Responsable => acces total

f5f04f82 · nicrausaz · 93a1065d · f5f04f82 · f5f04f82
Commit f5f04f82 authored 5 years ago by nicrausaz
--- a/canapGEST/API/app/Helpers/AccessLevelHelper.php
+++ b/canapGEST/API/app/Helpers/AccessLevelHelper.php
@@ -12,19 +12,10 @@ class AccessLevelHelper

    foreach ($positions as $position) {
      $job = DB::table('job')->select()->where('job_id', $position->fk_job)->first();
-
      if (isset($access_groups[$job->job_short_value])) {
-        if ($position->position_access_group == "responsables-apprentis") {
-          array_push($access_groups[$job->job_short_value], ["position" => $position->position_access_group, "role" => "responsable"]);
-        } else {
-          array_push($access_groups[$job->job_short_value], ["position" => $position->position_access_group, "role" => "formateur"]);
-        }
+        array_push($access_groups[$job->job_short_value], $position->position_access_group);
      } else {
-        if ($position->position_access_group == "responsables-apprentis") {
-          $access_groups[$job->job_short_value][0] = ["position" => $position->position_access_group, "role" => "responsable"];
-        } else {
-          $access_groups[$job->job_short_value][0] = ["position" => $position->position_access_group, "role" => "formateur"];
-        }
+        $access_groups[$job->job_short_value][0] = $position->position_access_group;
      }
    }
    return $access_groups;
@@ -55,19 +46,30 @@ class AccessLevelHelper
  {
    $default_access_groups = self::getDefaultAccessGroups();
    $user_alloweds = [];
-    $user_role = 'formateur'; // formateur
    $user_groups = explode(',', $user_groups);

-    foreach ($default_access_groups as $group => $accesses) {
-      foreach ($accesses as $access) {
-        if ((in_array($access['position'], $user_groups))) {
-          if (self::hasPermittedRole($access['position'], "formateur")) {
-            $user_role = "responsable";
+    if (self::isResponsible($user_groups)) {
+      $user_role = 'responsable';
+      foreach ($default_access_groups as $group => $accesses) {
+        array_push($user_alloweds, $group);
+      }
+    }
+    else {
+      $user_role = 'formateur';
+      foreach ($default_access_groups as $group => $accesses) {
+        foreach ($accesses as $access) {
+          if ((in_array($access, $user_groups))) {
+            array_push($user_alloweds, $group);
          }
-          array_push($user_alloweds, $group);
        }
      }
    }
    return ["groups" => array_unique($user_alloweds), "role" => $user_role];
  }
+
+  public static function isResponsible($user_groups)
+  {
+    $responsible_default_group = 'responsables-apprentis';
+    return in_array($responsible_default_group, $user_groups);
+  }
 }
\ No newline at end of file
--- a/canapGEST/API/app/Http/Controllers/AuthController.php
+++ b/canapGEST/API/app/Http/Controllers/AuthController.php
@@ -20,18 +20,18 @@ class AuthController extends Controller

  protected function jwt($tequila_attributes)
  {
-    $user_perms = AccessLevelHelper::getUserAccess($tequila_attributes['group']);
+    $user_perms = AccessLevelHelper::getUserAccess($tequila_attributes["group"]);
    $payload = [
      'iss' => "canap-gest",
      "tequila_data" => [
-        "firstname" => $tequila_attributes['firstname'],
-        "name" => $tequila_attributes['name'],
-        "group" => $tequila_attributes['group'],
-        "user" => $tequila_attributes['user'],
-        "sciper" => $tequila_attributes['uniqueid']
+        "firstname" => $tequila_attributes["firstname"],
+        "name" => $tequila_attributes["name"],
+        "group" => $tequila_attributes["group"],
+        "user" => $tequila_attributes["user"],
+        "sciper" => $tequila_attributes["uniqueid"]
      ],
-      'permissions' => $user_perms['groups'],
-      "role" => $user_perms['role'],
+      'permissions' => $user_perms["groups"],
+      "role" => $user_perms["role"],
      'iat' => time(),
      'exp' => time() + 43200
    ];
@@ -40,6 +40,7 @@ class AuthController extends Controller

  public function login()
  {
+    // TODO: Limit group access
    $oClient = new TequilaClient("https://tequila.epfl.ch/cgi-bin/tequila/");
    $oClient->setParam(
      array(
@@ -47,7 +48,7 @@ class AuthController extends Controller
        'service'   => "Canap-Gest",
        'language'  => "francais",
        'usecookie' => "on",
-        // 'allows'    => "categorie=epfl-guests",
+        // 'allows'    => "group=formateurs-epfl",
      )
    );
    $oClient->setRequested(
@@ -67,13 +68,13 @@ class AuthController extends Controller
      header("Location: " . $oClient->getAuthenticationUrl());
      exit;
    }
-
    return response()->json($this->jwt($attributs));
  }

  public function tequilareturn()
  {
    return redirect()->to("https://canap-gest-dev.local:8080/#/?key=" . $_GET["key"]);
+    // return redirect()->to("https://canap-gest:8443/?key=" . $_GET["key"]);
  }

  public function logout()