ElPoyo/EM2_ERP
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refacto : on ne verifie plus le role admin mais les permissions du role

Browse Source
This commit is contained in:
PC-PAUL\paulf
2025-05-25 21:56:07 +02:00
parent 851b891a8a
commit 82d77e2b8d
10 changed files with 228 additions and 289 deletions
Download Patch File Download Diff File Expand all files Collapse all files

90
em2rp/firestore.rules
View File

@ -1,90 +0,0 @@
rules_version = '2';
service cloud.firestore {
match /databases/{database}/documents {
// Fonction pour vérifier si l'utilisateur est authentifié
function isAuthenticated() {
return request.auth != null;
}
function getUserRole() {
let userData = get(/databases/$(database)/documents/users/$(request.auth.uid)).data;
return userData != null ? userData.role : null;
}
// Fonction pour vérifier si l'utilisateur est un admin
function isAdmin() {
return isAuthenticated() && getUserRole() == 'ADMIN';
}
function isOwner(userId) {
return isAuthenticated() && request.auth.uid == userId;
}
// Nouvelle fonction pour vérifier si un CREW est assigné à un événement du client
function isAssignedToClientEvent(clientId) {
let events = getAfter(/databases/$(database)/documents/events)
.where("clientId", "==", clientId)
.where("assignedUsers." + request.auth.uid, "==", true).limit(1);
return events.size() > 0;
}
// Fonction pour vérifier si c'est le premier utilisateur
function isFirstUser() {
return !exists(/databases/$(database)/documents/users);
}
// Fonction pour vérifier si c'est une mise à jour de l'UID
function isUidUpdate() {
return request.resource.data.diff(resource.data).affectedKeys().hasOnly(['uid']);
}
// Règles pour la collection users
match /users/{userId} {
allow read: if isAuthenticated() && (isAdmin() || isOwner(userId));
// Permettre la création si admin OU si l'utilisateur crée son propre document
allow create: if isAdmin() || (isAuthenticated() && request.auth.uid == userId);
allow update: if isAdmin() ||
(isOwner(userId) &&
request.resource.data.diff(resource.data).affectedKeys()
.hasOnly(['phoneNumber', 'profilePhotoUrl', 'firstName', 'lastName', 'role']));
allow delete: if isAdmin();
}
// Règles pour la collection clients
match /clients/{clientId} {
// Lecture :
// - Les admins peuvent tout voir
// - Les CREW ne peuvent voir que les clients liés à leurs événements
allow read: if isAdmin() ||
(getUserRole() == 'CREW' && isAssignedToClientEvent(clientId));
// Création, modification et suppression : Seuls les admins
allow create, update, delete: if isAdmin();
}
// Règles pour la collection events (prestations)
match /events/{eventId} {
allow read: if isAdmin() ||
(isAuthenticated() && (resource.data.assignedUsers[request.auth.uid] == true));
allow create, update: if isAdmin();
allow delete: if isAdmin();
}
// Règles pour la collection quotes (devis)
match /quotes/{quoteId} {
allow read, write: if isAdmin();
}
// Règles pour la collection invoices (factures)
match /invoices/{invoiceId} {
allow read, write: if isAdmin();
}
// Règles pour les autres collections
match /{document=**} {
// Par défaut, refuser l'accès
allow read, write: if false;
}
}
}

4
em2rp/lib/main.dart
View File

@ -96,8 +96,8 @@ class MyApp extends StatelessWidget {
'/login': (context) => const LoginPage(), '/login': (context) => const LoginPage(),
'/calendar': (context) => const AuthGuard(child: CalendarPage()), '/calendar': (context) => const AuthGuard(child: CalendarPage()),
'/my_account': (context) => const AuthGuard(child: MyAccountPage()), '/my_account': (context) => const AuthGuard(child: MyAccountPage()),
'/user_management': (context) => '/user_management': (context) => const AuthGuard(
const AuthGuard(requiredRole: "ADMIN", child: UserManagementPage()), requiredPermission: "view_all_users", child: UserManagementPage()),
'/reset_password': (context) { '/reset_password': (context) {
final args = ModalRoute.of(context)!.settings.arguments final args = ModalRoute.of(context)!.settings.arguments
as Map<String, dynamic>; as Map<String, dynamic>;

2
em2rp/lib/models/user_model.dart
View File

@ -46,7 +46,7 @@ class UserModel {
return { return {
'firstName': firstName, 'firstName': firstName,
'lastName': lastName, 'lastName': lastName,
'role': role, 'role': FirebaseFirestore.instance.collection('roles').doc(role),
'profilePhotoUrl': profilePhotoUrl, 'profilePhotoUrl': profilePhotoUrl,
'email': email, 'email': email,
'phoneNumber': phoneNumber, 'phoneNumber': phoneNumber,

16
em2rp/lib/providers/users_provider.dart
View File

@ -38,14 +38,16 @@ class UsersProvider with ChangeNotifier {
} }
/// Mise à jour d'un utilisateur /// Mise à jour d'un utilisateur
Future<void> updateUser(UserModel user) async { Future<void> updateUser(UserModel user, {String? roleId}) async {
try { try {
await _firestore.collection('users').doc(user.uid).update({ await _firestore.collection('users').doc(user.uid).update({
'firstName': user.firstName, 'firstName': user.firstName,
'lastName': user.lastName, 'lastName': user.lastName,
'email': user.email, 'email': user.email,
'phoneNumber': user.phoneNumber, 'phoneNumber': user.phoneNumber,
'role': user.role, 'role': roleId != null
? _firestore.collection('roles').doc(roleId)
: user.role,
'profilePhotoUrl': user.profilePhotoUrl, 'profilePhotoUrl': user.profilePhotoUrl,
}); });
@ -77,8 +79,8 @@ class UsersProvider with ChangeNotifier {
await _userService.resetPassword(email); await _userService.resetPassword(email);
} }
Future<void> createUserWithEmailInvite( Future<void> createUserWithEmailInvite(BuildContext context, UserModel user,
BuildContext context, UserModel user) async { {String? roleId}) async {
String? authUid; String? authUid;
try { try {
@ -115,7 +117,9 @@ class UsersProvider with ChangeNotifier {
'lastName': user.lastName, 'lastName': user.lastName,
'email': user.email, 'email': user.email,
'phoneNumber': user.phoneNumber, 'phoneNumber': user.phoneNumber,
'role': user.role, 'role': roleId != null
? _firestore.collection('roles').doc(roleId)
: user.role,
'profilePhotoUrl': user.profilePhotoUrl, 'profilePhotoUrl': user.profilePhotoUrl,
'createdAt': FieldValue.serverTimestamp(), 'createdAt': FieldValue.serverTimestamp(),
}); });
@ -143,7 +147,7 @@ class UsersProvider with ChangeNotifier {
lastName: user.lastName, lastName: user.lastName,
email: user.email, email: user.email,
phoneNumber: user.phoneNumber, phoneNumber: user.phoneNumber,
role: user.role, role: roleId ?? user.role,
profilePhotoUrl: user.profilePhotoUrl, profilePhotoUrl: user.profilePhotoUrl,
); );
_users.add(newUser); _users.add(newUser);

12
em2rp/lib/utils/auth_guard_widget.dart
View File

@ -5,13 +5,12 @@ import 'package:em2rp/views/login_page.dart';
class AuthGuard extends StatelessWidget { class AuthGuard extends StatelessWidget {
final Widget child; final Widget child;
final String? final String? requiredPermission;
requiredRole; // Si non null, la page est réservée à ce rôle (ex: "ADMIN")
const AuthGuard({ const AuthGuard({
super.key, super.key,
required this.child, required this.child,
this.requiredRole, this.requiredPermission,
}); });
@override @override
@ -20,13 +19,12 @@ class AuthGuard extends StatelessWidget {
// Si l'utilisateur n'est pas connecté // Si l'utilisateur n'est pas connecté
if (localAuthProvider.currentUser == null) { if (localAuthProvider.currentUser == null) {
// Retourne la page de connexion.
// Vous pouvez aussi déclencher une redirection automatique si nécessaire.
return const LoginPage(); return const LoginPage();
} }
// Si la page requiert un rôle spécifique et que l'utilisateur ne le possède pas // Si la page requiert une permission spécifique et que l'utilisateur ne la possède pas
if (requiredRole != null && localAuthProvider.role != requiredRole) { if (requiredPermission != null &&
!localAuthProvider.hasPermission(requiredPermission!)) {
return Scaffold( return Scaffold(
appBar: AppBar(title: const Text("Accès refusé")), appBar: AppBar(title: const Text("Accès refusé")),
body: const Center( body: const Center(

3
em2rp/lib/utils/constants.dart
View File

@ -1,3 +0,0 @@
class Constants {
static const List<String> userRoles = ['USER', 'ADMIN'];
}

2
em2rp/lib/views/calendar_page.dart
View File

@ -57,7 +57,7 @@ class _CalendarPageState extends State<CalendarPage> {
Widget build(BuildContext context) { Widget build(BuildContext context) {
final eventProvider = Provider.of<EventProvider>(context); final eventProvider = Provider.of<EventProvider>(context);
final localUserProvider = Provider.of<LocalUserProvider>(context); final localUserProvider = Provider.of<LocalUserProvider>(context);
final isAdmin = localUserProvider.role == 'ADMIN'; final isAdmin = localUserProvider.hasPermission('view_all_users');
final isMobile = MediaQuery.of(context).size.width < 600; final isMobile = MediaQuery.of(context).size.width < 600;
if (eventProvider.isLoading) { if (eventProvider.isLoading) {

72
em2rp/lib/views/user_management_page.dart
View File

@ -9,6 +9,7 @@ import 'package:em2rp/utils/colors.dart';
import 'package:em2rp/utils/permission_gate.dart'; import 'package:em2rp/utils/permission_gate.dart';
import 'package:em2rp/models/role_model.dart'; import 'package:em2rp/models/role_model.dart';
import 'package:em2rp/views/widgets/custom_app_bar.dart'; import 'package:em2rp/views/widgets/custom_app_bar.dart';
import 'package:cloud_firestore/cloud_firestore.dart';
class UserManagementPage extends StatefulWidget { class UserManagementPage extends StatefulWidget {
const UserManagementPage({super.key}); const UserManagementPage({super.key});
@ -110,7 +111,20 @@ class _UserManagementPageState extends State<UserManagementPage> {
final lastNameController = TextEditingController(); final lastNameController = TextEditingController();
final emailController = TextEditingController(); final emailController = TextEditingController();
final phoneController = TextEditingController(); final phoneController = TextEditingController();
String selectedRole = 'ADMIN'; String? selectedRoleId;
List<RoleModel> availableRoles = [];
bool isLoadingRoles = true;
Future<void> _loadRoles() async {
final snapshot =
await FirebaseFirestore.instance.collection('roles').get();
availableRoles = snapshot.docs
.map((doc) => RoleModel.fromMap(doc.data(), doc.id))
.toList();
selectedRoleId =
availableRoles.isNotEmpty ? availableRoles.first.id : null;
isLoadingRoles = false;
}
InputDecoration buildInputDecoration(String label, IconData icon) { InputDecoration buildInputDecoration(String label, IconData icon) {
return InputDecoration( return InputDecoration(
@ -130,7 +144,10 @@ class _UserManagementPageState extends State<UserManagementPage> {
showDialog( showDialog(
context: context, context: context,
builder: (context) => Dialog( builder: (context) => FutureBuilder(
future: _loadRoles(),
builder: (context, snapshot) {
return Dialog(
shape: RoundedRectangleBorder( shape: RoundedRectangleBorder(
borderRadius: BorderRadius.circular(16), borderRadius: BorderRadius.circular(16),
), ),
@ -161,8 +178,8 @@ class _UserManagementPageState extends State<UserManagementPage> {
children: [ children: [
TextField( TextField(
controller: firstNameController, controller: firstNameController,
decoration: decoration: buildInputDecoration(
buildInputDecoration('Prénom', Icons.person_outline), 'Prénom', Icons.person_outline),
), ),
const SizedBox(height: 16), const SizedBox(height: 16),
TextField( TextField(
@ -172,8 +189,8 @@ class _UserManagementPageState extends State<UserManagementPage> {
const SizedBox(height: 16), const SizedBox(height: 16),
TextField( TextField(
controller: emailController, controller: emailController,
decoration: decoration: buildInputDecoration(
buildInputDecoration('Email', Icons.email_outlined), 'Email', Icons.email_outlined),
keyboardType: TextInputType.emailAddress, keyboardType: TextInputType.emailAddress,
), ),
const SizedBox(height: 16), const SizedBox(height: 16),
@ -184,19 +201,21 @@ class _UserManagementPageState extends State<UserManagementPage> {
keyboardType: TextInputType.phone, keyboardType: TextInputType.phone,
), ),
const SizedBox(height: 16), const SizedBox(height: 16),
DropdownButtonFormField<String>( isLoadingRoles
value: selectedRole, ? const CircularProgressIndicator()
decoration: buildInputDecoration( : DropdownButtonFormField<String>(
'Rôle', Icons.admin_panel_settings_outlined), value: selectedRoleId,
items: ['ADMIN', 'CREW'].map((String role) { decoration: buildInputDecoration('Rôle',
Icons.admin_panel_settings_outlined),
items: availableRoles.map((role) {
return DropdownMenuItem<String>( return DropdownMenuItem<String>(
value: role, value: role.id,
child: Text(role), child: Text(role.name),
); );
}).toList(), }).toList(),
onChanged: (String? newValue) { onChanged: (String? newValue) {
if (newValue != null) { if (newValue != null) {
selectedRole = newValue; selectedRoleId = newValue;
} }
}, },
), ),
@ -223,7 +242,8 @@ class _UserManagementPageState extends State<UserManagementPage> {
onPressed: () async { onPressed: () async {
if (emailController.text.isEmpty || if (emailController.text.isEmpty ||
firstNameController.text.isEmpty || firstNameController.text.isEmpty ||
lastNameController.text.isEmpty) { lastNameController.text.isEmpty ||
selectedRoleId == null) {
ScaffoldMessenger.of(context).showSnackBar( ScaffoldMessenger.of(context).showSnackBar(
const SnackBar( const SnackBar(
content: Text( content: Text(
@ -233,7 +253,6 @@ class _UserManagementPageState extends State<UserManagementPage> {
); );
return; return;
} }
try { try {
final newUser = UserModel( final newUser = UserModel(
uid: '', // Sera généré par Firebase uid: '', // Sera généré par Firebase
@ -241,23 +260,14 @@ class _UserManagementPageState extends State<UserManagementPage> {
lastName: lastNameController.text, lastName: lastNameController.text,
email: emailController.text, email: emailController.text,
phoneNumber: phoneController.text, phoneNumber: phoneController.text,
role: selectedRole, role: selectedRoleId!,
profilePhotoUrl: '', profilePhotoUrl: '',
); );
await Provider.of<UsersProvider>(context,
final scaffoldMessenger = ScaffoldMessenger.of(context); listen: false)
await Provider.of<UsersProvider>(context, listen: false) .createUserWithEmailInvite(context, newUser,
.createUserWithEmailInvite(context, newUser); roleId: selectedRoleId);
if (context.mounted) {
Navigator.pop(context); Navigator.pop(context);
scaffoldMessenger.showSnackBar(
const SnackBar(
content: Text('Invitation envoyée avec succès'),
backgroundColor: Colors.green,
),
);
}
} catch (e) { } catch (e) {
if (context.mounted) { if (context.mounted) {
ScaffoldMessenger.of(context).showSnackBar( ScaffoldMessenger.of(context).showSnackBar(
@ -288,6 +298,8 @@ class _UserManagementPageState extends State<UserManagementPage> {
], ],
), ),
), ),
);
},
), ),
); );
} }

2
em2rp/lib/views/widgets/calendar_widgets/event_details.dart
View File

@ -31,7 +31,7 @@ class EventDetails extends StatelessWidget {
..sort((a, b) => a.startDateTime.compareTo(b.startDateTime)); ..sort((a, b) => a.startDateTime.compareTo(b.startDateTime));
final currentIndex = sortedEvents.indexWhere((e) => e.id == event.id); final currentIndex = sortedEvents.indexWhere((e) => e.id == event.id);
final localUserProvider = Provider.of<LocalUserProvider>(context); final localUserProvider = Provider.of<LocalUserProvider>(context);
final isAdmin = localUserProvider.role == 'ADMIN'; final isAdmin = localUserProvider.hasPermission('view_all_users');
return Card( return Card(
margin: const EdgeInsets.all(16), margin: const EdgeInsets.all(16),

46
em2rp/lib/views/widgets/user_management/edit_user_dialog.dart
View File

@ -3,6 +3,8 @@ import 'package:provider/provider.dart';
import 'package:em2rp/models/user_model.dart'; import 'package:em2rp/models/user_model.dart';
import 'package:em2rp/providers/users_provider.dart'; import 'package:em2rp/providers/users_provider.dart';
import 'package:em2rp/utils/colors.dart'; import 'package:em2rp/utils/colors.dart';
import 'package:cloud_firestore/cloud_firestore.dart';
import 'package:em2rp/models/role_model.dart';
class EditUserDialog extends StatefulWidget { class EditUserDialog extends StatefulWidget {
final UserModel user; final UserModel user;
@ -17,9 +19,9 @@ class _EditUserDialogState extends State<EditUserDialog> {
late final TextEditingController lastNameController; late final TextEditingController lastNameController;
late final TextEditingController emailController; late final TextEditingController emailController;
late final TextEditingController phoneController; late final TextEditingController phoneController;
String selectedRole = ''; String? selectedRoleId;
List<RoleModel> availableRoles = [];
static const List<String> roles = ['ADMIN', 'CREW']; bool isLoadingRoles = true;
@override @override
void initState() { void initState() {
@ -28,7 +30,20 @@ class _EditUserDialogState extends State<EditUserDialog> {
lastNameController = TextEditingController(text: widget.user.lastName); lastNameController = TextEditingController(text: widget.user.lastName);
emailController = TextEditingController(text: widget.user.email); emailController = TextEditingController(text: widget.user.email);
phoneController = TextEditingController(text: widget.user.phoneNumber); phoneController = TextEditingController(text: widget.user.phoneNumber);
selectedRole = widget.user.role.isEmpty ? roles.first : widget.user.role; _loadRoles();
}
Future<void> _loadRoles() async {
final snapshot = await FirebaseFirestore.instance.collection('roles').get();
setState(() {
availableRoles = snapshot.docs
.map((doc) => RoleModel.fromMap(doc.data(), doc.id))
.toList();
selectedRoleId = widget.user.role.isEmpty
? (availableRoles.isNotEmpty ? availableRoles.first.id : null)
: widget.user.role;
isLoadingRoles = false;
});
} }
@override @override
@ -111,20 +126,22 @@ class _EditUserDialogState extends State<EditUserDialog> {
keyboardType: TextInputType.phone, keyboardType: TextInputType.phone,
), ),
const SizedBox(height: 16), const SizedBox(height: 16),
DropdownButtonFormField<String>( isLoadingRoles
value: selectedRole, ? const CircularProgressIndicator()
: DropdownButtonFormField<String>(
value: selectedRoleId,
decoration: _buildInputDecoration( decoration: _buildInputDecoration(
'Rôle', Icons.admin_panel_settings_outlined), 'Rôle', Icons.admin_panel_settings_outlined),
items: roles.map((String role) { items: availableRoles.map((role) {
return DropdownMenuItem<String>( return DropdownMenuItem<String>(
value: role, value: role.id,
child: Text(role), child: Text(role.name),
); );
}).toList(), }).toList(),
onChanged: (String? newValue) { onChanged: (String? newValue) {
if (newValue != null) { if (newValue != null) {
setState(() { setState(() {
selectedRole = newValue; selectedRoleId = newValue;
}); });
} }
}, },
@ -149,16 +166,17 @@ class _EditUserDialogState extends State<EditUserDialog> {
), ),
const SizedBox(width: 8), const SizedBox(width: 8),
ElevatedButton( ElevatedButton(
onPressed: () { onPressed: () async {
if (selectedRoleId == null) return;
final updatedUser = widget.user.copyWith( final updatedUser = widget.user.copyWith(
firstName: firstNameController.text, firstName: firstNameController.text,
lastName: lastNameController.text, lastName: lastNameController.text,
email: emailController.text, email: emailController.text,
phoneNumber: phoneController.text, phoneNumber: phoneController.text,
role: selectedRole, role: selectedRoleId,
); );
Provider.of<UsersProvider>(context, listen: false) await Provider.of<UsersProvider>(context, listen: false)
.updateUser(updatedUser); .updateUser(updatedUser, roleId: selectedRoleId);
Navigator.pop(context); Navigator.pop(context);
}, },
style: ElevatedButton.styleFrom( style: ElevatedButton.styleFrom(