Chill-project/chill-bundles
6
0
Fork 0
mirror of https://gitlab.com/Chill-Projet/chill-bundles.git synced 2025-06-14 06:14:23 +00:00
Code Issues Actions Projects Releases Wiki Activity

improve ACL on report creation + various UI improvements

Browse Source 
- show button to update report only to users with correct permissions;
- show new page only to users with correct permissions ;
- rename scope => circle in column, + translations
This commit is contained in:
Julien Fastré 2015-12-14 22:55:13 +01:00
parent 119b3c0bc1
commit 2c89aa4812
4 changed files with 41 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
Controller/ReportController.php
View File

@ -70,6 +70,21 @@ class ReportController extends Controller
*/ */
public function selectReportTypeAction($person_id, Request $request) public function selectReportTypeAction($person_id, Request $request)
{ {
$em = $this->getDoctrine()->getManager();
$person = $em->getRepository('ChillPersonBundle:Person')
->find($person_id);
if ($person === NULL) {
throw $this->createNotFoundException('Person not found!');
}
$this->denyAccessUnlessGranted('CHILL_PERSON_SEE', $person, 'access denied for person view');
// check access on report creation for a dummy report
$this->denyAccessUnlessGranted('CHILL_REPORT_CREATE',
(new Report())->setPerson($person), 'access denied for report creation');
$cFGroupId = $request->query->get('cFGroup'); $cFGroupId = $request->query->get('cFGroup');
if($cFGroupId) { if($cFGroupId) {
@ -78,8 +93,6 @@ class ReportController extends Controller
array('person_id' => $person_id, 'cf_group_id' => $cFGroupId))); array('person_id' => $person_id, 'cf_group_id' => $cFGroupId)));
} }
$em = $this->getDoctrine()->getManager();
$cFGroups = $em->getRepository('ChillCustomFieldsBundle:CustomFieldsGroup') $cFGroups = $em->getRepository('ChillCustomFieldsBundle:CustomFieldsGroup')
->findByEntity('Chill\ReportBundle\Entity\Report'); ->findByEntity('Chill\ReportBundle\Entity\Report');
@ -210,6 +223,9 @@ class ReportController extends Controller
} }
$this->denyAccessUnlessGranted('CHILL_PERSON_SEE', $person); $this->denyAccessUnlessGranted('CHILL_PERSON_SEE', $person);
// check access on report creation for a dummy report
$this->denyAccessUnlessGranted('CHILL_REPORT_CREATE',
(new Report())->setPerson($person), 'access denied for report creation');
if ($cFGroup === NULL){ if ($cFGroup === NULL){
throw $this->createNotFoundException("custom fields group not found"); throw $this->createNotFoundException("custom fields group not found");

18
Resources/views/Report/list.html.twig
View File

@ -26,7 +26,7 @@
<tr> <tr>
<th class="chill-red">{{ 'Date' | trans }}</th> <th class="chill-red">{{ 'Date' | trans }}</th>
<th class="chill-green">{{ 'Report type' | trans }}</th> <th class="chill-green">{{ 'Report type' | trans }}</th>
<th class="chill-orange">{{ 'Report scope' | trans }}</th> <th class="chill-orange">{{ 'Circle' | trans }}</th>
<th></th> <th></th>
<th></th> <th></th>
</tr> </tr>
@ -37,8 +37,20 @@
<td>{% if report.date %}{{ report.date|localizeddate('long', 'none') }}{% endif %}</td> <td>{% if report.date %}{{ report.date|localizeddate('long', 'none') }}{% endif %}</td>
<td>{{ report.cFGroup.getName(app.request.locale) }}</td> <td>{{ report.cFGroup.getName(app.request.locale) }}</td>
<td>{{ report.scope.name|localize_translatable_string }}</td> <td>{{ report.scope.name|localize_translatable_string }}</td>
<td><a href="{{ path('report_view', { 'person_id': report.person.id, 'report_id': report.id }) }}" class="sc-button black">{{ 'View' | trans }}</a></td> <td>
<td><a href="{{ path('report_edit', { 'person_id': report.person.id, 'report_id': report.id }) }}" class="sc-button bt-update">{{ 'Update' | trans }}</a></td> <ul class="record_actions">
{% if is_granted('CHILL_REPORT_SEE', report) %}
<li>
<a href="{{ path('report_view', { 'person_id': report.person.id, 'report_id': report.id }) }}" class="sc-button black">{{ 'View the report' | trans | capitalize }}</a>
</li>
{% endif %}
{% if is_granted('CHILL_REPORT_UPDATE', report) %}
<li>
<a href="{{ path('report_edit', { 'person_id': report.person.id, 'report_id': report.id }) }}" class="sc-button bt-update">{{ 'Update' | trans }}</a>
</li>
{% endif %}
</ul>
</td>
</tr> </tr>
{% endfor %} {% endfor %}
</tbody> </tbody>

4
Resources/views/Report/new.html.twig
View File

@ -23,7 +23,9 @@
{% block personcontent %} {% block personcontent %}
{{ form_start(form) }} {{ form_start(form) }}
{{ form_widget(form) }} {{ form_row(form.user) }}
{{ form_row(form.date) }}
{{ form_row(form.scope) }}
<div class="grid-12 centered sticky-form-buttons"> <div class="grid-12 centered sticky-form-buttons">
<button class="sc-button green margin-10" type="submit"><i class="fa fa-save"></i> {{ 'Add report'|trans }}</button> <button class="sc-button green margin-10" type="submit"><i class="fa fa-save"></i> {{ 'Add report'|trans }}</button>
</div> </div>

9
Resources/views/Report/view.html.twig
View File

@ -27,8 +27,8 @@
<dl> <dl>
<dt>{{ 'Person'|trans }}&nbsp;:</dt> <dt>{{ 'Person'|trans }}&nbsp;:</dt>
<dd>{{ entity.person }}</dd> <dd>{{ entity.person }}</dd>
<dt>{{ 'Scope'|trans }}&nbsp;:</dt> <dt>{{ 'Circle'|trans }}&nbsp;:</dt>
<dd><span class="scope">{{ entity.scope.name|localize_translatable_string }}</span></dd> <dd><span class="scope circle">{{ entity.scope.name|localize_translatable_string }}</span></dd>
<dt>{{ 'Date'|trans }}&nbsp;:</dt> <dt>{{ 'Date'|trans }}&nbsp;:</dt>
<dd>{{ entity.date|localizeddate('long', 'none') }}</dd> <dd>{{ entity.date|localizeddate('long', 'none') }}</dd>
<dt>{{ 'User'|trans }}&nbsp;:</dt> <dt>{{ 'User'|trans }}&nbsp;:</dt>
@ -38,7 +38,8 @@
{{ chill_custom_fields_group_widget(entity.cFData, entity.cFGroup) }} {{ chill_custom_fields_group_widget(entity.cFData, entity.cFGroup) }}
</dl> </dl>
{% if is_granted('CHILL_REPORT_UPDATE', entity) %}
<a class="sc-button bt-update" href="{{ path('report_edit', { 'person_id': entity.person.id, 'report_id': entity.id }) }}"><i class="fa fa-pencil"></i> {{ 'Update the report' | trans }}</a> <a class="sc-button bt-update" href="{{ path('report_edit', { 'person_id': entity.person.id, 'report_id': entity.id }) }}"><i class="fa fa-pencil"></i> {{ 'Update the report' | trans }}</a>
{% endif %}
{% endblock %} {% endblock %}