Skip to content

K
kohinos-tav
Project 'cooperatic/kohinos-tav' was moved to 'agplv3/kohinos-tav'. Please update any links and bookmarks that may still have the old path.
Commit e6e07f16 by Yvon Kerdoncuff
Options

Merge branch '5724-delete-user' into 'develop' 

allow superadmin to delete users in tav env + fix impersonating

See merge request cooperatic/kohinos-tav!58
parents 9c6a71e3 89114128
Showing with 90 additions and 15 deletions
src/Application/Sonata/UserBundle/Admin/UserAdmin.php
......@@ -48,14 +48,17 @@ class UserAdmin extends BaseUserAdmin
protected function configureRoutes(RouteCollection $collection)
{
if ($this->isChild()) {
$collection->remove('delete');
// Remove 'delete' action for non tav envs
if (!$this->getConfigurationPool()->getContainer()->getParameter('tav_env')) {
if ($this->isChild()) {
$collection->remove('delete');
return;
}
return;
}
// This is the route configuration as a parent
$collection->remove('delete');
// This is the route configuration as a parent
$collection->remove('delete');
}
}
/**
......@@ -83,6 +86,20 @@ class UserAdmin extends BaseUserAdmin
])
;
// Add delete action on users in TAV envs for super admin
if ($this->isGranted('ROLE_SUPER_ADMIN') && $this->getConfigurationPool()->getContainer()->getParameter('tav_env')) {
$listMapper
->remove('_action')
->add('_action', null, [
'label' => 'Actions',
'actions' => [
'edit' => [],
'delete' => []
],
])
;
}
// TODO: SECURITY BREACH, RESET ASAP!!!
// if ('dev' == $_ENV['APP_ENV'] && $this->isGranted('ROLE_ALLOWED_TO_SWITCH')) {
if ($this->isGranted('ROLE_ALLOWED_TO_SWITCH')) {
......
src/Controller/CRUD/CRUDController.php
......@@ -9,9 +9,20 @@ use Symfony\Component\Form\FormView;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
use App\Utils\CustomEntityManager;
use App\Entity\User;
use App\Entity\Flux;
class CRUDController extends Controller
{
protected $em;
public function __construct(CustomEntityManager $em)
{
$this->em = $em;
}
/**
* Create action.
*
......@@ -211,6 +222,36 @@ class CRUDController extends Controller
return $this->redirectTo($object);
}
if ($object->hasRole('ROLE_API')) {
$this->addFlash(
'sonata_flash_error',
'Vous ne pouvez pas supprimer le compte API !'
);
return $this->redirectTo($object);
}
// Prevent deleting user if flux related to its Adherent account exist
if ($object instanceof User) {
$query = $this->em->getRepository(Flux::class)->getQueryByUser($object);
$hasFluxAdherent = false;
if ($object->getAdherent()) {
$queryAdherent = $this->em->getRepository(Flux::class)->getQueryByAdherent($object->getAdherent());
if (null != $queryAdherent && count($queryAdherent->getResult()) > 0) {
$hasFluxAdherent = true;
}
}
if (null != $query && count($query->getResult()) > 0 || $hasFluxAdherent) {
$this->addFlash(
'sonata_flash_error',
'Vous ne pouvez pas supprimer ce compte utilisateur : des flux en relation à son compte sont enregistrés.'
);
return $this->redirectTo($object);
}
}
return parent::deleteAction($id);
}
......
src/Entity/Adherent.php
......@@ -77,7 +77,7 @@ class Adherent extends AccountableObject implements AccountableInterface
/**
* @var ArrayCollection|AccountAdherent[]
* @ORM\OneToMany(targetEntity="AccountAdherent", mappedBy="adherent")
* @ORM\OneToMany(targetEntity="AccountAdherent", mappedBy="adherent", cascade={"remove"})
*/
private $accounts;
......
src/Repository/FluxRepository.php
......@@ -7,6 +7,7 @@ use App\Entity\Comptoir;
use App\Entity\Flux;
use App\Entity\Groupe;
use App\Entity\Prestataire;
use App\Entity\User;
use Doctrine\Bundle\DoctrineBundle\Repository\ServiceEntityRepository;
use Doctrine\Persistence\ManagerRegistry;
......@@ -237,6 +238,28 @@ class FluxRepository extends ServiceEntityRepository
;
}
/**
* @param User $user
*
* @return Query Returns a query fo finding an array of Flux
*/
public function getQueryByUser(User $user)
{
$sqlQuery = "SELECT f.id FROM {$this->tableName} f WHERE f.user_id = :id";
$statement = $this->connection->prepare($sqlQuery);
$statement->bindValue(':id', $user->getId());
$statement->execute();
$results = $statement->fetchAll();
$qb = $this->createQueryBuilder('f');
return $qb
->where($qb->expr()->in('f.id', ':ids'))
->setParameter('ids', $results)
->orderBy('f.createdAt', 'DESC')
->getQuery()
;
}
public function getTotalVenteAchat()
{
$qb = $this->createQueryBuilder('f');
......
templates/themes/kohinos/common/menu.html.twig
......@@ -80,14 +80,8 @@
</a>
<div class="dropdown-menu dropdown-menu-right" aria-labelledby="navbarDropdownUC">
{# COMPTE ou ECOMPTE : @TODO : mettre plutôt dans le header en visible tout le temps ? #}
{% if app.user and is_granted('ROLE_ADHERENT') %}
<b class="dropdown-item bg-primary text-white">
{% if app.user.adherent %}
Ecompte : {{app.user.adherent.emlcAccount.balance }}
{% else %}
Adhérent introuvable.
{% endif %}
</b>
{% if app.user and app.user.adherent and is_granted('ROLE_ADHERENT') %}
<b class="dropdown-item bg-primary text-white"> Ecompte : {{app.user.adherent.emlcAccount.balance }}</b>
{% elseif app.user and is_granted('ROLE_PRESTATAIRE') and getCurrentPrestataire() != null %}
<b class="dropdown-item bg-primary text-white"> Ecompte : {{getCurrentPrestataire().emlcAccount.balance }}</b>
{% elseif getCurrentGroupe() != null %}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment