Merge branch '4176-modif-donnees-perso-par-un-comptoir' into 'develop'

donne ROLE_SONATA_USER_ADMIN_USER_ALL See merge request cooperatic/kohinos-tav!15

Merge branch '4176-modif-donnees-perso-par-un-comptoir' into 'develop'
donne ROLE_SONATA_USER_ADMIN_USER_ALL See merge request cooperatic/kohinos-tav!15
d4e00db9 · Félicie · b7c85f69 · 6f52fe1c · d4e00db9 · d4e00db9
Commit d4e00db9 authored Dec 15, 2022 by Félicie
4 changed files
--- a/fixtures/tav/fixtures-tav.yaml
+++ b/fixtures/tav/fixtures-tav.yaml
@@ -131,7 +131,8 @@ App\Entity\Usergroup:
            'ROLE_ADMIN_PRESTATAIRE_GERER_EDIT',
            'ROLE_ADMIN_PRESTATAIRE_COTISATIONS_EDIT',
            'ROLE_ADMIN_PRESTATAIRE_COTISATIONS_LIST',
-            'ROLE_ADMIN_PRESTATAIRE_COTISATIONS_CREATE']]
+            'ROLE_ADMIN_PRESTATAIRE_COTISATIONS_CREATE',
+            'ROLE_CHANGE_ADHERENT_PERSONAL_DATA']]
    usergroup_contact:
        __construct: ['Contact', [
            'ROLE_CONTACT',

--- a/src/Application/Sonata/UserBundle/Admin/UserAdmin.php
+++ b/src/Application/Sonata/UserBundle/Admin/UserAdmin.php
@@ -194,7 +194,10 @@ class UserAdmin extends BaseUserAdmin
                    ->add('username')
                    ->add('email')
        ;
-        if ('dev' == $_ENV['APP_ENV'] && $this->isGranted('ROLE_SUPER_ADMIN')) {
+        if (
+            'dev' == $_ENV['APP_ENV'] && ($this->isGranted('ROLE_SUPER_ADMIN')
+                || $this->getSecurityHandler()->grantChangeAdherentPasswordToNonSuperAdmin('ROLE_CHANGE_ADHERENT_PERSONAL_DATA'))
+        ) {
            $formMapper
                ->add('plainPassword', RepeatedType::class, [
                    'type' => PasswordType::class,

--- a/src/Migrations/Version20221211160940.php
+++ b/src/Migrations/Version20221211160940.php
+<?php
+
+declare(strict_types=1);
+
+namespace DoctrineMigrations;
+
+use Doctrine\DBAL\Schema\Schema;
+use Doctrine\Migrations\AbstractMigration;
+
+/**
+ * Auto-generated Migration: Please modify to your needs!
+ */
+final class Version20221211160940 extends AbstractMigration
+{
+    public function getDescription() : string
+    {
+        return '';
+    }
+
+    public function up(Schema $schema) : void
+    {
+        // this up() migration is auto-generated, please modify it to your needs
+        //$this->addSql('UPDATE usergroup SET roles = \'a:13:{i:0;s:13:\"ROLE_COMPTOIR\";i:1;s:30:\"ROLE_ADMIN_ADHERENT_GERER_EDIT\";i:2;s:30:\"ROLE_ADMIN_ADHERENT_GERER_LIST\";i:3;s:32:\"ROLE_ADMIN_ADHERENT_GERER_CREATE\";i:4;s:30:\"ROLE_ADMIN_ADHERENT_GERER_VIEW\";i:5;s:35:\"ROLE_ADMIN_ADHERENT_COTISATIONS_ALL\";i:6;s:30:\"ROLE_ADMIN_COMPTOIR_GERER_EDIT\";i:7;s:30:\"ROLE_ADMIN_COMPTOIR_GERER_VIEW\";i:8;s:31:\"ROLE_ADMIN_TRANSFERT_GERER_LIST\";i:9;s:33:\"ROLE_ADMIN_TRANSFERT_GERER_CREATE\";i:10;s:31:\"ROLE_ADMIN_TRANSFERT_GERER_VIEW\";i:11;s:43:\"ROLE_ADMIN_OPERATION_PRESTATAIRE_GERER_LIST\";i:12;s:40:\"ROLE_ADMIN_OPERATION_ADHERENT_GERER_LIST\";}\' WHERE name = "Comptoir"');
+        $this->addSql('UPDATE usergroup SET roles = \'a:19:{i:0;s:13:\"ROLE_COMPTOIR\";i:1;s:30:\"ROLE_ADMIN_ADHERENT_GERER_EDIT\";i:2;s:30:\"ROLE_ADMIN_ADHERENT_GERER_LIST\";i:3;s:32:\"ROLE_ADMIN_ADHERENT_GERER_CREATE\";i:4;s:30:\"ROLE_ADMIN_ADHERENT_GERER_VIEW\";i:5;s:35:\"ROLE_ADMIN_ADHERENT_COTISATIONS_ALL\";i:6;s:30:\"ROLE_ADMIN_COMPTOIR_GERER_EDIT\";i:7;s:30:\"ROLE_ADMIN_COMPTOIR_GERER_VIEW\";i:8;s:31:\"ROLE_ADMIN_TRANSFERT_GERER_LIST\";i:9;s:33:\"ROLE_ADMIN_TRANSFERT_GERER_CREATE\";i:10;s:31:\"ROLE_ADMIN_TRANSFERT_GERER_VIEW\";i:11;s:33:\"ROLE_ADMIN_PRESTATAIRE_GERER_VIEW\";i:12;s:39:\"ROLE_ADMIN_PRESTATAIRE_COTISATIONS_VIEW\";i:13;s:33:\"ROLE_ADMIN_PRESTATAIRE_GERER_LIST\";i:14;s:33:\"ROLE_ADMIN_PRESTATAIRE_GERER_EDIT\";i:15;s:39:\"ROLE_ADMIN_PRESTATAIRE_COTISATIONS_EDIT\";i:16;s:39:\"ROLE_ADMIN_PRESTATAIRE_COTISATIONS_LIST\";i:17;s:41:\"ROLE_ADMIN_PRESTATAIRE_COTISATIONS_CREATE\";i:18;s:34:\"ROLE_CHANGE_ADHERENT_PERSONAL_DATA\";}\' WHERE name = "Comptoir"');
+    }
+
+    public function down(Schema $schema) : void
+    {
+        // this down() migration is auto-generated, please modify it to your needs
+    }
+}
--- a/src/Security/Handler/VoterSecurityHandler.php
+++ b/src/Security/Handler/VoterSecurityHandler.php
@@ -3,6 +3,7 @@
 namespace App\Security\Handler;

 use App\Entity\GlobalParameter;
+use App\Entity\User;
 use Doctrine\ORM\EntityManagerInterface;
 use Sonata\AdminBundle\Admin\AdminInterface;
 use Sonata\AdminBundle\Security\Handler\RoleSecurityHandler;
@@ -43,7 +44,8 @@ class VoterSecurityHandler extends RoleSecurityHandler
        try {
            return $this->isAnyGranted($this->superAdminRoles)
                || $this->isAnyGranted($attributes, $object)
-                || $this->isAnyGranted([$allRole], $object);
+                || $this->isAnyGranted([$allRole], $object)
+                || $this->allowToModifyAdherentPersonalData($object);
        } catch (AuthenticationCredentialsNotFoundException $e) {
            return false;
        }
@@ -64,4 +66,16 @@ class VoterSecurityHandler extends RoleSecurityHandler

        return false;
    }
+
+    private function allowToModifyAdherentPersonalData($object): bool
+    {
+        return $_ENV['TAV_ENV']
+            && $object instanceof User && $object->getAdherent()
+            && $this->authorizationChecker->isGranted('ROLE_CHANGE_ADHERENT_PERSONAL_DATA');
+    }
+
+    public function grantChangeAdherentPasswordToNonSuperAdmin($str): bool
+    {
+        return $_ENV['TAV_ENV'] && $this->authorizationChecker->isGranted($str);
+    }
 }