Commit 5df85678 by Damien Moulard

Merge branch 'dev' of gl.cooperatic.fr:cooperatic/kohinos into dev

parents e31477ea e0839f9a
...@@ -96,7 +96,7 @@ security: ...@@ -96,7 +96,7 @@ security:
switch_user: switch_user:
provider: fos_userbundle provider: fos_userbundle
# access_denied_handler: App\Security\AccessDeniedHandler # access_denied_handler: App\Security\AccessDeniedHandler
encoders: encoders:
# FOS\UserBundle\Model\UserInterface: bcrypt # FOS\UserBundle\Model\UserInterface: bcrypt
FOS\UserBundle\Model\UserInterface: FOS\UserBundle\Model\UserInterface:
...@@ -109,22 +109,25 @@ security: ...@@ -109,22 +109,25 @@ security:
ROLE_API: ROLE_USER ROLE_API: ROLE_USER
ROLE_ADHERENT: ROLE_USER ROLE_ADHERENT: ROLE_USER
ROLE_PRESTATAIRE: ROLE_USER ROLE_PRESTATAIRE: ROLE_USER
ROLE_ADMIN_SIEGE: [ROLE_USER, ROLE_ADMIN] ROLE_ADMIN_SIEGE: [ROLE_USER, ROLE_ADMIN, ROLE_ADMIN_COMPTOIR_READER]
ROLE_REDACTEUR: [ROLE_USER, ROLE_ADMIN] ROLE_REDACTEUR: [ROLE_USER, ROLE_ADMIN]
ROLE_TRESORIER: [ROLE_USER, ROLE_ADMIN] ROLE_TRESORIER: [ROLE_USER, ROLE_ADMIN, ROLE_ADMIN_COMPTOIR_READER]
ROLE_CONTROLEUR: [ROLE_USER, ROLE_ADMIN] ROLE_CONTROLEUR: [ROLE_USER, ROLE_ADMIN]
ROLE_GESTION_GROUPE: [ROLE_USER, ROLE_ADMIN] ROLE_GESTION_GROUPE: [ROLE_USER, ROLE_ADMIN]
ROLE_COMPTOIR: [ROLE_USER, ROLE_ADMIN] ROLE_COMPTOIR: [ROLE_USER, ROLE_ADMIN]
ROLE_CONTACT: [ROLE_USER, ROLE_ADMIN] ROLE_CONTACT: [ROLE_USER, ROLE_ADMIN]
ROLE_ADMIN: [ROLE_USER, ROLE_SONATA_ADMIN] ROLE_ADMIN: [ROLE_USER, ROLE_SONATA_ADMIN]
ROLE_ADMIN_COMPTOIR_READER:
- ROLE_ADMIN_COMPTOIR_GERER_LIST
- ROLE_ADMIN_COMPTOIR_GERER_VIEW
ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH, ROLE_API] ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH, ROLE_API]
# Easy way to control access for large sections of your site # Easy way to control access for large sections of your site
# Note: Only the *first* access control that matches will be used # Note: Only the *first* access control that matches will be used
access_control: access_control:
# #
# @TODO : better access control ! # @TODO : better access control !
# #
# Admin login page needs to be accessed without credential # Admin login page needs to be accessed without credential
# - { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY } # - { path: ^/admin/login$, role: IS_AUTHENTICATED_ANONYMOUSLY }
# - { path: ^/admin/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY } # - { path: ^/admin/logout$, role: IS_AUTHENTICATED_ANONYMOUSLY }
......
<IfModule mod_rewrite.c> <IfModule mod_rewrite.c>
Options -MultiViews Options -MultiViews
RewriteEngine On RewriteEngine On
# Https redirection
RewriteEngine on
RewriteCond %{HTTPS} !=on
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# Https redirection for OVH
RewriteEngine on
RewriteCond %{SERVER_PORT} 80
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
# Https redirection for Gandi
RewriteEngine on
RewriteCond %{REQUEST_SCHEME} =http
RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php [QSA,L] RewriteRule ^(.*)$ index.php [QSA,L]
</IfModule> </IfModule>
......
<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php [QSA,L]
</IfModule>
<IfModule !mod_rewrite.c>
<IfModule mod_alias.c>
RedirectMatch 302 ^/$ /index.php/
</IfModule>
</IfModule>
SetOutputFilter DEFLATE
AddOutputFilterByType DEFLATE "application/atom+xml" "application/javascript" "application/json" "application/ld+json" "application/manifest+json" "application/rdf+xml" "application/rss+xml" "application/schema+json" "application/vnd.geo+json" "application/vnd.ms-fontobject" "application/x-font-ttf" "application/x-javascript" "application/x-web-app-manifest+json" "application/xhtml+xml" "application/xml" "font/eot" "font/opentype" "image/bmp" "image/svg+xml" "image/vnd.microsoft.icon" "image/x-icon" "text/cache-manifest" "text/css" "text/html" "text/javascript" "text/plain" "text/vcard" "text/vnd.rim.location.xloc" "text/vtt" "text/x-component" "text/x-cross-domain-policy" "text/xml"
...@@ -53,7 +53,9 @@ class ComptoirAdmin extends AbstractAdmin ...@@ -53,7 +53,9 @@ class ComptoirAdmin extends AbstractAdmin
$query = parent::createQuery($context); $query = parent::createQuery($context);
$user = $this->security->getUser(); $user = $this->security->getUser();
if (empty($this->getRequest()->getSession()->get('_groupegere'))) { if (empty($this->getRequest()->getSession()->get('_groupegere'))) {
if ($user->isGranted('ROLE_GESTION_GROUPE') || $user->isGranted('ROLE_CONTACT') || $user->isGranted('ROLE_TRESORIER')) { // TODO: Pourquoi empêcher toutes les "requêtes comptoir" pour ces rôles ?
//if ($user->isGranted('ROLE_GESTION_GROUPE') || $user->isGranted('ROLE_CONTACT') || $user->isGranted('ROLE_TRESORIER')) {
if ($user->isGranted('ROLE_GESTION_GROUPE') || $user->isGranted('ROLE_CONTACT')) {
$query->andWhere('false = true'); $query->andWhere('false = true');
} }
} else { } else {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment