From 6fd8444ac3744e745caa8ae937ef1b18d4642e4d Mon Sep 17 00:00:00 2001 From: xdrm-brackets Date: Mon, 4 Jul 2016 17:44:21 +0200 Subject: [PATCH] =?UTF-8?q?Gestion=20des=20authorisations=20'admin'=20+=20?= =?UTF-8?q?'warehouse'=20compl=C3=A9t=C3=A9e?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config/modules.json | 2 +- config/repositories.json | 14 ++++++++++++++ manager/Authentification.php | 1 - manager/module/machineDefault.php | 2 +- manager/repo/admin.php | 25 +++++++++++++++---------- test/automate.php | 8 ++++++-- 6 files changed, 37 insertions(+), 15 deletions(-) diff --git a/config/modules.json b/config/modules.json index e70a6f3..3671444 100755 --- a/config/modules.json +++ b/config/modules.json @@ -144,7 +144,7 @@ "getById": { "description": "Retourne un utilisateur spécifique.", - "permissions": ["warehouse"], + "permissions": ["warehouse", "admin"], "parameters": { "id_user": { "description": "UID de l'utilisateur.", "type": "id" } }, diff --git a/config/repositories.json b/config/repositories.json index 45fbd5f..2be9ae0 100755 --- a/config/repositories.json +++ b/config/repositories.json @@ -57,6 +57,20 @@ "getByName", "getByToken", + "updateToken" + ], + + "admin": [ + "create", + "edit", + "delete", + + "getAll", + "getById", + "getByUsername", + "getByMail", + "getByToken", + "updateToken" ] diff --git a/manager/Authentification.php b/manager/Authentification.php index c1f7765..08c15b0 100644 --- a/manager/Authentification.php +++ b/manager/Authentification.php @@ -142,7 +142,6 @@ if( !in_array($permission, $_SESSION['PERM']) ) return false; - var_dump('warehouse: ok'); /* [3] Si on a toutes les permissions requises =========================================================*/ diff --git a/manager/module/machineDefault.php b/manager/module/machineDefault.php index babb82c..15c4711 100755 --- a/manager/module/machineDefault.php +++ b/manager/module/machineDefault.php @@ -23,7 +23,7 @@ /* [1] Creation de la machine =========================================================*/ - $create_machine = new Repo('machine/create', [$code, $name]; + $create_machine = new Repo('machine/create', [$code, $name]); $id_machine = $create_machine->answer(); // Si une erreur est retournee, on retourne une erreur diff --git a/manager/repo/admin.php b/manager/repo/admin.php index 8a7c041..10180fc 100644 --- a/manager/repo/admin.php +++ b/manager/repo/admin.php @@ -25,6 +25,7 @@ $check_unique = count(self::getByUsername($username)) == 0; $check_unique = $check_unique && count(self::getByMail($mail)) == 0; + // Si un administrateur a deja cet identifiant ou mail, on renvoie une erreur if( !$check_unique ) return false; @@ -40,12 +41,13 @@ ':token' => sessionManager::secure_sha1( uniqid() ) ]); + /* [3] On retourne l'id_admin ou FALSE si erreur =========================================================*/ $check_admin = self::getByUsername($username); // Si n'existe pas on retourne FALSE - if( !isset($check_admin[0]) || !is_array($check_admin[0]) ) + if( count($check_admin) == 0 ) return false; // Sinon, on retourne son id @@ -116,26 +118,29 @@ public static function edit($id_admin=null, $username=null, $mail=null, $password=null){ /* [1] Verification de l'unicite du nom (name) (si different) =========================================================*/ - // On recupere les administrateurs ayant le meme nom (si existent) - // pour éviter les collisions (car le nom doit être unique) - $getbyuname = self::getByUsername($username); + // On recupere les administrateurs ayant le meme identifant ou mail (si existent) + // pour éviter les collisions (car l'identifiant et le mail doivent être uniques) + $getbyuname = self::getByUsername($username); $getbymail = self::getByMail($mail); - $check_unique = is_array($getbyuname) && $getbyuname['id_user'] == $id_user || !is_array($getbyuname); + $check_unique = count($getbyuname) > 0 && $getbyuname['id_user'] == $id_user || !is_array($getbyuname); + $check_unique = $check_unique && count($getbymail) > 0 && $getbymail['id_user'] == $id_user || !is_array($getbymail); - // Si un utilisateur a deja ce code ou cet username (sauf lui), on renvoie une erreur + // Si un administrateur a deja cet identifiant ou ce mail (excepté lui-même), on renvoie une erreur if( !$check_unique ) return false; /* [2] Modification de l'utilisateur =========================================================*/ $edit_admin = Database::getPDO()->prepare("UPDATE admin - SET name = :name, - password = :password + SET username = :username, + mail = :mail, + password = :password WHERE id_admin = :id_admin"); $edit_admin->execute([ - ':name' => $name, - ':password' => $password, + ':username' => $username, + ':mail' => $mail, + ':password' => $password, ':id_admin' => $id_admin ]); diff --git a/test/automate.php b/test/automate.php index 6c6cc2d..d903930 100755 --- a/test/automate.php +++ b/test/automate.php @@ -313,11 +313,15 @@ function createWarehouse(){ - $insert = new Repo('warehouse/create', array( 'FifthWarehouse', 'MyPassword' ) ); + $insert = new Repo('admin/create', [ + 'FirstAdmin', + 'adminmail@gmail.com', + 'AdminPassword' + ]); var_dump( $insert->answer() ); - $getAll = new Repo('warehouse/getAll'); + $getAll = new Repo('admin/getAll'); }createWarehouse();