Conversation
There was a problem hiding this comment.
Ici on change la config https://symfony.com/doc/current/security.html#hierarchical-roles
On ajoute au role ROLE_SUPER_ADMIN pour chaque process un role ROLE_PROCESS_VIEW#{process.code} && ROLE_PROCESS_EXECUTE#{process.code}
| ChoiceFilter::new('level')->setChoices(array_combine(Level::NAMES, Level::VALUES)) | ||
| )->add('message')->add('context')->add('createdAt'); | ||
| } | ||
|
|
There was a problem hiding this comment.
Modification du query builder de la page de listing des logs pour ne pas afficher les rôles sur lesquels l'user connecté n'a pas le role ROLE_PROCESS_VIEW#{process.code}
| \DIRECTORY_SEPARATOR.$processExecution->logFilename | ||
| ; | ||
| } | ||
|
|
There was a problem hiding this comment.
Modification du query builder de la page de listing de l'execution des process pour ne pas afficher les rôles sur lesquels l'user connecté n'a pas le role ROLE_PROCESS_VIEW#{process.code}
njoubert-cleverage
added
enhancement
| $processRoles = array_merge(...array_map(fn ($code) => ['ROLE_PROCESS_VIEW#'.$code, 'ROLE_PROCESS_EXECUTE#'.$code], $processCodes)); | ||
| $roleHierarchy = $container->getParameter('security.role_hierarchy.roles'); | ||
| if (\is_array($roleHierarchy)) { | ||
| $roleHierarchy['ROLE_SUPER_ADMIN'] = array_merge($roleHierarchy['ROLE_SUPER_ADMIN'] ?? [], $processRoles); |
There was a problem hiding this comment.
Rajouter 2 niveaux ROLE_PROCESS_VIEW et ROLE_PROCESS_EXECUTE qui contiennent leurs enfants respectifs. Du coup ROLE_SUPER_ADMIN, contient [ROLE_PROCESS_VIEW, ROLE_PROCESS_EXECUTE].
Ajouter un bout de doc expliquant qu'il suffit de mettre un role_hierarchy: ROLE_ADMIN: [ROLE_PROCESS_VIEW, ROLE_PROCESS_EXECUTE] si on a pas besoin de cette protection.
| code: { | ||
| comparison: '=', | ||
| value: process.code, | ||
| {% if is_granted("ROLE_PROCESS_VIEW##{process.code}", process) %} |
There was a problem hiding this comment.
ajouter ROLE_PROCESS_VIEW
| <td>{% if process.options.ui.source is defined %}{{ process.options.ui.source }}{% endif %}</td> | ||
| <td>{% if process.options.ui.target is defined %}{{ process.options.ui.target }}{% endif %}</td> | ||
| <td class="text-right"> | ||
| {% if is_granted("ROLE_PROCESS_EXECUTE##{process.code}", process) %} |
There was a problem hiding this comment.
Ajouter ROLE_PROCESS_EXECUTE
| $roles = $this->roleHierarchy->getReachableRoleNames($this->getUser()?->getRoles() ?? []); | ||
| $qb = parent::createIndexQueryBuilder($searchDto, $entityDto, $fields, $filters); | ||
| $qb->andWhere( | ||
| $qb->expr()->in( |
There was a problem hiding this comment.
Si l'user a accès a ROLE_PROCESS_VIEW alors ne pas faire le filtrage.
|
|
||
| #[IsGranted('ROLE_USER')] | ||
| #[IsGranted('ROLE_SUPER_ADMIN')] | ||
| class UserCrudController extends AbstractCrudController |
There was a problem hiding this comment.
A voir si on fait une gestion des groupes via une admin ou juste via le security.yaml role_hierarchy.
3 participants
Description
Add permission to view & execute process.
Requirements
Breaking changes