diff --git a/VERSIONS_HOTLINE/59056 b/VERSIONS_HOTLINE/59056
new file mode 100644
index 0000000000000000000000000000000000000000..129202a6480251915964dd08f575425f05dc5e94
--- /dev/null
+++ b/VERSIONS_HOTLINE/59056
@@ -0,0 +1 @@
+ - ticket #59056 : Administration utilisateurs : seuls les administrateurs système peuvent voir et modifier les comptes administrateurs système
\ No newline at end of file
diff --git a/application/modules/admin/controllers/UsersController.php b/application/modules/admin/controllers/UsersController.php
index 610a64070830d15338e4afe02e7729d4e36ce341..68c14a124260e639f5b0d245d72e25747cb8aa8b 100644
--- a/application/modules/admin/controllers/UsersController.php
+++ b/application/modules/admin/controllers/UsersController.php
@@ -29,7 +29,10 @@ class Admin_UsersController extends ZendAfi_Controller_Action {
public function indexAction() {
$this->view->titre = $this->_('Gestion des utilisateurs');
- $this->_helper->userSearch([], new Class_User_SearchCriteria($this->_request->getParams()));
+ $this->_helper
+ ->userSearch([],
+ (new Class_User_SearchCriteria($this->_request->getParams()))
+ ->addCriteria(new Class_User_SearchCriteria_RoleLevelLimit($this->_request->getParams())));
}
diff --git a/library/Class/User/SearchCriteria.php b/library/Class/User/SearchCriteria.php
index 1a2e0738c11f078e792118e299e1b9c052dc155b..8d781c86462f0804befbc8ba49b38170b3475c06 100644
--- a/library/Class/User/SearchCriteria.php
+++ b/library/Class/User/SearchCriteria.php
@@ -64,11 +64,14 @@ class Class_User_SearchCriteria {
->setAttrib('style', 'position: relative')
->setMethod('get');
- $names = [];
- foreach($this->_criteria as $criteria) {
- $form->addElement($criteria->getElement());
- $names[] = $criteria->getName();
- }
+ $names = (new Storm_Collection($this->_criteria))
+ ->select(function($c) { return $c->getElement(); })
+ ->eachDo(function($c) use ($form) { $form->addElement($c->getElement()); })
+ ->collect(function($c) { return $c->getName(); })
+ ->getArrayCopy();
+
+ if (!$names)
+ return $form;
$form->addDisplayGroup($names,
'search_group',
@@ -85,7 +88,7 @@ class Class_User_SearchCriteria {
if ($this->_search_params)
return $this;
- $this->_search_params = ['wheres' => []];
+ $this->_search_params = ['wheres' => []];
foreach($this->_criteria as $criteria)
$criteria->acceptSearchVisitor($this);
diff --git a/library/Class/User/SearchCriteria/RoleLevelLimit.php b/library/Class/User/SearchCriteria/RoleLevelLimit.php
new file mode 100644
index 0000000000000000000000000000000000000000..203bd708c2e674b3a6e5e3bea1a946535550b782
--- /dev/null
+++ b/library/Class/User/SearchCriteria/RoleLevelLimit.php
@@ -0,0 +1,32 @@
+<?php
+/**
+ * Copyright (c) 2012-2017, Agence Française Informatique (AFI). All rights reserved.
+ *
+ * BOKEH is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE as published by
+ * the Free Software Foundation.
+ *
+ * There are special exceptions to the terms and conditions of the AGPL as it
+ * is applied to this software (see README file).
+ *
+ * BOKEH is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * along with BOKEH; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+
+class Class_User_SearchCriteria_RoleLevelLimit extends Class_User_SearchCriteria_Abstract {
+ protected function buildElement() {
+ // not based on form element
+ }
+
+
+ public function acceptSearchVisitor($visitor) {
+ $visitor->addWhereParam('role_level <= ' . Class_Users::getIdentity()->getRoleLevel());
+ }
+}
diff --git a/library/ZendAfi/Controller/Plugin/Manager/User.php b/library/ZendAfi/Controller/Plugin/Manager/User.php
index 2e7a6b6c234b5cde47c6a512cd182db814fe2e6a..34148948ee8ec00ad75a0bdbdf07fbc4ba1397ee 100644
--- a/library/ZendAfi/Controller/Plugin/Manager/User.php
+++ b/library/ZendAfi/Controller/Plugin/Manager/User.php
@@ -33,6 +33,7 @@ class ZendAfi_Controller_Plugin_Manager_User extends ZendAfi_Controller_Plugin_M
return $post;
}
+
protected function _getFormValues($model) {
$array_model=parent::_getFormValues($model);
$array_model['user_group_ids']=implode('-',array_map(function($group) { return $group->getId();},$model->getUserGroups()));
@@ -53,5 +54,7 @@ class ZendAfi_Controller_Plugin_Manager_User extends ZendAfi_Controller_Plugin_M
}
-}
-?>
\ No newline at end of file
+ protected function _canEdit($model) {
+ return $model->getRoleLevel() <= Class_Users::getIdentity()->getRoleLevel();
+ }
+}
\ No newline at end of file
diff --git a/tests/application/modules/admin/controllers/UsersControllerTest.php b/tests/application/modules/admin/controllers/UsersControllerTest.php
index ebe8a4becd432c2aef16aee924ae773bb9cf4d11..d4e011dc38017bdc9025402ff3040d30a50bac2b 100644
--- a/tests/application/modules/admin/controllers/UsersControllerTest.php
+++ b/tests/application/modules/admin/controllers/UsersControllerTest.php
@@ -118,13 +118,13 @@ class UsersControllerIndexTest extends UsersControllerWithMarcusTestCase {
->whenCalled('findAllBy')
->with(['role_level' => 2,
- 'where' => '(STR_TO_DATE(date_fin, \'%Y-%m-%d\') >= CURDATE()) AND (login LIKE "%francis%" OR nom LIKE "%francis%" OR prenom LIKE "%francis%" OR pseudo LIKE "%francis%" OR mail LIKE "%francis%" OR idabon LIKE "%francis%")',
+ 'where' => '(STR_TO_DATE(date_fin, \'%Y-%m-%d\') >= CURDATE()) AND (login LIKE "%francis%" OR nom LIKE "%francis%" OR prenom LIKE "%francis%" OR pseudo LIKE "%francis%" OR mail LIKE "%francis%" OR idabon LIKE "%francis%") AND (role_level <= 7)',
'limitPage' => [1, 20]])
->answers([$francis])
->whenCalled('countBy')
->with(['role_level' => 2,
- 'where' => '(STR_TO_DATE(date_fin, \'%Y-%m-%d\') >= CURDATE()) AND (login LIKE "%francis%" OR nom LIKE "%francis%" OR prenom LIKE "%francis%" OR pseudo LIKE "%francis%" OR mail LIKE "%francis%" OR idabon LIKE "%francis%")'])
+ 'where' => '(STR_TO_DATE(date_fin, \'%Y-%m-%d\') >= CURDATE()) AND (login LIKE "%francis%" OR nom LIKE "%francis%" OR prenom LIKE "%francis%" OR pseudo LIKE "%francis%" OR mail LIKE "%francis%" OR idabon LIKE "%francis%") AND (role_level <= 7)'])
->answers(55)
->beStrict();
@@ -1046,4 +1046,53 @@ class Admin_UsersControllerChangeAdminSkinActionTest extends Admin_AbstractContr
public function userAdminSkinColorShouldRedCss() {
$this->assertEquals('red.css', Class_Users::getIdentity()->getAdminSkin()->getColor());
}
-}
\ No newline at end of file
+}
+
+
+
+class UsersControllerWithAdminPortalTest extends Admin_AbstractControllerTestCase {
+ protected $_storm_default_to_volatile = true;
+
+ public function setUp() {
+ parent::setUp();
+
+ $this->fixture('Class_Users',
+ ['id' => 1,
+ 'login' => 'tom',
+ 'password' => 'rom',
+ 'role_level' => ZendAfi_Acl_AdminControllerRoles::SUPER_ADMIN]);
+
+ ZendAfi_Auth::getInstance()
+ ->logUser($this->fixture('Class_Users',
+ ['id' => 2,
+ 'login' => 'tim',
+ 'password' => 'rim',
+ 'role_level' => ZendAfi_Acl_AdminControllerRoles::ADMIN_PORTAIL]));
+
+ $this->onLoaderOfModel('Class_Users')
+ ->whenCalled('findAllBy')
+ ->with(['where' => '(role_level <= ' . ZendAfi_Acl_AdminControllerRoles::ADMIN_PORTAIL . ')',
+ 'limitPage' => [1, 20]])
+ ->answers([Class_Users::find(2)])
+
+ ->whenCalled('countBy')
+ ->with(['where' => '(role_level <= ' . ZendAfi_Acl_AdminControllerRoles::ADMIN_PORTAIL . ')'])
+ ->answers(1)
+ ;
+ }
+
+
+ /** @test */
+ public function superAdminEditLinkShouldNotBePresentInIndex() {
+ $this->dispatch('/admin/users', true);
+ $this->assertNotXPath('//a[contains(@href, "/users/edit/id/1")]',
+ $this->_response->getBody());
+ }
+
+
+ /** @test */
+ public function tryingToEditSuperAdminshouldRedirectToIndex() {
+ $this->dispatch('/admin/users/edit/id/1', true);
+ $this->assertRedirectTo('/admin/users/index');
+ }
+}