Charles-Edouard
/
Easy_solution
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Refactor user view

This commit is contained in:
Charles 2025-11-24 15:53:19 +01:00
parent 04b8b26d65
commit 9d394c34f4
5 changed files with 144 additions and 201 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

131
src/Controller/UserController.php
View File

@ -57,68 +57,62 @@ class UserController extends AbstractController
{ {
} }
//TODO : REMOVE DEAD CODE due to the use of tabulator in the frontend
#[Route('/view/{id}', name: 'show', methods: ['GET'])] #[Route('/view/{id}', name: 'show', methods: ['GET'])]
public function view(int $id, Request $request): Response public function view(int $id, Request $request): Response
{ {
// Accès : uniquement utilisateur authentifié
$this->denyAccessUnlessGranted('ROLE_USER'); $this->denyAccessUnlessGranted('ROLE_USER');
// Utilisateur courant (acting user) via UserService
$actingUser = $this->userService->getUserByIdentifier($this->getUser()->getUserIdentifier()); $actingUser = $this->userService->getUserByIdentifier($this->getUser()->getUserIdentifier());
// Vérification des droits d'accès supplémentaires
if (!$this->userService->hasAccessTo($actingUser)) { if (!$this->userService->hasAccessTo($actingUser)) {
throw $this->createAccessDeniedException(self::ACCESS_DENIED); throw $this->createAccessDeniedException(self::ACCESS_DENIED);
} }
// Chargement de l'utilisateur cible à afficher
$user = $this->userRepository->find($id); $user = $this->userRepository->find($id);
try { try {
// Paramètre optionnel de contexte organisationnel
$orgId = $request->query->get('organizationId'); $orgId = $request->query->get('organizationId');
// Liste de toutes les applications (pour créer des groupes même si vides)
$apps = $this->appsRepository->findAll(); $apps = $this->appsRepository->findAll();
$roles = $this->rolesRepository->findAll();
$data = [ // Initialisations pour la résolution des UsersOrganizations (UO)
'roles' => $roles,
];
$uoList = [];
$singleUo = null; $singleUo = null;
$uoActive = null; $uoActive = null;
$orgs = [];
// get uo or uoS based on orgId
if ($orgId) { if ($orgId) {
// Specific organization context // Contexte organisation précis : récupérer l'organisation et les liens UO
$orgs = $this->organizationRepository->findBy(['id' => $orgId]); $organization = $this->organizationRepository->findBy(['id' => $orgId]);
$uoList = $this->uoRepository->findBy([ $uoList = $this->uoRepository->findBy([
'users' => $user, 'users' => $user,
'organization' => $orgs, 'organization' => $organization,
'isActive' => true,
]); ]);
if (!$uoList) { if (!$uoList) {
throw $this->createNotFoundException(self::NOT_FOUND); throw $this->createNotFoundException(self::NOT_FOUND);
} }
// Si contexte org donné, on retient la première UO (singleUo)
$singleUo = $uoList[0]; $singleUo = $uoList[0];
$data["singleUo"] = $singleUo;
$uoActive = $singleUo->isActive(); $uoActive = $singleUo->isActive();
} else { } else {
// All active organizations // Pas de contexte org : récupérer toutes les UO actives de l'utilisateur
$uoList = $this->uoRepository->findBy([ $uoList = $this->uoRepository->findBy([
'users' => $user, 'users' => $user,
'isActive' => true, 'isActive' => true,
]); ]);
foreach ($uoList as $u) {
$orgs[] = $u->getOrganization();
} }
if (count($uoList) === 1) { // Charger les liens UserOrganizationApp (UOA) actifs pour les UO trouvées
$singleUo = $uoList[0];
$uoActive = $singleUo->isActive();
}
}
$data['uoList'] = $uoList;
$data['singleUo'] = $singleUo;
// Load user-organization-app roles (can be empty) // Load user-organization-app roles (can be empty)
$uoa = $this->entityManager $uoa = $this->entityManager
->getRepository(UserOrganizatonApp::class) ->getRepository(UserOrganizatonApp::class)
@ -127,80 +121,41 @@ class UserController extends AbstractController
'isActive' => true, 'isActive' => true,
]); ]);
// Group existing UOA per app // Group UOA by app and ensure every app has a group
$uoas = $this->userOrganizationAppService $data['uoas'] = $this->userOrganizationAppService
->groupUserOrganizationAppsByApplication($uoa); ->groupUserOrganizationAppsByApplication(
$uoa,
// ---------- HERE: create empty groups for apps with no UOA ---------- $apps,
// Index existing groups by app id $singleUo ? $singleUo->getId() : null
$indexedUoas = [];
foreach ($uoas as $group) {
$indexedUoas[$group['application']->getId()] = $group;
}
// Load all possible roles once
$allRoles = $this->entityManager->getRepository(Roles::class)->findAll();
foreach ($apps as $app) {
$appId = $app->getId();
if (!isset($indexedUoas[$appId])) {
// No UOA for this app yet: create an empty group
$indexedUoas[$appId] = [
'uoId' => $singleUo ? $singleUo->getId() : null,
'application' => $app,
'roles' => [],
'rolesArray' => [],
'selectedRoleIds' => [],
];
foreach ($allRoles as $role) {
// Same security logic: ADMIN cannot assign SUPER ADMIN
if ($this->isGranted('ROLE_ADMIN')
&& !$this->isGranted('ROLE_SUPER_ADMIN')
&& $role->getName() === 'SUPER ADMIN') {
continue;
}
$indexedUoas[$appId]['rolesArray'][] = [
'id' => $role->getId(),
'name' => $role->getName(),
];
}
}
}
if(!$orgId){
$data['singleUo'] = null;
}
// Overwrite $uoas to include groups for *all* apps
$uoas = array_values($indexedUoas);
$data['uoas'] = $uoas;
// -------------------------------------------------------------------
// Compute "can edit" flag: admin AND exactly one UO
$canEditRoles = $this->isGranted('ROLE_ADMIN') && count($uoList) === 1;
$this->actionService->createAction(
"View user information",
$actingUser,
null,
$user->getUserIdentifier()
); );
} catch (\Exception $e) { //Build roles based on user permissions.
$canEditRoles = false; //Admin can't see or edit a super admin user
$this->logger->error($e->getMessage()); if ($this->isGranted('ROLE_SUPER_ADMIN')) {
$data['rolesArray'] = $this->rolesRepository->findAll();
} elseif (!$orgId) {
$data['rolesArray'] = $this->userService->getRolesArrayForUser($actingUser, true);
} else {
$data['rolesArray'] = $this->userService->getRolesArrayForUser($actingUser);
} }
// -------------------------------------------------------------------
// Calcul du flag de modification : utilisateur admin ET exactement 1 UO
$canEdit = $this->userService->canEditRolesCheck($actingUser, $user, $organization, $this->isGranted('ROLE_ADMIN'));
} catch (\Exception $e) {
// En cas d'erreur, désactiver l'édition et logger l'exception
$canEdit = false;
$this->logger->error($e->getMessage());
}
return $this->render('user/show.html.twig', [ return $this->render('user/show.html.twig', [
'user' => $user, 'user' => $user,
'uoas' => $uoas ?? null,
'orgs' => $orgs ?? null,
'organizationId' => $orgId ?? null, 'organizationId' => $orgId ?? null,
'uoActive' => $uoActive ?? null, 'uoActive' => $uoActive ?? null,
'apps' => $apps ?? [], 'apps' => $apps ?? [],
'data' => $data ?? [], 'data' => $data ?? [],
'canEditRoles' => $canEditRoles ?? false, 'canEdit' => $canEdit ?? false,
]); ]);
} }

47
src/Service/UserOrganizationAppService.php
View File

@ -19,18 +19,21 @@ class UserOrganizationAppService
} }
/** /**
* Groups UserOrganizationApp entities by Application * Groups UserOrganizationApp by application and ensures every app has a group (even if empty).
* and prepares data for Twig.
* *
* @param UserOrganizatonApp[] $userOrgApps * @param array $userOrgApps Array of UserOrganizatonApp entities
* @return array * @param array $allApps Array of all Application entities
* @param int|null $defaultUoId The UserOrganization ID to use for apps with no UOA
* @return array Indexed by app ID: ['uoId' => int|null, 'application' => App, 'selectedRoleIds' => int[]]
*/ */
public function groupUserOrganizationAppsByApplication(array $userOrgApps): array public function groupUserOrganizationAppsByApplication(
{ array $userOrgApps,
array $allApps,
?int $defaultUoId = null
): array {
$grouped = []; $grouped = [];
foreach ($userOrgApps as $uoa) { foreach ($userOrgApps as $uoa) {
$app = $uoa->getApplication(); $app = $uoa->getApplication();
$appId = $app->getId(); $appId = $app->getId();
$roleEntity = $uoa->getRole(); $roleEntity = $uoa->getRole();
@ -39,39 +42,27 @@ class UserOrganizationAppService
$grouped[$appId] = [ $grouped[$appId] = [
'uoId' => $uoa->getUserOrganization()->getId(), 'uoId' => $uoa->getUserOrganization()->getId(),
'application' => $app, 'application' => $app,
'roles' => [],
'rolesArray' => [],
'selectedRoleIds' => [], 'selectedRoleIds' => [],
]; ];
} }
$grouped[$appId]['roles'][] = [
'id' => $roleEntity->getId(),
'name' => $roleEntity->getName(),
];
$grouped[$appId]['selectedRoleIds'][] = $roleEntity->getId(); $grouped[$appId]['selectedRoleIds'][] = $roleEntity->getId();
} }
// Load all possible roles once // Ensure every app has a group
$allRoles = $this->entityManager->getRepository(Roles::class)->findAll(); foreach ($allApps as $app) {
$appId = $app->getId();
foreach ($grouped as &$appGroup) { if (!isset($grouped[$appId])) {
foreach ($allRoles as $role) { $grouped[$appId] = [
// exclude SUPER ADMIN from assignable roles if current user is just ADMIN 'uoId' => $defaultUoId,
if ($this->security->isGranted('ROLE_ADMIN') 'application' => $app,
&& !$this->security->isGranted('ROLE_SUPER_ADMIN') 'selectedRoleIds' => [],
&& $role->getName() === 'SUPER ADMIN') {
continue;
}
$appGroup['rolesArray'][] = [
'id' => $role->getId(),
'name' => $role->getName(),
]; ];
} }
} }
return array_values($grouped); return $grouped; // IMPORTANT: keep indexed by appId
} }
/** /**

52
src/Service/UserService.php
View File

@ -261,21 +261,6 @@ class UserService
throw new FileException('File upload failed: ' . $e->getMessage()); throw new FileException('File upload failed: ' . $e->getMessage());
} }
// // Define upload directory
// $uploadDirectory = $this->profileDirectory;
// // Create directory if it doesn't exist
// if (!is_dir($uploadDirectory) && !mkdir($uploadDirectory, 0755, true) && !is_dir($uploadDirectory)) {
// throw new DirectoryCouldNotBeCreatedException(sprintf('Directory "%s" was not created', $uploadDirectory));
// }
// try {
//
// // Move the file to the upload directory
// $picture->move($uploadDirectory, $customFilename);
//
// // Update user entity with the file path (relative to public directory)
// $user->setPictureUrl('uploads/profile/' . $customFilename);
// //
// //
} }
@ -471,4 +456,41 @@ class UserService
return null; return null;
} }
/**
* Get roles array for a user, optionally including super admin roles.
* ViewSAdminRoles flag determines if super admin roles should be included.
*
* @param User $actingUser
* @param bool $viewSAdminRoles
* @return array
*/
public function getRolesArrayForUser(User $actingUser, bool $viewSAdminRoles = false): array
{
$roles = $this->entityManager->getRepository(Roles::class)->findAll();
$rolesArray = [];
foreach ($roles as $role) {
if (!$viewSAdminRoles && $role->getName() === 'SUPER ADMIN') {
continue;
}
$rolesArray[] = [
'id' => $role->getId(),
'name' => $role->getName(),
];
}
return $rolesArray;
}
public function canEditRolesCheck(User $actingUser, User $user, $org, bool $isAdmin): bool
{
$userRoles = $user->getRoles();
$actingUserRoles = $actingUser->getRoles();
// if acting user is admin, he can´t edit super admin roles
if (in_array('ROLE_SUPER_ADMIN', $userRoles, true) && !in_array('ROLE_SUPER_ADMIN', $actingUserRoles, true)) {
return false;
}
return $isAdmin && !empty($org);
}
} }

56
templates/user/show.html.twig
View File

@ -33,15 +33,9 @@
<div class="card border-0 no-header-bg "> <div class="card border-0 no-header-bg ">
<div class="card-header"> <div class="card-header">
{% if orgs|length >0 %}
<div class="card-title"> <div class="card-title">
<h1>Vos applications</h1> <h1>Vos applications</h1>
</div> </div>
{% else %}
<div class="card-title">
<h1>Aucune application</h1>
</div>
{% endif %}
</div> </div>
@ -62,30 +56,23 @@
<div class="card-body"> <div class="card-body">
<div class="row"> <div class="row">
<p><b>Description <p>
:</b> {{ app.descriptionSmall|default('Aucune description disponible.')|raw }} <b>Description :</b>
{{ app.descriptionSmall|default('Aucune description disponible.')|raw }}
</p> </p>
</div> </div>
{# EDITABLE if admin and exactly one UO #}
{% if canEditRoles and data.singleUo is not null %} {# find appGroup once, used in both editable and read-only branches #}
{% set appGroup = data.uoas[app.id]|default(null) %}
{% if canEdit %}
<form method="POST" <form method="POST"
action="{{ path('user_application_role', { id: data.singleUo.id }) }}"> action="{{ path('user_application_role', { id: data.singleUo.id }) }}">
{# for this app, find its grouped info #}
{# Find the group for this specific app #}
{% set appGroup = null %}
{% for group in data.uoas|default([]) %}
{% if group.application.id == app.id %}
{% set appGroup = group %}
{% endif %}
{% endfor %}
<div class="form-group mb-3"> <div class="form-group mb-3">
<label for="roles-{{ app.id }}"><b>Rôles :</b></label> <label for="roles-{{ app.id }}"><b>Rôles :</b></label>
<div class="form-check"> <div class="form-check">
{% if appGroup %} {% if appGroup %}
{# Use rolesArray: filtered by current user's level (no SUPER ADMIN for plain ADMIN, etc.) #} {% for role in data.rolesArray %}
{% for role in appGroup.rolesArray %}
<input class="form-check-input" type="checkbox" <input class="form-check-input" type="checkbox"
name="roles[]" name="roles[]"
value="{{ role.id }}" value="{{ role.id }}"
@ -100,12 +87,8 @@
{% endif %} {% endif %}
</label> </label>
{% endfor %} {% endfor %}
{% else %} {% else %}
<p class="text-muted">Aucun rôle défini pour cette application.</p>
<p class="text-muted">Aucun rôle défini pour cette
application.</p>
{% endif %} {% endif %}
</div> </div>
<button type="submit" name="appId" value="{{ app.id }}" <button type="submit" name="appId" value="{{ app.id }}"
@ -114,29 +97,18 @@
</button> </button>
</div> </div>
</form> </form>
{# READ ONLY otherwise #}
{% else %} {% else %}
{% set appGroup = null %}
{% for group in data.uoas|default([]) %}
{% if group.application.id == app.id %}
{% set appGroup = group %}
{% endif %}
{% endfor %}
<div class="form-group mb-3"> <div class="form-group mb-3">
<label for="roles-{{ app.id }}"><b>Rôles :</b></label> <label for="roles-{{ app.id }}"><b>Rôles :</b></label>
<div class="form-check"> <div class="form-check">
{% if appGroup %} {% if appGroup %}
{# Use rolesArray: filtered by current user's level (no SUPER ADMIN for plain ADMIN, etc.) #} {% for role in data.rolesArray %}
{% for role in appGroup.rolesArray %}
<input class="form-check-input" type="checkbox" <input class="form-check-input" type="checkbox"
disabled disabled
name="roles[]" name="roles[]"
value="{{ role.id }}" value="{{ role.id }}"
id="role-{{ role.id }}-app-{{ app.id }}" id="role-{{ role.id }}-app-{{ app.id }}"
{% if appGroup and role.id in appGroup.selectedRoleIds %}checked{% endif %}> {% if role.id in appGroup.selectedRoleIds %}checked{% endif %}>
<label class="form-check" <label class="form-check"
for="role-{{ role.id }}-app-{{ app.id }}"> for="role-{{ role.id }}-app-{{ app.id }}">
{% if role.name == 'USER' %} {% if role.name == 'USER' %}
@ -147,10 +119,8 @@
</label> </label>
{% endfor %} {% endfor %}
{% else %} {% else %}
<p class="text-muted">Aucun rôle défini pour cette <p class="text-muted">Aucun rôle défini pour cette application.</p>
application.</p>
{% endif %} {% endif %}
</div> </div>
</div> </div>
{% endif %} {% endif %}

7
templates/user/userInformation.html.twig
View File

@ -12,12 +12,14 @@
</div> </div>
<div class="d-flex gap-2"> <div class="d-flex gap-2">
{% if canEdit %}
{% if organizationId is not null %} {% if organizationId is not null %}
{% if uoActive %} {% if uoActive %}
<form method="post" action="{{ path('user_deactivate_organization', {'id': user.id}) }}" <form method="post" action="{{ path('user_deactivate_organization', {'id': user.id}) }}"
onsubmit="return confirm('Vous allez retirer l\'utilisateur de cette organisation, êtes vous sûre?');"> onsubmit="return confirm('Vous allez retirer l\'utilisateur de cette organisation, êtes vous sûre?');">
<input type="hidden" name="organizationId" value="{{ organizationId }}"> <input type="hidden" name="organizationId" value="{{ organizationId }}">
<button class="btn btn-secondary" type="submit">Désactiver l'utilisateur de l'organisation <button class="btn btn-secondary" type="submit">Désactiver l'utilisateur de
l'organisation
</button> </button>
</form> </form>
{% else %} {% else %}
@ -29,8 +31,11 @@
</form> </form>
{% endif %} {% endif %}
{% endif %} {% endif %}
<a href="{{ path('user_edit', {'id': user.id, 'organizationId': organizationId}) }}" <a href="{{ path('user_edit', {'id': user.id, 'organizationId': organizationId}) }}"
class="btn btn-primary">Modifier</a> class="btn btn-primary">Modifier</a>
{% endif %}
</div> </div>
</div> </div>