Very crude permissions
TODO: Use Symfony Voters
This commit is contained in:
parent
c20ec66f22
commit
b41e394e9c
@ -15,6 +15,15 @@ class VocabFuncContextController extends AbstractController
|
|||||||
#[Route('/vocabs/functional_context', name: 'app_vocab_func_context')]
|
#[Route('/vocabs/functional_context', name: 'app_vocab_func_context')]
|
||||||
public function index(EntityManagerInterface $em): Response
|
public function index(EntityManagerInterface $em): Response
|
||||||
{
|
{
|
||||||
|
$roles = $this->getUser()->getRoles();
|
||||||
|
|
||||||
|
if (! in_array('ROLE_REVISOR', $roles)
|
||||||
|
&& ! in_array('ROLE_ADMIN', $roles)
|
||||||
|
) {
|
||||||
|
$this->addFlash('warning', 'Only revisors and administrators can edit vocabularies');
|
||||||
|
return $this->redirectToRoute('app_home');
|
||||||
|
}
|
||||||
|
|
||||||
$terms = $em->getRepository(VocabFuncContext::class)->findBy([], ['term' => 'ASC']);
|
$terms = $em->getRepository(VocabFuncContext::class)->findBy([], ['term' => 'ASC']);
|
||||||
|
|
||||||
return $this->render('vocab_func_context/index.html.twig', [
|
return $this->render('vocab_func_context/index.html.twig', [
|
||||||
|
|||||||
@ -6,10 +6,21 @@
|
|||||||
<div class="has-text-centered">
|
<div class="has-text-centered">
|
||||||
<img width="200px" src="{{ asset('img/Logo-ArCOA-def.png') }}" />
|
<img width="200px" src="{{ asset('img/Logo-ArCOA-def.png') }}" />
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<h1 class="is-size-1 mt-6 mb-6 has-text-centered">ArCOA Digital Archive</h1>
|
<h1 class="is-size-1 mt-6 mb-6 has-text-centered">ArCOA Digital Archive</h1>
|
||||||
<h2 class="is-size-3 mb-3 has-text-centered">Archivi e Collezioni dell'Oriente Antico</h2>
|
<h2 class="is-size-3 mb-3 has-text-centered">Archivi e Collezioni dell'Oriente Antico</h2>
|
||||||
<h2 class="is-size-3 mb-6 has-text-centered">Archives and Collections of the Ancient Near East</h2>
|
<h2 class="is-size-3 mb-6 has-text-centered">Archives and Collections of the Ancient Near East</h2>
|
||||||
|
|
||||||
|
{% for message in app.flashes('warning') %}
|
||||||
|
<article class="message is-warning" style="max-width: 35vw; margin: 0 auto;">
|
||||||
|
<div class="message-header">
|
||||||
|
<p>Warning</p>
|
||||||
|
<button class="delete" aria-label="delete"></button>
|
||||||
|
</div>
|
||||||
|
<div class="message-body">{{ message }}</div>
|
||||||
|
</article>
|
||||||
|
{% endfor %}
|
||||||
|
|
||||||
<div class="columns" style="max-width: 35vw; margin: 0 auto;">
|
<div class="columns" style="max-width: 35vw; margin: 0 auto;">
|
||||||
<div class="column mt-6 mb-5">
|
<div class="column mt-6 mb-5">
|
||||||
<div class="card content p-4 is-clickable">
|
<div class="card content p-4 is-clickable">
|
||||||
@ -28,5 +39,13 @@
|
|||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
<script type="text/javascript" defer>
|
||||||
|
const warning = document.querySelector('.is-warning');
|
||||||
|
|
||||||
|
if (warning) {
|
||||||
|
warning.querySelector('.delete').addEventListener('click', () => {
|
||||||
|
warning.classList.add('is-hidden');
|
||||||
|
});
|
||||||
|
}
|
||||||
|
</script>
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|||||||
@ -32,13 +32,46 @@
|
|||||||
Administrator
|
Administrator
|
||||||
{% elseif 'ROLE_REVISOR' in app.user.roles %}
|
{% elseif 'ROLE_REVISOR' in app.user.roles %}
|
||||||
Revisor
|
Revisor
|
||||||
|
{% elseif 'ROLE_EDITOR' in app.user.roles %}
|
||||||
|
Editor
|
||||||
{% else %}
|
{% else %}
|
||||||
Reader
|
Reader
|
||||||
{% endif %}
|
{% endif %}
|
||||||
<span class="icon is-small is-size-5 pl-3 has-text-link">
|
|
||||||
<i class="fa fa-question-circle"></i>
|
|
||||||
</span>
|
|
||||||
</p>
|
</p>
|
||||||
|
<article class="message is-info">
|
||||||
|
<div class="message-header">
|
||||||
|
<p>
|
||||||
|
<span class="icon is-small is-size-5 mr-3">
|
||||||
|
<i class="fa fa-info-circle"></i>
|
||||||
|
</span>
|
||||||
|
Role permissions
|
||||||
|
</p>
|
||||||
|
</div>
|
||||||
|
<div class="message-body">
|
||||||
|
{% if 'ROLE_ADMIN' in app.user.roles %}
|
||||||
|
<p>
|
||||||
|
Administrators can create and edit users of the ArCOA data entry system,
|
||||||
|
including changing passwords and user roles, and disabling accounts.
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
They can perform all actions on all records and vocabularies
|
||||||
|
(create, view, edit, delete).
|
||||||
|
</p>
|
||||||
|
{% elseif 'ROLE_REVISOR' in app.user.roles %}
|
||||||
|
<p>Revisors can perform all actions (create, view, edit, delete) on all records and vocabs.</p>
|
||||||
|
{% elseif 'ROLE_EDITOR' in app.user.roles %}
|
||||||
|
<p>
|
||||||
|
Editors can view vocabs, view and search all records, create new records with "draft" or "complete" status,
|
||||||
|
edit their own records and those created by other editors; they can only delete their own records, as long as the status
|
||||||
|
is "draft" or "complete".
|
||||||
|
</p>
|
||||||
|
{% else %}
|
||||||
|
<p>
|
||||||
|
Readers can view and search records that are either published, excluded or unindexed (draft and complete records cannot be viewed).
|
||||||
|
</p>
|
||||||
|
{% endif %}
|
||||||
|
</div>
|
||||||
|
</article>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user