Skip to content
Snippets Groups Projects
Commit f5f04f82 authored by nicrausaz's avatar nicrausaz
Browse files

Responsable => acces total

parent 93a1065d
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
canapGEST/API/app/Helpers/AccessLevelHelper.php
+ 20
18
View file @ f5f04f82
...@@ -12,19 +12,10 @@ class AccessLevelHelper ...@@ -12,19 +12,10 @@ class AccessLevelHelper
foreach ($positions as $position) { foreach ($positions as $position) {
$job = DB::table('job')->select()->where('job_id', $position->fk_job)->first(); $job = DB::table('job')->select()->where('job_id', $position->fk_job)->first();
if (isset($access_groups[$job->job_short_value])) { if (isset($access_groups[$job->job_short_value])) {
if ($position->position_access_group == "responsables-apprentis") { array_push($access_groups[$job->job_short_value], $position->position_access_group);
array_push($access_groups[$job->job_short_value], ["position" => $position->position_access_group, "role" => "responsable"]);
} else {
array_push($access_groups[$job->job_short_value], ["position" => $position->position_access_group, "role" => "formateur"]);
}
} else { } else {
if ($position->position_access_group == "responsables-apprentis") { $access_groups[$job->job_short_value][0] = $position->position_access_group;
$access_groups[$job->job_short_value][0] = ["position" => $position->position_access_group, "role" => "responsable"];
} else {
$access_groups[$job->job_short_value][0] = ["position" => $position->position_access_group, "role" => "formateur"];
}
} }
} }
return $access_groups; return $access_groups;
...@@ -55,19 +46,30 @@ class AccessLevelHelper ...@@ -55,19 +46,30 @@ class AccessLevelHelper
{ {
$default_access_groups = self::getDefaultAccessGroups(); $default_access_groups = self::getDefaultAccessGroups();
$user_alloweds = []; $user_alloweds = [];
$user_role = 'formateur'; // formateur
$user_groups = explode(',', $user_groups); $user_groups = explode(',', $user_groups);
foreach ($default_access_groups as $group => $accesses) { if (self::isResponsible($user_groups)) {
foreach ($accesses as $access) { $user_role = 'responsable';
if ((in_array($access['position'], $user_groups))) { foreach ($default_access_groups as $group => $accesses) {
if (self::hasPermittedRole($access['position'], "formateur")) { array_push($user_alloweds, $group);
$user_role = "responsable"; }
}
else {
$user_role = 'formateur';
foreach ($default_access_groups as $group => $accesses) {
foreach ($accesses as $access) {
if ((in_array($access, $user_groups))) {
array_push($user_alloweds, $group);
} }
array_push($user_alloweds, $group);
} }
} }
} }
return ["groups" => array_unique($user_alloweds), "role" => $user_role]; return ["groups" => array_unique($user_alloweds), "role" => $user_role];
} }
public static function isResponsible($user_groups)
{
$responsible_default_group = 'responsables-apprentis';
return in_array($responsible_default_group, $user_groups);
}
} }
\ No newline at end of file
canapGEST/API/app/Http/Controllers/AuthController.php
+ 11
10
View file @ f5f04f82
...@@ -20,18 +20,18 @@ class AuthController extends Controller ...@@ -20,18 +20,18 @@ class AuthController extends Controller
protected function jwt($tequila_attributes) protected function jwt($tequila_attributes)
{ {
$user_perms = AccessLevelHelper::getUserAccess($tequila_attributes['group']); $user_perms = AccessLevelHelper::getUserAccess($tequila_attributes["group"]);
$payload = [ $payload = [
'iss' => "canap-gest", 'iss' => "canap-gest",
"tequila_data" => [ "tequila_data" => [
"firstname" => $tequila_attributes['firstname'], "firstname" => $tequila_attributes["firstname"],
"name" => $tequila_attributes['name'], "name" => $tequila_attributes["name"],
"group" => $tequila_attributes['group'], "group" => $tequila_attributes["group"],
"user" => $tequila_attributes['user'], "user" => $tequila_attributes["user"],
"sciper" => $tequila_attributes['uniqueid'] "sciper" => $tequila_attributes["uniqueid"]
], ],
'permissions' => $user_perms['groups'], 'permissions' => $user_perms["groups"],
"role" => $user_perms['role'], "role" => $user_perms["role"],
'iat' => time(), 'iat' => time(),
'exp' => time() + 43200 'exp' => time() + 43200
]; ];
...@@ -40,6 +40,7 @@ class AuthController extends Controller ...@@ -40,6 +40,7 @@ class AuthController extends Controller
public function login() public function login()
{ {
// TODO: Limit group access
$oClient = new TequilaClient("https://tequila.epfl.ch/cgi-bin/tequila/"); $oClient = new TequilaClient("https://tequila.epfl.ch/cgi-bin/tequila/");
$oClient->setParam( $oClient->setParam(
array( array(
...@@ -47,7 +48,7 @@ class AuthController extends Controller ...@@ -47,7 +48,7 @@ class AuthController extends Controller
'service' => "Canap-Gest", 'service' => "Canap-Gest",
'language' => "francais", 'language' => "francais",
'usecookie' => "on", 'usecookie' => "on",
// 'allows' => "categorie=epfl-guests", // 'allows' => "group=formateurs-epfl",
) )
); );
$oClient->setRequested( $oClient->setRequested(
...@@ -67,13 +68,13 @@ class AuthController extends Controller ...@@ -67,13 +68,13 @@ class AuthController extends Controller
header("Location: " . $oClient->getAuthenticationUrl()); header("Location: " . $oClient->getAuthenticationUrl());
exit; exit;
} }
return response()->json($this->jwt($attributs)); return response()->json($this->jwt($attributs));
} }
public function tequilareturn() public function tequilareturn()
{ {
return redirect()->to("https://canap-gest-dev.local:8080/#/?key=" . $_GET["key"]); return redirect()->to("https://canap-gest-dev.local:8080/#/?key=" . $_GET["key"]);
// return redirect()->to("https://canap-gest:8443/?key=" . $_GET["key"]);
} }
public function logout() public function logout()
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment