ($this->security->isGranted('ROLE_GESTION_GROUPE') || $this->security->isGranted('ROLE_CONTACT') || $this->security->isGranted('ROLE_TRESORIER')) {
// if (!$this->security->isGranted('ROLE_TRESORIER')) {
// $query->andWhere('false = true');
// }
// }
// } else {
// $groupe = $this->getRequest()->getSession()->get('_groupegere');
// $em = $this->getConfigurationPool()->getContainer()->get('doctrine')->getManager();
// $adhTable = $em->getMetadataFactory()->getMetadataFor(Adherent::class)->getTableName();
// $fluxTable = $em->getMetadataFactory()->getMetadataFor(Flux::class)->getTableName();
// $connection = $em->getConnection();
// $statement = $connection->prepare("SELECT f.id FROM $fluxTable f INNER JOIN $adhTable a ON (a.id = f.adherent_id OR a.id = f.adherent_dest_id) WHERE a.groupe_id = :groupe_id");
// $statement->bindValue(':groupe_id', $groupe->getId());
// $statement->execute();
// $ids = $statement->fetchAll();
// $query
// ->andWhere($query->expr()->in($query->getRootAliases()[0] . '.id', ':ids'))
// ->setParameter('ids', $ids)
// ;
// }
// }
return $query;
}
......
src/Admin/GroupeprestataireAdmin.php
......@@ -52,20 +52,20 @@ class GroupeprestataireAdmin extends AbstractAdmin
{
$user = $this->security->getUser();
$query = parent::createQuery($context);
if ($this->hasRequest()) {
if (empty($this->getRequest()->getSession()->get('_groupegere'))) {
if ($this->security->isGranted('ROLE_GESTION_GROUPE') || $this->security->isGranted('ROLE_CONTACT') || $this->security->isGranted('ROLE_TRESORIER')) {
if (!$this->security->isGranted('ROLE_TRESORIER')) {
$query->andWhere('false = true');
}
}
} else {
$query
->andWhere($query->getRootAliases()[0] . '.groupe = :groupe')
->setParameter('groupe', $this->getRequest()->getSession()->get('_groupegere'))
;
}
}
// if ($this->hasRequest()) {
// if (empty($this->getRequest()->getSession()->get('_groupegere'))) {
// if ($this->security->isGranted('ROLE_GESTION_GROUPE') || $this->security->isGranted('ROLE_CONTACT') || $this->security->isGranted('ROLE_TRESORIER')) {
// if (!$this->security->isGranted('ROLE_TRESORIER')) {
// $query->andWhere('false = true');
// }
// }
// } else {
// $query
// ->andWhere($query->getRootAliases()[0] . '.groupe = :groupe')
// ->setParameter('groupe', $this->getRequest()->getSession()->get('_groupegere'))
// ;
// }
// }
return $query;
}
......@@ -92,11 +92,11 @@ class GroupeprestataireAdmin extends AbstractAdmin
'required' => true,
])
;
if ($user && ($this->security->isGranted('ROLE_GESTION_GROUPE') || $this->security->isGranted('ROLE_CONTACT') || $this->security->isGranted('ROLE_TRESORIER')) && !empty($this->getRequest()->getSession()->get('_groupegere'))) {
$prestataires = $this->getConfigurationPool()->getContainer()->get('doctrine')->getRepository(Prestataire::class)->findByGroupeLocal($this->getRequest()->getSession()->get('_groupegere'));
} else {
// if ($user && ($this->security->isGranted('ROLE_GESTION_GROUPE') || $this->security->isGranted('ROLE_CONTACT') || $this->security->isGranted('ROLE_TRESORIER')) && !empty($this->getRequest()->getSession()->get('_groupegere'))) {
// $prestataires = $this->getConfigurationPool()->getContainer()->get('doctrine')->getRepository(Prestataire::class)->findByGroupeLocal($this->getRequest()->getSession()->get('_groupegere'));
// } else {
$prestataires = $this->getConfigurationPool()->getContainer()->get('doctrine')->getRepository(Prestataire::class)->findBy(['enabled' => true, 'mlc' => false], ['raison' => 'ASC']);
}
// }
if ($user && ($this->security->isGranted('ROLE_SUPER_ADMIN') || $this->security->isGranted('ROLE_ADMIN_SIEGE'))) {
$formMapper
->add('groupe', null, [
......
src/Admin/OperationAdherentAdmin.php
......@@ -52,30 +52,30 @@ class OperationAdherentAdmin extends OperationAdmin
$em = $this->getConfigurationPool()->getContainer()->get('doctrine')->getManager();
$operationAdherenttable = $em->getMetadataFactory()->getMetadataFor(OperationAdherent::class)->getTableName();
if ($user && ($this->security->isGranted('ROLE_GESTION_GROUPE') || $this->security->isGranted('ROLE_CONTACT') || $this->security->isGranted('ROLE_TRESORIER'))) {
if ($this->hasRequest()) {
if (empty($this->getRequest()->getSession()->get('_groupegere'))) {
if (!$this->security->isGranted('ROLE_TRESORIER')) {
$query->andWhere('false = true');
}
} else {
$groupe = $this->getRequest()->getSession()->get('_groupegere');
$connection = $em->getConnection();
$adherentTable = $em->getMetadataFactory()->getMetadataFor(Adherent::class)->getTableName();
$accountTable = $em->getMetadataFactory()->getMetadataFor(AccountAdherent::class)->getTableName();
$statement = $connection->prepare('SELECT f.id FROM ' . $operationAdherenttable . ' f WHERE f.account_id IN
(SELECT a.id FROM ' . $accountTable . ' a WHERE a.adherent_id IN
(SELECT p.id FROM ' . $adherentTable . ' p WHERE p.groupe_id = "' . $groupe->getId() . '")
)');
$statement->execute();
$ids = $statement->fetchAll();
$query
->andWhere($query->expr()->in($query->getRootAliases()[0] . '.id', ':ids'))
->setParameter('ids', $ids)
;
}
}
}
// if ($user && ($this->security->isGranted('ROLE_GESTION_GROUPE') || $this->security->isGranted('ROLE_CONTACT') || $this->security->isGranted('ROLE_TRESORIER'))) {
// if ($this->hasRequest()) {
// if (empty($this->getRequest()->getSession()->get('_groupegere'))) {
// if (!$this->security->isGranted('ROLE_TRESORIER')) {
// $query->andWhere('false = true');
// }
// } else {
// $groupe = $this->getRequest()->getSession()->get('_groupegere');
// $connection = $em->getConnection();
// $adherentTable = $em->getMetadataFactory()->getMetadataFor(Adherent::class)->getTableName();
// $accountTable = $em->getMetadataFactory()->getMetadataFor(AccountAdherent::class)->getTableName();
// $statement = $connection->prepare('SELECT f.id FROM ' . $operationAdherenttable . ' f WHERE f.account_id IN
// (SELECT a.id FROM ' . $accountTable . ' a WHERE a.adherent_id IN
// (SELECT p.id FROM ' . $adherentTable . ' p WHERE p.groupe_id = "' . $groupe->getId() . '")
// )');
// $statement->execute();
// $ids = $statement->fetchAll();
// $query
// ->andWhere($query->expr()->in($query->getRootAliases()[0] . '.id', ':ids'))
// ->setParameter('ids', $ids)
// ;
// }
// }
// }
return $query;
}
......
src/Admin/OperationAdmin.php
......@@ -46,16 +46,16 @@ class OperationAdmin extends AbstractAdmin
$collection->clearExcept(['list', 'export']);
}
protected function configureExportFields(): array
public function getExportFields()
{
return [
$this->trans('Date') => 'createdAt',
$this->trans('Montant') => 'montant',
$this->trans('Compte') => 'currency',
$this->trans('Type') => 'flux.type',
$this->trans('Moyen') => 'flux.moyen',
$this->trans('Operateur') => 'flux.operateur',
$this->trans('Importé') => 'historical',
'Date' => 'createdAt',
'Montant' => 'montant',
'Compte' => 'currency',
'Type' => 'flux.type',
'Moyen' => 'flux.moyen',
'Operateur' => 'flux.operateur',
'Importé' => 'historical'
];
}
......
src/Admin/OperationComptoirAdmin.php
......@@ -52,30 +52,30 @@ class OperationComptoirAdmin extends OperationAdmin
$em = $this->getConfigurationPool()->getContainer()->get('doctrine')->getManager();
$operationComptoirtable = $em->getMetadataFactory()->getMetadataFor(OperationComptoir::class)->getTableName();
if ($user && ($this->security->isGranted('ROLE_GESTION_GROUPE') || $this->security->isGranted('ROLE_CONTACT') || $this->security->isGranted('ROLE_TRESORIER'))) {
if ($this->hasRequest()) {
if (empty($this->getRequest()->getSession()->get('_groupegere'))) {
if (!$this->security->isGranted('ROLE_TRESORIER')) {
$query->andWhere('false = true');
}
} else {
$groupe = $this->getRequest()->getSession()->get('_groupegere');
$connection = $em->getConnection();
$comptoirTable = $em->getMetadataFactory()->getMetadataFor(Comptoir::class)->getTableName();
$accountTable = $em->getMetadataFactory()->getMetadataFor(AccountComptoir::class)->getTableName();
$statement = $connection->prepare('SELECT f.id FROM ' . $operationComptoirtable . ' f WHERE f.account_id IN
(SELECT a.id FROM ' . $accountTable . ' a WHERE a.comptoir_id IN
(SELECT p.id FROM ' . $comptoirTable . ' p WHERE p.groupe_id = "' . $groupe->getId() . '")
)');
$statement->execute();
$ids = $statement->fetchAll();
$query
->andWhere($query->expr()->in($query->getRootAliases()[0] . '.id', ':ids'))
->setParameter('ids', $ids)
;
}
}
}
// if ($user && ($this->security->isGranted('ROLE_GESTION_GROUPE') || $this->security->isGranted('ROLE_CONTACT') || $this->security->isGranted('ROLE_TRESORIER'))) {
// if ($this->hasRequest()) {
// if (empty($this->getRequest()->getSession()->get('_groupegere'))) {
// if (!$this->security->isGranted('ROLE_TRESORIER')) {
// $query->andWhere('false = true');
// }
// } else {
// $groupe = $this->getRequest()->getSession()->get('_groupegere');
// $connection = $em->getConnection();
// $comptoirTable = $em->getMetadataFactory()->getMetadataFor(Comptoir::class)->getTableName();
// $accountTable = $em->getMetadataFactory()->getMetadataFor(AccountComptoir::class)->getTableName();
// $statement = $connection->prepare('SELECT f.id FROM ' . $operationComptoirtable . ' f WHERE f.account_id IN
// (SELECT a.id FROM ' . $accountTable . ' a WHERE a.comptoir_id IN
// (SELECT p.id FROM ' . $comptoirTable . ' p WHERE p.groupe_id = "' . $groupe->getId() . '")
// )');
// $statement->execute();
// $ids = $statement->fetchAll();
// $query
// ->andWhere($query->expr()->in($query->getRootAliases()[0] . '.id', ':ids'))
// ->setParameter('ids', $ids)
// ;
// }
// }
// }
return $query;
}
......
src/Admin/OperationPrestataireAdmin.php
......@@ -52,30 +52,30 @@ class OperationPrestataireAdmin extends OperationAdmin
$em = $this->getConfigurationPool()->getContainer()->get('doctrine')->getManager();
$operationPrestatable = $em->getMetadataFactory()->getMetadataFor(OperationPrestataire::class)->getTableName();
if ($user && ($this->security->isGranted('ROLE_GESTION_GROUPE') || $this->security->isGranted('ROLE_CONTACT') || $this->security->isGranted('ROLE_TRESORIER'))) {
if ($this->hasRequest()) {
if (empty($this->getRequest()->getSession()->get('_groupegere'))) {
if (!$this->security->isGranted('ROLE_TRESORIER')) {
$query->andWhere('false = true');
}
} else {
$groupe = $this->getRequest()->getSession()->get('_groupegere');
$connection = $em->getConnection();
$prestatable = $em->getMetadataFactory()->getMetadataFor(Prestataire::class)->getTableName();
$accountTable = $em->getMetadataFactory()->getMetadataFor(AccountPrestataire::class)->getTableName();
$statement = $connection->prepare('SELECT f.id FROM ' . $operationPrestatable . ' f WHERE f.account_id IN
(SELECT a.id FROM ' . $accountTable . ' a WHERE a.prestataire_id IN
(SELECT p.id FROM ' . $prestatable . ' p WHERE p.groupe_id = "' . $groupe->getId() . '")
)');
$statement->execute();
$ids = $statement->fetchAll();
$query
->andWhere($query->expr()->in($query->getRootAliases()[0] . '.id', ':ids'))
->setParameter('ids', $ids)
;
}
}
}
// if ($user && ($this->security->isGranted('ROLE_GESTION_GROUPE') || $this->security->isGranted('ROLE_CONTACT') || $this->security->isGranted('ROLE_TRESORIER'))) {
// if ($this->hasRequest()) {
// if (empty($this->getRequest()->getSession()->get('_groupegere'))) {
// if (!$this->security->isGranted('ROLE_TRESORIER')) {
// $query->andWhere('false = true');
// }
// } else {
// $groupe = $this->getRequest()->getSession()->get('_groupegere');
// $connection = $em->getConnection();
// $prestatable = $em->getMetadataFactory()->getMetadataFor(Prestataire::class)->getTableName();
// $accountTable = $em->getMetadataFactory()->getMetadataFor(AccountPrestataire::class)->getTableName();
// $statement = $connection->prepare('SELECT f.id FROM ' . $operationPrestatable . ' f WHERE f.account_id IN
// (SELECT a.id FROM ' . $accountTable . ' a WHERE a.prestataire_id IN
// (SELECT p.id FROM ' . $prestatable . ' p WHERE p.groupe_id = "' . $groupe->getId() . '")
// )');
// $statement->execute();
// $ids = $statement->fetchAll();
// $query
// ->andWhere($query->expr()->in($query->getRootAliases()[0] . '.id', ':ids'))
// ->setParameter('ids', $ids)
// ;
// }
// }
// }
return $query;
}
......
src/Admin/PrestataireAdmin.php
......@@ -101,20 +101,20 @@ class PrestataireAdmin extends AbstractAdmin
$user = $this->security->getUser();
$query = parent::createQuery($context);
if ($user && ($this->security->isGranted('ROLE_GESTION_GROUPE') || $this->security->isGranted('ROLE_CONTACT') || $this->security->isGranted('ROLE_TRESORIER'))) {
if ($this->hasRequest()) {
if (empty($this->getRequest()->getSession()->get('_groupegere'))) {
if (!$this->security->isGranted('ROLE_TRESORIER')) {
$query->andWhere('false = true');
}
} else {
$query
->andWhere($query->getRootAliases()[0] . '.groupe = :group')
->setParameter('group', $this->getRequest()->getSession()->get('_groupegere'))
;
}
}
}
// if ($user && ($this->security->isGranted('ROLE_GESTION_GROUPE') || $this->security->isGranted('ROLE_CONTACT') || $this->security->isGranted('ROLE_TRESORIER'))) {
// if ($this->hasRequest()) {
// if (empty($this->getRequest()->getSession()->get('_groupegere'))) {
// if (!$this->security->isGranted('ROLE_TRESORIER')) {
// $query->andWhere('false = true');
// }
// } else {
// $query
// ->andWhere($query->getRootAliases()[0] . '.groupe = :group')
// ->setParameter('group', $this->getRequest()->getSession()->get('_groupegere'))
// ;
// }
// }
// }
return $query;
}
......
src/Admin/TransfertAdmin.php
......@@ -58,25 +58,26 @@ class TransfertAdmin extends FluxAdmin
$em = $this->getConfigurationPool()->getContainer()->get('doctrine')->getManager();
$fluxtable = $em->getMetadataFactory()->getMetadataFor(Flux::class)->getTableName();
if ($this->hasRequest()) {
if ($this->security->isGranted('ROLE_GESTION_GROUPE') || $this->security->isGranted('ROLE_CONTACT') || $this->security->isGranted('ROLE_TRESORIER')) {
if (empty($this->getRequest()->getSession()->get('_groupegere'))) {
if (!$this->security->isGranted('ROLE_TRESORIER')) {
$query->andWhere('false = true');
}
} else {
$groupe = $this->getRequest()->getSession()->get('_groupegere');
$connection = $em->getConnection();
$prestatable = $em->getMetadataFactory()->getMetadataFor(Prestataire::class)->getTableName();
$statement = $connection->prepare('SELECT f.id FROM ' . $fluxtable . ' f WHERE f.groupe_id = :groupe_id OR (f.prestataire_id IN (SELECT p.id FROM ' . $prestatable . ' p WHERE p.groupe_id = :groupe_id)) OR (f.prestataire_dest_id IN (SELECT p.id FROM ' . $prestatable . ' p WHERE p.groupe_id = :groupe_id))');
$statement->bindValue(':groupe_id', $groupe->getId());
$statement->execute();
$ids = $statement->fetchAll();
$query
->andWhere($query->expr()->in($query->getRootAliases()[0] . '.id', ':ids'))
->setParameter('ids', $ids)
;
}
} elseif ($this->security->isGranted('ROLE_COMPTOIR')) {
// if ($this->security->isGranted('ROLE_GESTION_GROUPE') || $this->security->isGranted('ROLE_CONTACT') || $this->security->isGranted('ROLE_TRESORIER')) {
// if (empty($this->getRequest()->getSession()->get('_groupegere'))) {
// if (!$this->security->isGranted('ROLE_TRESORIER')) {
// $query->andWhere('false = true');
// }
// } else {
// $groupe = $this->getRequest()->getSession()->get('_groupegere');
// $connection = $em->getConnection();
// $prestatable = $em->getMetadataFactory()->getMetadataFor(Prestataire::class)->getTableName();
// $statement = $connection->prepare('SELECT f.id FROM ' . $fluxtable . ' f WHERE f.groupe_id = :groupe_id OR (f.prestataire_id IN (SELECT p.id FROM ' . $prestatable . ' p WHERE p.groupe_id = :groupe_id)) OR (f.prestataire_dest_id IN (SELECT p.id FROM ' . $prestatable . ' p WHERE p.groupe_id = :groupe_id))');
// $statement->bindValue(':groupe_id', $groupe->getId());
// $statement->execute();
// $ids = $statement->fetchAll();
// $query
// ->andWhere($query->expr()->in($query->getRootAliases()[0] . '.id', ':ids'))
// ->setParameter('ids', $ids)
// ;
// }
// } else
if ($this->security->isGranted('ROLE_COMPTOIR')) {
if (empty($this->getRequest()->getSession()->get('_comptoirgere'))) {
$query->andWhere('false = true');
} else {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment