Merge branch 'dev' of gl.cooperatic.fr:cooperatic/kohinos into dev

config/packages/security.yaml

@@ -109,14 +109,17 @@ security:
         ROLE_API:               ROLE_USER
         ROLE_ADHERENT:          ROLE_USER
         ROLE_PRESTATAIRE:       ROLE_USER
-        ROLE_ADMIN_SIEGE:       [ROLE_USER, ROLE_ADMIN]
+        ROLE_ADMIN_SIEGE:       [ROLE_USER, ROLE_ADMIN, ROLE_ADMIN_COMPTOIR_READER]
         ROLE_REDACTEUR:         [ROLE_USER, ROLE_ADMIN]
-        ROLE_TRESORIER:         [ROLE_USER, ROLE_ADMIN]
+        ROLE_TRESORIER:         [ROLE_USER, ROLE_ADMIN, ROLE_ADMIN_COMPTOIR_READER]
         ROLE_CONTROLEUR:        [ROLE_USER, ROLE_ADMIN]
         ROLE_GESTION_GROUPE:    [ROLE_USER, ROLE_ADMIN]
         ROLE_COMPTOIR:          [ROLE_USER, ROLE_ADMIN]
         ROLE_CONTACT:           [ROLE_USER, ROLE_ADMIN]
         ROLE_ADMIN:             [ROLE_USER, ROLE_SONATA_ADMIN]
+        ROLE_ADMIN_COMPTOIR_READER:
+            - ROLE_ADMIN_COMPTOIR_GERER_LIST
+            - ROLE_ADMIN_COMPTOIR_GERER_VIEW
         ROLE_SUPER_ADMIN:       [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH, ROLE_API]
 
     # Easy way to control access for large sections of your site

public/.htaccess

 <IfModule mod_rewrite.c>
     Options -MultiViews
+
     RewriteEngine On
+
+    # Https redirection
+    RewriteEngine on
+    RewriteCond %{HTTPS} !=on
+    RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
+
+    # Https redirection for OVH
+    RewriteEngine on
+    RewriteCond %{SERVER_PORT} 80
+    RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
+
+    # Https redirection for Gandi
+    RewriteEngine on
+    RewriteCond %{REQUEST_SCHEME} =http
+    RewriteRule .* https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
+
     RewriteCond %{REQUEST_FILENAME} !-f
     RewriteRule ^(.*)$ index.php [QSA,L]
 </IfModule>

public/.htaccess-for-dev

+<IfModule mod_rewrite.c>
+    Options -MultiViews
+
+    RewriteEngine On
+    RewriteCond %{REQUEST_FILENAME} !-f
+    RewriteRule ^(.*)$ index.php [QSA,L]
+</IfModule>
+
+<IfModule !mod_rewrite.c>
+    <IfModule mod_alias.c>
+        RedirectMatch 302 ^/$ /index.php/
+    </IfModule>
+</IfModule>
+SetOutputFilter DEFLATE
+AddOutputFilterByType DEFLATE "application/atom+xml" "application/javascript" "application/json" "application/ld+json" "application/manifest+json" "application/rdf+xml" "application/rss+xml" "application/schema+json" "application/vnd.geo+json" "application/vnd.ms-fontobject" "application/x-font-ttf" "application/x-javascript" "application/x-web-app-manifest+json" "application/xhtml+xml" "application/xml" "font/eot" "font/opentype" "image/bmp" "image/svg+xml" "image/vnd.microsoft.icon" "image/x-icon" "text/cache-manifest" "text/css" "text/html" "text/javascript" "text/plain" "text/vcard" "text/vnd.rim.location.xloc" "text/vtt" "text/x-component" "text/x-cross-domain-policy" "text/xml"

src/Admin/ComptoirAdmin.php

@@ -53,7 +53,9 @@ class ComptoirAdmin extends AbstractAdmin
         $query = parent::createQuery($context);
         $user = $this->security->getUser();
         if (empty($this->getRequest()->getSession()->get('_groupegere'))) {
-            if ($user->isGranted('ROLE_GESTION_GROUPE') || $user->isGranted('ROLE_CONTACT') || $user->isGranted('ROLE_TRESORIER')) {
+            // TODO: Pourquoi empêcher toutes les "requêtes comptoir" pour ces rôles ?
+            //if ($user->isGranted('ROLE_GESTION_GROUPE') || $user->isGranted('ROLE_CONTACT') || $user->isGranted('ROLE_TRESORIER')) {
+            if ($user->isGranted('ROLE_GESTION_GROUPE') || $user->isGranted('ROLE_CONTACT')) {
                 $query->andWhere('false = true');
             }
         } else {