From 709a9f44cb7a655fedb4d9ac097998ba7f653edf Mon Sep 17 00:00:00 2001 From: Charles Date: Tue, 10 Feb 2026 16:01:59 +0100 Subject: [PATCH] adapt logic to new structure --- src/Service/UserService.php | 69 +++++++++++++++++++++++-------------- 1 file changed, 43 insertions(+), 26 deletions(-) diff --git a/src/Service/UserService.php b/src/Service/UserService.php index 09108a6..0f0dd1c 100644 --- a/src/Service/UserService.php +++ b/src/Service/UserService.php @@ -8,6 +8,7 @@ use App\Entity\Roles; use App\Entity\User; use App\Entity\UserOrganizatonApp; use App\Entity\UsersOrganizations; +use App\Repository\RolesRepository; use DateTimeImmutable; use DateTimeZone; use Doctrine\ORM\EntityManagerInterface; @@ -33,7 +34,7 @@ class UserService private readonly ActionService $actionService, private readonly EmailService $emailService, private readonly OrganizationsService $organizationsService, - private readonly EventDispatcherInterface $eventDispatcher + private readonly EventDispatcherInterface $eventDispatcher, private readonly RolesRepository $rolesRepository ) { @@ -48,6 +49,23 @@ class UserService return bin2hex(random_bytes(32)); } + /** Check if the user is admin in any organization. + * Return true if the user is admin in at least one organization, false otherwise. + * + * @param User $user + * @return bool + * @throws Exception + */ +// TODO: pas sur de l'utiliser, à vérifier + public function isAdminInAnyOrganization(User $user): bool + { + $roleAdmin = $this->rolesRepository->findOneBy(['name' => 'ADMIN']); + $uoAdmin = $this->entityManager->getRepository(UsersOrganizations::class)->findOneBy([ + 'users' => $user, + 'isActive' => true, + 'role'=> $roleAdmin]); + return $uoAdmin !== null; + } /** * Check if the user is currently connected. @@ -75,26 +93,30 @@ class UserService } /** - * Check if the user have the rights to access the page - * Self check can be skipped when checking access for the current user + * Determines if the currently logged-in user has permission to manage or view a target User. + * * Access is granted if: + * 1. The current user is a Super Admin. + * 2. The current user is the target user itself. + * 3. The current user is an active Admin of an organization the target user belongs to. * - * @param User $user - * @param bool $skipSelfCheck - * @return bool - * @throws Exception + * @param User $user The target User object we are checking access against. + * * @return bool True if access is permitted, false otherwise. + * @throws Exception If database or security context issues occur. */ - public function hasAccessTo(User $user, bool $skipSelfCheck = false): bool + public function hasAccessTo(User $user): bool { - if ($this->security->isGranted('ROLE_SUPER_ADMIN')) { + if ($this->security->isGranted('ROLE_ADMIN')) { return true; } - if (!$skipSelfCheck && $user->getUserIdentifier() === $this->security->getUser()->getUserIdentifier()) { +// S'il s'agit de son propre compte, on lui donne accès + if ($user->getUserIdentifier() === $this->security->getUser()->getUserIdentifier()) { return true; } $userOrganizations = $this->entityManager->getRepository(UsersOrganizations::class)->findBy(['users' => $user]); if ($userOrganizations) { foreach ($userOrganizations as $uo) { - if ($this->isAdminOfOrganization($uo->getOrganization()) && $uo->getStatut() === "ACCEPTED" && $uo->isActive()) { + //l'utilisateur doit être actif dans l'org, avoir le statut ACCEPTED (double vérif) et être admin de l'org + if ($uo->getStatut() === "ACCEPTED" && $uo->isActive() && $this->isAdminOfOrganization($uo->getOrganization())) { return true; } } @@ -103,11 +125,11 @@ class UserService } + + /** - * Check if the user is an admin of the organization - * A user is considered an admin of an organization if they have the 'ROLE_ADMIN' AND have the link to the - * entity role 'ROLE_ADMIN' in the UsersOrganizationsApp entity - * (if he is admin for any application of the organization). + * Check if the acting user is an admin of the organization + * A user is considered an admin of an organization if they have an active UsersOrganizations link with the role of ADMIN for that organization. * * @param Organizations $organizations * @return bool @@ -116,19 +138,14 @@ class UserService public function isAdminOfOrganization(Organizations $organizations): bool { $actingUser = $this->getUserByIdentifier($this->security->getUser()->getUserIdentifier()); - $uo = $this->entityManager->getRepository(UsersOrganizations::class)->findOneBy(['users' => $actingUser, 'organization' => $organizations]); $roleAdmin = $this->entityManager->getRepository(Roles::class)->findOneBy(['name' => 'ADMIN']); - if ($uo) { - $uoa = $this->entityManager->getRepository(UserOrganizatonApp::class)->findOneBy(['userOrganization' => $uo, - 'role' => $roleAdmin, - 'isActive' => true]); - if ($uoa && $this->security->isGranted('ROLE_ADMIN')) { - return true; - } - } - return false; - } + $uoAdmin = $this->entityManager->getRepository(UsersOrganizations::class)->findOneBy(['users' => $actingUser, + 'organization' => $organizations, + 'role'=> $roleAdmin, + 'isActive' => true]); + return $uoAdmin !== null; + } /** * Get the user by their identifier.