Charles-Edouard
/
Easy_solution
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

adapt logic to new structure

This commit is contained in:
Charles 2026-02-10 16:01:59 +01:00
parent a9493bfb0f
commit 709a9f44cb
1 changed files with 43 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

69
src/Service/UserService.php
View File

@ -8,6 +8,7 @@ use App\Entity\Roles;
use App\Entity\User; use App\Entity\User;
use App\Entity\UserOrganizatonApp; use App\Entity\UserOrganizatonApp;
use App\Entity\UsersOrganizations; use App\Entity\UsersOrganizations;
use App\Repository\RolesRepository;
use DateTimeImmutable; use DateTimeImmutable;
use DateTimeZone; use DateTimeZone;
use Doctrine\ORM\EntityManagerInterface; use Doctrine\ORM\EntityManagerInterface;
@ -33,7 +34,7 @@ class UserService
private readonly ActionService $actionService, private readonly ActionService $actionService,
private readonly EmailService $emailService, private readonly EmailService $emailService,
private readonly OrganizationsService $organizationsService, private readonly OrganizationsService $organizationsService,
private readonly EventDispatcherInterface $eventDispatcher private readonly EventDispatcherInterface $eventDispatcher, private readonly RolesRepository $rolesRepository
) )
{ {
@ -48,6 +49,23 @@ class UserService
return bin2hex(random_bytes(32)); return bin2hex(random_bytes(32));
} }
/** Check if the user is admin in any organization.
* Return true if the user is admin in at least one organization, false otherwise.
*
* @param User $user
* @return bool
* @throws Exception
*/
// TODO: pas sur de l'utiliser, à vérifier
public function isAdminInAnyOrganization(User $user): bool
{
$roleAdmin = $this->rolesRepository->findOneBy(['name' => 'ADMIN']);
$uoAdmin = $this->entityManager->getRepository(UsersOrganizations::class)->findOneBy([
'users' => $user,
'isActive' => true,
'role'=> $roleAdmin]);
return $uoAdmin !== null;
}
/** /**
* Check if the user is currently connected. * Check if the user is currently connected.
@ -75,26 +93,30 @@ class UserService
} }
/** /**
* Check if the user have the rights to access the page * Determines if the currently logged-in user has permission to manage or view a target User.
* Self check can be skipped when checking access for the current user * * Access is granted if:
* 1. The current user is a Super Admin.
* 2. The current user is the target user itself.
* 3. The current user is an active Admin of an organization the target user belongs to.
* *
* @param User $user * @param User $user The target User object we are checking access against.
* @param bool $skipSelfCheck * * @return bool True if access is permitted, false otherwise.
* @return bool * @throws Exception If database or security context issues occur.
* @throws Exception
*/ */
public function hasAccessTo(User $user, bool $skipSelfCheck = false): bool public function hasAccessTo(User $user): bool
{ {
if ($this->security->isGranted('ROLE_SUPER_ADMIN')) { if ($this->security->isGranted('ROLE_ADMIN')) {
return true; return true;
} }
if (!$skipSelfCheck && $user->getUserIdentifier() === $this->security->getUser()->getUserIdentifier()) { // S'il s'agit de son propre compte, on lui donne accès
if ($user->getUserIdentifier() === $this->security->getUser()->getUserIdentifier()) {
return true; return true;
} }
$userOrganizations = $this->entityManager->getRepository(UsersOrganizations::class)->findBy(['users' => $user]); $userOrganizations = $this->entityManager->getRepository(UsersOrganizations::class)->findBy(['users' => $user]);
if ($userOrganizations) { if ($userOrganizations) {
foreach ($userOrganizations as $uo) { foreach ($userOrganizations as $uo) {
if ($this->isAdminOfOrganization($uo->getOrganization()) && $uo->getStatut() === "ACCEPTED" && $uo->isActive()) { //l'utilisateur doit être actif dans l'org, avoir le statut ACCEPTED (double vérif) et être admin de l'org
if ($uo->getStatut() === "ACCEPTED" && $uo->isActive() && $this->isAdminOfOrganization($uo->getOrganization())) {
return true; return true;
} }
} }
@ -103,11 +125,11 @@ class UserService
} }
/** /**
* Check if the user is an admin of the organization * Check if the acting user is an admin of the organization
* A user is considered an admin of an organization if they have the 'ROLE_ADMIN' AND have the link to the * A user is considered an admin of an organization if they have an active UsersOrganizations link with the role of ADMIN for that organization.
* entity role 'ROLE_ADMIN' in the UsersOrganizationsApp entity
* (if he is admin for any application of the organization).
* *
* @param Organizations $organizations * @param Organizations $organizations
* @return bool * @return bool
@ -116,19 +138,14 @@ class UserService
public function isAdminOfOrganization(Organizations $organizations): bool public function isAdminOfOrganization(Organizations $organizations): bool
{ {
$actingUser = $this->getUserByIdentifier($this->security->getUser()->getUserIdentifier()); $actingUser = $this->getUserByIdentifier($this->security->getUser()->getUserIdentifier());
$uo = $this->entityManager->getRepository(UsersOrganizations::class)->findOneBy(['users' => $actingUser, 'organization' => $organizations]);
$roleAdmin = $this->entityManager->getRepository(Roles::class)->findOneBy(['name' => 'ADMIN']); $roleAdmin = $this->entityManager->getRepository(Roles::class)->findOneBy(['name' => 'ADMIN']);
if ($uo) { $uoAdmin = $this->entityManager->getRepository(UsersOrganizations::class)->findOneBy(['users' => $actingUser,
$uoa = $this->entityManager->getRepository(UserOrganizatonApp::class)->findOneBy(['userOrganization' => $uo, 'organization' => $organizations,
'role' => $roleAdmin, 'role'=> $roleAdmin,
'isActive' => true]); 'isActive' => true]);
if ($uoa && $this->security->isGranted('ROLE_ADMIN')) { return $uoAdmin !== null;
return true;
}
}
return false;
}
}
/** /**
* Get the user by their identifier. * Get the user by their identifier.