fix permissions

stakovicz · Feb 25, 2024 · ffd792a · ffd792a
1 parent 334827f
commit ffd792a
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 3 deletions.
diff --git a/Makefile b/Makefile
@@ -48,7 +48,7 @@ watch:
 app/config/parameters.yml:
 	cp app/config/parameters.yml.dist-docker app/config/parameters.yml
 
-init:
+init: htdocs/uploads
 	make config
 	make init-db
 
@@ -66,7 +66,7 @@ test:
 	./bin/php-cs-fixer fix --dry-run -vv
 
 
-test-functional: data config htdocs/uploads
+test-functional: data config
 	CURRENT_UID=$(CURRENT_UID) $(DOCKER_COMPOSE_BIN) stop dbtest apachephptest planetetest mailcatcher
 	CURRENT_UID=$(CURRENT_UID) $(DOCKER_COMPOSE_BIN) up -d dbtest apachephptest planetetest mailcatcher
 	CURRENT_UID=$(CURRENT_UID) $(DOCKER_COMPOSE_BIN) run --no-deps --rm cliphp ./bin/behat

diff --git a/app/config/security.yml b/app/config/security.yml
@@ -53,6 +53,7 @@ security:
         - { path: ^/admin/techletter, roles: ROLE_VEILLE }
         - { path: ^/admin/company, roles: ROLE_COMPANY_MANAGER }
         - { path: ^/admin/members/badges, roles: ROLE_ADMIN }
+        - { path: ^/admin/members/users, roles: ROLE_ADMIN }
         - { path: ^/admin/event/speakers-management, roles: ROLE_FORUM }
         - { path: ^/admin/(members/reporting|association/relances|talk|slackmembers/check), roles: ROLE_ADMIN}
         - { path: ^/member, roles: [ROLE_USER, ROLE_MEMBER_EXPIRED]}

diff --git a/sources/AppBundle/Security/LegacyAuthenticator.php b/sources/AppBundle/Security/LegacyAuthenticator.php
@@ -94,7 +94,7 @@ public function onAuthenticationSuccess(Request $request, TokenInterface $token,
             return new RedirectResponse($target_path);
         }
 
-        return new RedirectResponse('/member');
+        return new RedirectResponse('/member/');
     }
 
     /**

diff --git a/tests/behat/features/Admin/AccessCheckMembers.feature b/tests/behat/features/Admin/AccessCheckMembers.feature
@@ -0,0 +1,30 @@
+Feature: Valider les accès depuis un compte membre
+
+  # @reloadDbWithTestData
+  Scenario: L'accès à une personne physique
+    Given I am logged-in with the user "paul" and the password "paul"
+    # Modification
+    When I go to "/admin/members/users/edit?id=5"
+    Then the response status code should be 403
+    # Suppression
+    When I go to "/admin/members/users/delete?id=5"
+    Then the response status code should be 403
+    # Cotisation
+    When I go to "/pages/administration/index.php?page=cotisations&type_personne=0&id_personne=5"
+    Then I should see "Vous n'avez pas le droit d'accéder à cette page"
+
+  @reloadDbWithTestData
+  Scenario: L'accès à une personne morale
+    Given I am logged-in with the user "paul" and the password "paul"
+    # Modification
+    When I go to "/pages/administration/index.php?page=personnes_morales&action=modifier&id=2"
+    Then I should see "Vous n'avez pas le droit d'accéder à cette page"
+    # Cotisation
+    When I go to "/pages/administration/index.php?page=cotisations&type_personne=1&id_personne=2"
+    Then I should see "Vous n'avez pas le droit d'accéder à cette page"
+    # Suppression
+    When I go to "/pages/administration/index.php?page=cotisations&action=supprimer&type_personne=1&id_personne=2&id=7"
+    Then I should see "Vous n'avez pas le droit d'accéder à cette page"
+    # Facture
+    When I go to "/pages/administration/index.php?page=cotisations&action=telecharger_facture&type_personne=1&id_personne=2&id=7"
+    Then I should see "Vous n'avez pas le droit d'accéder à cette page"