Skip to content

K
kohinos
Commit 5df85678 by Damien Moulard
Options

Merge branch 'dev' of gl.cooperatic.fr:cooperatic/kohinos into dev

parents e31477ea e0839f9a
Showing with 43 additions and 6 deletions
config/packages/security.yaml
......@@ -96,7 +96,7 @@ security:
switch_user:
provider: fos_userbundle
# access_denied_handler: App\Security\AccessDeniedHandler
encoders:
# FOS\UserBundle\Model\UserInterface: bcrypt
FOS\UserBundle\Model\UserInterface:
......@@ -109,22 +109,25 @@ security:
ROLE_API: ROLE_USER
ROLE_ADHERENT: ROLE_USER
ROLE_PRESTATAIRE: ROLE_USER
ROLE_ADMIN_SIEGE: [ROLE_USER, ROLE_ADMIN]
ROLE_ADMIN_SIEGE: [ROLE_USER, ROLE_ADMIN, ROLE_ADMIN_COMPTOIR_READER]
ROLE_REDACTEUR: [ROLE_USER, ROLE_ADMIN]
ROLE_TRESORIER: [ROLE_USER, ROLE_ADMIN]
ROLE_TRESORIER: [ROLE_USER, ROLE_ADMIN, ROLE_ADMIN_COMPTOIR_READER]
ROLE_CONTROLEUR: [ROLE_USER, ROLE_ADMIN]
ROLE_GESTION_GROUPE: [ROLE_USER, ROLE_ADMIN]
ROLE_COMPTOIR: [ROLE_USER, ROLE_ADMIN]
ROLE_CONTACT: [ROLE_USER, ROLE_ADMIN]
ROLE_ADMIN: [ROLE_USER, ROLE_SONATA_ADMIN]
ROLE_ADMIN_COMPTOIR_READER:
- ROLE_ADMIN_COMPTOIR_GERER_LIST
- ROLE_ADMIN_COMPTOIR_GERER_VIEW
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH, ROLE_API]
# Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used
access_control:
#
#
# @TODO : better access control !
#
#
# Admin login page needs to be accessed without credential
# - { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
# - { path: ^/admin/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
......
public/.htaccess
<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
# Https redirection
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# Https redirection for OVH
RewriteEngine on
RewriteCond %{SERVER_PORT} 80
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# Https redirection for Gandi
RewriteEngine on
RewriteCond %{REQUEST_SCHEME} =http
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php [QSA,L]
</IfModule>
......
public/.htaccess-for-dev 0 → 100644
<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php [QSA,L]
</IfModule>
<IfModule !mod_rewrite.c>
<IfModule mod_alias.c>
RedirectMatch 302 ^/$ /index.php/
</IfModule>
</IfModule>
SetOutputFilter DEFLATE
AddOutputFilterByType DEFLATE "application/atom+xml" "application/javascript" "application/json" "application/ld+json" "application/manifest+json" "application/rdf+xml" "application/rss+xml" "application/schema+json" "application/vnd.geo+json" "application/vnd.ms-fontobject" "application/x-font-ttf" "application/x-javascript" "application/x-web-app-manifest+json" "application/xhtml+xml" "application/xml" "font/eot" "font/opentype" "image/bmp" "image/svg+xml" "image/vnd.microsoft.icon" "image/x-icon" "text/cache-manifest" "text/css" "text/html" "text/javascript" "text/plain" "text/vcard" "text/vnd.rim.location.xloc" "text/vtt" "text/x-component" "text/x-cross-domain-policy" "text/xml"
src/Admin/ComptoirAdmin.php
......@@ -53,7 +53,9 @@ class ComptoirAdmin extends AbstractAdmin
$query = parent::createQuery($context);
$user = $this->security->getUser();
if (empty($this->getRequest()->getSession()->get('_groupegere'))) {
if ($user->isGranted('ROLE_GESTION_GROUPE') || $user->isGranted('ROLE_CONTACT') || $user->isGranted('ROLE_TRESORIER')) {
// TODO: Pourquoi empêcher toutes les "requêtes comptoir" pour ces rôles ?
//if ($user->isGranted('ROLE_GESTION_GROUPE') || $user->isGranted('ROLE_CONTACT') || $user->isGranted('ROLE_TRESORIER')) {
if ($user->isGranted('ROLE_GESTION_GROUPE') || $user->isGranted('ROLE_CONTACT')) {
$query->andWhere('false = true');
}
} else {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment