From f5f04f824fadff0c3e99b1fa755276b24d01b8a1 Mon Sep 17 00:00:00 2001
From: nicrausaz <n.crausaz99@gmail.com>
Date: Fri, 24 May 2019 08:35:21 +0200
Subject: [PATCH] Responsable => acces total
---
.../API/app/Helpers/AccessLevelHelper.php | 38 ++++++++++---------
.../app/Http/Controllers/AuthController.php | 21 +++++-----
2 files changed, 31 insertions(+), 28 deletions(-)
diff --git a/canapGEST/API/app/Helpers/AccessLevelHelper.php b/canapGEST/API/app/Helpers/AccessLevelHelper.php
index 6254551..579fdea 100644
--- a/canapGEST/API/app/Helpers/AccessLevelHelper.php
+++ b/canapGEST/API/app/Helpers/AccessLevelHelper.php
@@ -12,19 +12,10 @@ class AccessLevelHelper
foreach ($positions as $position) {
$job = DB::table('job')->select()->where('job_id', $position->fk_job)->first();
-
if (isset($access_groups[$job->job_short_value])) {
- if ($position->position_access_group == "responsables-apprentis") {
- array_push($access_groups[$job->job_short_value], ["position" => $position->position_access_group, "role" => "responsable"]);
- } else {
- array_push($access_groups[$job->job_short_value], ["position" => $position->position_access_group, "role" => "formateur"]);
- }
+ array_push($access_groups[$job->job_short_value], $position->position_access_group);
} else {
- if ($position->position_access_group == "responsables-apprentis") {
- $access_groups[$job->job_short_value][0] = ["position" => $position->position_access_group, "role" => "responsable"];
- } else {
- $access_groups[$job->job_short_value][0] = ["position" => $position->position_access_group, "role" => "formateur"];
- }
+ $access_groups[$job->job_short_value][0] = $position->position_access_group;
}
}
return $access_groups;
@@ -55,19 +46,30 @@ class AccessLevelHelper
{
$default_access_groups = self::getDefaultAccessGroups();
$user_alloweds = [];
- $user_role = 'formateur'; // formateur
$user_groups = explode(',', $user_groups);
- foreach ($default_access_groups as $group => $accesses) {
- foreach ($accesses as $access) {
- if ((in_array($access['position'], $user_groups))) {
- if (self::hasPermittedRole($access['position'], "formateur")) {
- $user_role = "responsable";
+ if (self::isResponsible($user_groups)) {
+ $user_role = 'responsable';
+ foreach ($default_access_groups as $group => $accesses) {
+ array_push($user_alloweds, $group);
+ }
+ }
+ else {
+ $user_role = 'formateur';
+ foreach ($default_access_groups as $group => $accesses) {
+ foreach ($accesses as $access) {
+ if ((in_array($access, $user_groups))) {
+ array_push($user_alloweds, $group);
}
- array_push($user_alloweds, $group);
}
}
}
return ["groups" => array_unique($user_alloweds), "role" => $user_role];
}
+
+ public static function isResponsible($user_groups)
+ {
+ $responsible_default_group = 'responsables-apprentis';
+ return in_array($responsible_default_group, $user_groups);
+ }
}
\ No newline at end of file
diff --git a/canapGEST/API/app/Http/Controllers/AuthController.php b/canapGEST/API/app/Http/Controllers/AuthController.php
index f6b2fbc..730c987 100644
--- a/canapGEST/API/app/Http/Controllers/AuthController.php
+++ b/canapGEST/API/app/Http/Controllers/AuthController.php
@@ -20,18 +20,18 @@ class AuthController extends Controller
protected function jwt($tequila_attributes)
{
- $user_perms = AccessLevelHelper::getUserAccess($tequila_attributes['group']);
+ $user_perms = AccessLevelHelper::getUserAccess($tequila_attributes["group"]);
$payload = [
'iss' => "canap-gest",
"tequila_data" => [
- "firstname" => $tequila_attributes['firstname'],
- "name" => $tequila_attributes['name'],
- "group" => $tequila_attributes['group'],
- "user" => $tequila_attributes['user'],
- "sciper" => $tequila_attributes['uniqueid']
+ "firstname" => $tequila_attributes["firstname"],
+ "name" => $tequila_attributes["name"],
+ "group" => $tequila_attributes["group"],
+ "user" => $tequila_attributes["user"],
+ "sciper" => $tequila_attributes["uniqueid"]
],
- 'permissions' => $user_perms['groups'],
- "role" => $user_perms['role'],
+ 'permissions' => $user_perms["groups"],
+ "role" => $user_perms["role"],
'iat' => time(),
'exp' => time() + 43200
];
@@ -40,6 +40,7 @@ class AuthController extends Controller
public function login()
{
+ // TODO: Limit group access
$oClient = new TequilaClient("https://tequila.epfl.ch/cgi-bin/tequila/");
$oClient->setParam(
array(
@@ -47,7 +48,7 @@ class AuthController extends Controller
'service' => "Canap-Gest",
'language' => "francais",
'usecookie' => "on",
- // 'allows' => "categorie=epfl-guests",
+ // 'allows' => "group=formateurs-epfl",
)
);
$oClient->setRequested(
@@ -67,13 +68,13 @@ class AuthController extends Controller
header("Location: " . $oClient->getAuthenticationUrl());
exit;
}
-
return response()->json($this->jwt($attributs));
}
public function tequilareturn()
{
return redirect()->to("https://canap-gest-dev.local:8080/#/?key=" . $_GET["key"]);
+ // return redirect()->to("https://canap-gest:8443/?key=" . $_GET["key"]);
}
public function logout()
--
GitLab