rights configuration refactoring

config/abilities/pages/addressBook.yaml

@@ -1,49 +1,37 @@
   accesses_page:
     action: 'display'
-    services:
-      access :
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'users'}]}
-      organization  :
-        - {function: hasAllModules, parameters: ['Users']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['Users']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'users'}]}
 
   student_registration_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'student-registration'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['UsersSchool']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['UsersSchool']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'student-registration'}]}
 
   education_student_next_year_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'educationstudent'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['PedagogicsAdministation']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['PedagogicsAdministation']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'educationstudent'}]}
 
   commissions_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'commissions'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['Users']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['Users']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'commissions'}]}
 
   network_children_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'network'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['Network']}
-        - {function: isOrganizationWithChildren}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['Network']}
+      - {function: organizationHasChildren}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'network'}]}
 
   network_parents_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'core'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['NetworkOrganization']}
-        - {function: isOrganizationWithChildren, result: false}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['NetworkOrganization']}
+      - {function: organizationHasChildren, expectedResult: false}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'core'}]}

config/abilities/pages/admin2ios.yaml

@@ -1,47 +1,37 @@
   all_accesses_page:
     action: 'display'
-    services:
-      access :
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'user'}]}
-      organization  :
-        - {function: hasAllModules, parameters: ['Admin2IOS']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['Admin2IOS']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'user'}]}
 
   all_organizations_page:
     action: 'display'
-    services:
-      access :
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'organization'}]}
-      organization  :
-        - {function: hasAllModules, parameters: ['Admin2IOS']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['Admin2IOS']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'organization'}]}
 
   tips_page:
     action: 'display'
-    services:
-      access :
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'tips'}]}
-      organization  :
-        - {function: hasAllModules, parameters: ['CorePremium']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['CorePremium']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'tips'}]}
 
   dgv_page:
     action: 'display'
-    services:
-      organization  :
-        - {function: hasAllModules, parameters: ['Admin2IOS']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['Admin2IOS']}
 
   cmf_cotisation_page:
     action: 'display'
-    services:
-      organization  :
-        - {function: hasAllModules, parameters: ['Admin2IOS']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['Admin2IOS']}
 
   right_page:
     action: 'display'
-    services:
-      organization  :
-        - {function: hasAllModules, parameters: ['Admin2IOS']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['Admin2IOS']}
 
   tree_page:
     action: 'display'
-    services:
-      organization  :
-        - {function: hasAllModules, parameters: ['Admin2IOS']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['Admin2IOS']}

config/abilities/pages/billing.yaml

@@ -1,63 +1,47 @@
   billing_product_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'billings-administration'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['BillingAdministration']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['BillingAdministration']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'billings-administration'}]}
 
   billing_products_by_student_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'pedagogics-administration'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['BillingAdministration']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['BillingAdministration']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'pedagogics-administration'}]}
 
   billing_edition_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'manage', subject: 'billings-administration'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['BillingAdministration']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['BillingAdministration']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'manage', subject: 'billings-administration'}]}
 
   billing_accounting_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'billings-administration'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['BillingAdministration']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['BillingAdministration']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'billings-administration'}]}
 
   billing_payment_list_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'billings-administration'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['BillingAdministration']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['BillingAdministration']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'billings-administration'}]}
 
   pes_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'manage', subject: 'billings-administration'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['Pes']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['Pes']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'manage', subject: 'billings-administration'}]}
 
   berger_levrault_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'manage', subject: 'billings-administration'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['BergerLevrault']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['BergerLevrault']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'manage', subject: 'billings-administration'}]}
 
   jvs_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'manage', subject: 'billings-administration'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['Jvs']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['Jvs']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'manage', subject: 'billings-administration'}]}

config/abilities/pages/communication.yaml

@@ -1,35 +1,29 @@
   inbox_page:
     action: 'display'
-    services:
-      access:
-        - function: hasAllRoleAbilities
-          parameters:
-            - {action: 'read', subject: 'mails'}
-            - {action: 'read', subject: 'emails'}
-            - {action: 'read', subject: 'texto'}
-      organization:
-        - {function: hasAllModules, parameters: ['MessagesAdvanced']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['MessagesAdvanced']}
+      - function: accessHasAnyRoleAbility
+        parameters:
+          - {action: 'read', subject: 'mails'}
+          - {action: 'read', subject: 'emails'}
+          - {action: 'read', subject: 'texto'}
 
   message_send_page:
     action: 'display'
-    services:
-      access:
-        - function: hasAllRoleAbilities
-          parameters:
-            - {action: 'read', subject: 'mails'}
-            - {action: 'read', subject: 'emails'}
-            - {action: 'read', subject: 'texto'}
-      organization:
-        - {function: hasAllModules, parameters: ['MessagesAdvanced']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['MessagesAdvanced']}
+      - function: accessHasAnyRoleAbility
+        parameters:
+          - {action: 'read', subject: 'mails'}
+          - {action: 'read', subject: 'emails'}
+          - {action: 'read', subject: 'texto'}
 
   message_templates_page:
     action: 'display'
-    services:
-      access:
-        - function: hasAllRoleAbilities
-          parameters:
-            - {action: 'read', subject: 'mails'}
-            - {action: 'read', subject: 'emails'}
-            - {action: 'read', subject: 'texto'}
-      organization:
-        - {function: hasAllModules, parameters: ['MessagesAdvanced']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['MessagesAdvanced']}
+      - function: accessHasAnyRoleAbility
+        parameters:
+          - {action: 'read', subject: 'mails'}
+          - {action: 'read', subject: 'emails'}
+          - {action: 'read', subject: 'texto'}

config/abilities/pages/cotisations.yaml

@@ -1,135 +1,101 @@
   rate_cotisation_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'cotisation'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['CotisationRate', 'CotisationCall']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['CotisationRate', 'CotisationCall']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'cotisation'}]}
 
   parameters_cotisation_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'cotisation'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['CotisationCall']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['CotisationCall']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'cotisation'}]}
 
   send_cotisation_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'cotisation'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['CotisationCall']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['CotisationCall']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'cotisation'}]}
 
   state_cotisation_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'cotisation'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['CotisationCall']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['CotisationCall']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'cotisation'}]}
 
   pay_cotisation_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'cotisation'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['CotisationCall']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['CotisationCall']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'cotisation'}]}
 
   check_cotisation_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'cotisation'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['CotisationCall']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['CotisationCall']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'cotisation'}]}
 
   ledger_cotisation_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'cotisation'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['CotisationCall']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['CotisationCall']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'cotisation'}]}
 
   magazine_cotisation_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'cotisation'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['CotisationCMFAdministration']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['CotisationCMFAdministration']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'cotisation'}]}
 
   ventilated_cotisation_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'cotisation'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['CotisationCall']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['CotisationCall']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'cotisation'}]}
 
   pay_erase_cotisation_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'cotisation'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['CotisationCall']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['CotisationCall']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'cotisation'}]}
 
   resume_cotisation_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'cotisation'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['CotisationTransmissionState']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['CotisationTransmissionState']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'cotisation'}]}
 
   history_cotisation_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'cotisation'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['CotisationCall']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['CotisationCall']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'cotisation'}]}
 
   call_cotisation_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'cotisation'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['CotisationStructure']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['CotisationStructure']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'cotisation'}]}
 
   history_structure_cotisation_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'cotisation'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['CotisationStructure']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['CotisationStructure']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'cotisation'}]}
 
   insurance_cotisation_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'cotisation'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['CotisationStructure', 'CotisationTransmissionState']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['CotisationStructure', 'CotisationTransmissionState']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'cotisation'}]}
 
   resume_all_cotisation_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'cotisation'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['CotisationTransmission']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['CotisationTransmission']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'cotisation'}]}
 
   resume_pay_cotisation_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'cotisation'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['CotisationTransmission']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['CotisationTransmission']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'cotisation'}]}

config/abilities/pages/donor.yaml

@@ -1,7 +1,5 @@
   donors_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'donors'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['Donors']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['Donors']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'donors'}]}

config/abilities/pages/educational.yaml

@@ -1,55 +1,41 @@
   criteria_notations_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'pedagogics-administration'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['PedagogicsAdministation']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['PedagogicsAdministation']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'pedagogics-administration'}]}
 
   education_notation_config_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'pedagogics-administration'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['AdvancedEducationNotation']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['AdvancedEducationNotation']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'pedagogics-administration'}]}
 
   seizure_period_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'pedagogics-administration'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['PedagogicsAdministation']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['PedagogicsAdministation']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'pedagogics-administration'}]}
 
   test_seizure_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'pedagogics-seizure'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['PedagogicsSeizure']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['PedagogicsSeizure']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'pedagogics-seizure'}]}
 
   test_validation_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'pedagogics-administration'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['PedagogicsAdministation']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['PedagogicsAdministation']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'pedagogics-administration'}]}
 
   examen_results_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'pedagogics-administration'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['PedagogicsAdministation']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['PedagogicsAdministation']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'pedagogics-administration'}]}
 
   education_by_student_validation_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'pedagogics-seizure'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['PedagogicsSeizure']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['PedagogicsSeizure']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'pedagogics-seizure'}]}

config/abilities/pages/equipment.yaml

@@ -1,7 +1,5 @@
   equipment_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'equipments'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['Equipments']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['Equipments']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'equipments'}]}

config/abilities/pages/medals.yaml

@@ -1,7 +1,5 @@
   medals_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'medals'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['Medals']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['Medals']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'medals'}]}

config/abilities/pages/myAccount.yaml

@@ -1,102 +1,82 @@
   my_schedule_page:
     action: 'display'
-    services:
-      access:
-        - { function: isAdminAccount, result: false }
+    conditions:
+      - { function: accessIsAdminAccount, expectedResult: false }
 
   attendance_bookings_page:
     action: 'display'
-    services:
-      access:
-        # TODO: l'action write existe-t-elle?
-        - { function: hasAllRoleAbilities, parameters: [{action: 'write', subject: 'attendances'}] }
-        - { function: isAdminAccount, result: false }
-      organization:
-        - {function: hasAllModules, parameters: ['Attendances']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['Attendances']}
+      # TODO: l'action write existe-t-elle?
+      - { function: accessHasAnyRoleAbility, parameters: [{action: 'write', subject: 'attendances'}] }
+      - { function: accessIsAdminAccount, expectedResult: false }
 
   my_attendance_page:
     action: 'display'
-    services:
-      access:
-        - { function: isAdminAccount, result: false }
+    conditions:
+      - { function: accessIsAdminAccount, expectedResult: false }
 
   my_invitation_page:
     action: 'display'
-    services:
-      access:
-        - { function: isAdminAccount, result: false }
+    conditions:
+      - { function: accessIsAdminAccount, expectedResult: false }
 
   my_students_page:
     action: 'display'
-    services:
-      access:
-        - { function: hasAnyProfile, parameters: [ 'teacher'] }
+    conditions:
+      - { function: accessHasAnyProfile, parameters: [ 'teacher'] }
 
   my_students_education_students_page:
     action: 'display'
-    services:
-      access:
-        - { function: hasAnyProfile, parameters: [ 'teacher'] }
+    conditions:
+      - { function: accessHasAnyProfile, parameters: [ 'teacher'] }
 
   criteria_notations_page_from_account_menu:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'criterianotation'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['PedagogicsAdministation']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['PedagogicsAdministation']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'criterianotation'}]}
 
   my_education_students_page:
     action: 'display'
-    services:
-      access:
-        - { function: hasAnyProfile, parameters: [ 'student'] }
+    conditions:
+      - { function: accessHasAnyProfile, parameters: [ 'student'] }
 
   send_an_email_page:
     action: 'display'
-    services:
-      access:
-        - { function: hasAnyProfile, parameters: [ 'admin', 'teacher' ] }
+    conditions:
+      - { function: accessHasAnyProfile, parameters: [ 'admin', 'teacher' ] }
 
   my_documents_page:
     action: 'display'
-    services:
-      access:
-        - { function: isAdminAccount, result: false }
+    conditions:
+      - { function: accessIsAdminAccount, expectedResult: false }
 
   my_profile_page:
     action: 'display'
-    services:
-      access:
-        - { function: isAdminAccount, result: false }
+    conditions:
+      - { function: accessIsAdminAccount, expectedResult: false }
 
   adherent_list_page:
     action: 'display'
-    services:
-      access:
-        - { function: hasAnyProfile, parameters: ['member'] }
-      organization:
-        - {function: isShowAdherentList}
-        - {function: hasAllModules, parameters: ['Users']}
+    conditions:
+      - { function: organizationHasAnyModule, parameters: ['Users'] }
+      - { function: organizationIsShowAdherentList }
+      - { function: accessHasAnyProfile, parameters: ['member'] }
 
   subscription_page:
     action: 'display'
-    services:
-      access:
-        - { function: hasAnyProfile, parameters: ['admin', 'administratifManager', 'pedagogicManager', 'financialManager']}
-      organization:
-        - {function: hasAllModules, parameters: ['GeneralConfig']}
+    conditions:
+      - { function: organizationHasAnyModule, parameters: ['GeneralConfig'] }
+      - { function: accessHasAnyProfile, parameters: ['admin', 'administratifManager', 'pedagogicManager', 'financialManager'] }
 
   my_bills_page:
     action: 'display'
-    services:
-      access:
-        - { function: hasAnyProfile, parameters: ['guardian', 'payor']}
+    conditions:
+      - { function: accessHasAnyProfile, parameters: ['guardian', 'payor']}
 
   cmf_licence_person_page:
     action: 'display'
-    services:
-      access:
-        - { function: isAdminAccount, result: false }
-      organization:
-        - {function: isCmf}
+    conditions:
+      - { function: organizationIsCmf }
+      - { function: accessIsAdminAccount, expectedResult: false }

config/abilities/pages/parameters.yaml

@@ -1,154 +1,118 @@
   organization_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'organization'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['GeneralConfig']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['GeneralConfig']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'organization'}]}
 
   cmf_licence_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'organization'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['GeneralConfig']}
-        - {function: isCmf}
+    conditions:
+        - { function: organizationIsCmf}
+        - { function: organizationHasAnyModule, parameters: ['GeneralConfig']}
+        - { function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'organization'}] }
 
   parameters_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'general-config'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['GeneralConfig']}
+    conditions:
+      - { function: organizationHasAnyModule, parameters: ['GeneralConfig']}
+      - { function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'general-config'}] }
 
   parameters_communication_page:
     action: 'display'
-    services:
-      access:
-        - { function: hasAllRoleAbilities, parameters: [ { action: 'read', subject: 'general-config' } ] }
-      organization:
-        - { function: hasAllModules, parameters: [ 'GeneralConfig' ] }
+    conditions:
+      - { function: organizationHasAnyModule, parameters: [ 'GeneralConfig' ] }
+      - { function: accessHasAnyRoleAbility, parameters: [ { action: 'read', subject: 'general-config' } ] }
 
   parameters_student_page:
     action: 'display'
-    services:
-      access:
-        - { function: hasAllRoleAbilities, parameters: [ { action: 'read', subject: 'general-config' } ] }
-      organization:
-        - { function: hasAllModules, parameters: [ 'GeneralConfig' ] }
-        - {function: isSchool}
+    conditions:
+      - { function: organizationIsSchool }
+      - { function: organizationHasAnyModule, parameters: [ 'GeneralConfig' ] }
+      - { function: accessHasAnyRoleAbility, parameters: [ { action: 'read', subject: 'general-config' } ] }
 
   parameters_education_page:
     action: 'display'
-    services:
-      access:
-        - { function: hasAllRoleAbilities, parameters: [ { action: 'read', subject: 'general-config' } ] }
-      organization:
-        - { function: hasAllModules, parameters: [ 'GeneralConfig' ] }
-        - { function: isSchool }
+    conditions:
+      - { function: organizationIsSchool }
+      - { function: organizationHasAnyModule, parameters: [ 'GeneralConfig' ] }
+      - { function: accessHasAnyRoleAbility, parameters: [ { action: 'read', subject: 'general-config' } ] }
 
   parameters_bills_page:
     action: 'display'
-    services:
-      access:
-        - { function: hasAllRoleAbilities, parameters: [ { action: 'read', subject: 'general-config' } ] }
-      organization:
-        - { function: hasAllModules, parameters: [ 'GeneralConfig' ] }
-        - { function: isSchool }
+    conditions:
+      - { function: organizationIsSchool }
+      - { function: organizationHasAnyModule, parameters: [ 'GeneralConfig' ] }
+      - { function: accessHasAnyRoleAbility, parameters: [ { action: 'read', subject: 'general-config' } ] }
 
   parameters_secure_page:
     action: 'display'
-    services:
-      access:
-        - { function: hasAllRoleAbilities, parameters: [ { action: 'read', subject: 'general-config' } ] }
-      organization:
-        - { function: hasAllModules, parameters: [ 'GeneralConfig' ] }
+    conditions:
+      - { function: organizationHasAnyModule, parameters: [ 'GeneralConfig' ] }
+      - { function: accessHasAnyRoleAbility, parameters: [ { action: 'read', subject: 'general-config' } ] }
 
   place_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'place'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['GeneralConfig']}
+    conditions:
+      - { function: organizationHasAnyModule, parameters: ['GeneralConfig']}
+      - { function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'place'}]}
 
   education_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'pedagogics-administration'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['PedagogicsAdministation']}
+    conditions:
+      - { function: organizationHasAnyModule, parameters: ['PedagogicsAdministation']}
+      - { function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'pedagogics-administration'}]}
 
   tag_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'manage', subject: 'tagg'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['TaggAdvanced']}
+    conditions:
+      - { function: organizationHasAnyModule, parameters: ['TaggAdvanced']}
+      - { function: accessHasAnyRoleAbility, parameters: [{action: 'manage', subject: 'tagg'}]}
 
   activities_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'activity'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['GeneralConfig']}
+    conditions:
+      - { function: organizationHasAnyModule, parameters: ['GeneralConfig']}
+      - { function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'activity'}]}
 
   template_systems_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'general-config'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['TemplateMessages']}
+    conditions:
+      - { function: organizationHasAnyModule, parameters: ['TemplateMessages']}
+      - { function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'general-config'}]}
 
   billing_settings_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'billings-administration'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['BillingAdministration']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['BillingAdministration']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'billings-administration'}]}
 
   online_registration_settings_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'onlineregistration-administration'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['IEL']}
-        - {function: isSchool}
+    conditions:
+      - {function: organizationIsSchool}
+      - {function: organizationHasAnyModule, parameters: ['IEL']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'onlineregistration-administration'}]}
 
   transition_next_year_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'manage', subject: 'pedagogics-administration'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['PedagogicsAdministation']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['PedagogicsAdministation']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'manage', subject: 'pedagogics-administration'}]}
 
   course_duplication_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'manage', subject: 'pedagogics-administration'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['PedagogicsAdministation']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['PedagogicsAdministation']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'manage', subject: 'pedagogics-administration'}]}
 
   import_page:
     action: 'display'
-    services:
-      access:
-        - function: hasAllRoleAbilities
-          parameters:
-            - {action: 'manage', subject: 'user'}
-            - {action: 'manage', subject: 'equipments'}
-      organization:
-        - function: hasAllModules
-          parameters:
-            - 'Users'
-            - 'Equipments'
+    conditions:
+      - function: organizationHasAnyModule
+        parameters:
+          - 'Users'
+          - 'Equipments'
+      - function: accessHasAnyRoleAbility
+        parameters:
+          - {action: 'manage', subject: 'user'}
+          - {action: 'manage', subject: 'equipments'}

config/abilities/pages/schedule.yaml

@@ -1,49 +1,39 @@
   agenda_page:
     action: 'display'
-    services:
-      access:
-        - function: hasAllRoleAbilities
-          parameters:
-            - {action: 'read', subject: 'events'}
-            - {action: 'read', subject: 'examens'}
-            - {action: 'read', subject: 'educationalprojects'}
-            - {action: 'read', subject: 'courses'}
-      organization:
-        - function: hasAllModules
-          parameters:
-            - 'Events'
-            - 'Courses'
-            - 'Examens'
-            - 'EducationalProjects'
+    conditions:
+      - function: organizationHasAnyModule
+        parameters:
+          - 'Events'
+          - 'Courses'
+          - 'Examens'
+          - 'EducationalProjects'
+      - function: accessHasAnyRoleAbility
+        parameters:
+          - {action: 'read', subject: 'events'}
+          - {action: 'read', subject: 'examens'}
+          - {action: 'read', subject: 'educationalprojects'}
+          - {action: 'read', subject: 'courses'}
 
   attendance_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'attendances'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['Attendances']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['Attendances']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'attendances'}]}
 
   course_page:
     action: 'display'
-    services:
-      access:
-        - { function: hasAllRoleAbilities, parameters: [ { action: 'read', subject: 'courses' } ] }
-      organization:
-        - { function: hasAllModules, parameters: [ 'Courses' ] }
+    conditions:
+      - { function: organizationHasAnyModule, parameters: [ 'Courses' ] }
+      - { function: accessHasAnyRoleAbility, parameters: [ { action: 'read', subject: 'courses' } ] }
 
   exam_page:
     action: 'display'
-    services:
-      access:
-        - { function: hasAllRoleAbilities, parameters: [ { action: 'read', subject: 'examens' } ] }
-      organization:
-        - { function: hasAllModules, parameters: [ 'Examens' ] }
+    conditions:
+      - { function: organizationHasAnyModule, parameters: [ 'Examens' ] }
+      - { function: accessHasAnyRoleAbility, parameters: [ { action: 'read', subject: 'examens' } ] }
 
   pedagogics_project_page:
     action: 'display'
-    services:
-      access:
-        - { function: hasAllRoleAbilities, parameters: [ { action: 'read', subject: 'educationalprojects' } ] }
-      organization:
-        - { function: hasAllModules, parameters: [ 'EducationalProjects' ] }
+    conditions:
+      - { function: organizationHasAnyModule, parameters: [ 'EducationalProjects' ] }
+      - { function: accessHasAnyRoleAbility, parameters: [ { action: 'read', subject: 'educationalprojects' } ] }

config/abilities/pages/stats.yaml

@@ -1,31 +1,23 @@
   report_activity_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'statistic'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['Statistic']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['Statistic']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'statistic'}]}
 
   education_quotas_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'educationstudent'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['PedagogicsAdministation']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['PedagogicsAdministation']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'educationstudent'}]}
 
   fede_stats_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'statistic'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['StatisticFederation']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['StatisticFederation']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'statistic'}]}
 
   structure_stats_page:
     action: 'display'
-    services:
-      access:
-        - {function: hasAllRoleAbilities, parameters: [{action: 'read', subject: 'statistic'}]}
-      organization:
-        - {function: hasAllModules, parameters: ['StatisticStructure']}
+    conditions:
+      - {function: organizationHasAnyModule, parameters: ['StatisticStructure']}
+      - {function: accessHasAnyRoleAbility, parameters: [{action: 'read', subject: 'statistic'}]}

services/rights/abilityUtils.ts

@@ -2,10 +2,16 @@ import RoleUtils from '~/services/rights/roleUtils'
 import {AbilitiesType} from '~/types/interfaces'
 import YamlDenormalizer from "~/services/data/serializer/denormalizer/yamlDenormalizer";
 import {MongoAbility} from "@casl/ability/dist/types/Ability";
-import {AnyJson} from "~/types/data";
 import {useEach} from "#imports";
 import {ABILITIES} from "~/types/enum/enums";
 
+interface Condition {
+    function: string
+    parameters?: Array<any>
+    expectedResult?: any
+}
+
+
 /**
  * Classe permettant de mener des opérations sur les habilités
  */
@@ -33,7 +39,7 @@ class AbilityUtils {
     }
 
     /**
-     * Définit les abilities de l'utilisateur selon son profil
+     * Construit les habilités de l'utilisateur selon son profil et met à jour MongoAbility en fonction
      */
     setupAbilities() {
         // Nécessaire pour que l'update des habilités soit correcte après la phase SSR
@@ -55,6 +61,8 @@ class AbilityUtils {
 
                     //On les store puis on update le service ability pour le mettre à jour.
                     this.accessProfile.abilities = abilities
+                    console.log(abilities)
+
                     this.ability.update(abilities)
 
                     // Unsubscribe pour éviter les memory leaks
@@ -65,7 +73,8 @@ class AbilityUtils {
     }
 
     /**
-     * Récupération de l'ensemble des habilités de l'utilisateur, qu'elles soient par Roles ou par Config
+     * Construit et renvoie l'ensemble des habilités de l'utilisateur, qu'elles soient issues de ses roles
+     * ou de la configuration
      *
      * @return {Array<AbilitiesType>}
      */
@@ -94,10 +103,15 @@ class AbilityUtils {
         const doc = YamlDenormalizer.denormalize({path: this.configDir})
         const fromConfig = doc.abilities
 
-        useEach(fromConfig, (ability: { action: ABILITIES, services: object }, subject: string) => {
-            const { action, services } = ability
+        useEach(fromConfig, (ability: { action: ABILITIES, conditions: Array<Condition> }, subject: string) => {
+            let { action, conditions } = ability
 
-            if (this.hasConfigAbility(services)) {
+            if (!Array.isArray(conditions)) {
+                // Special: la denormalization ne produit pas une array s'il n'y a qu'un seul élément
+                conditions = [conditions]
+            }
+
+            if (this.hasConfigAbility(conditions as Array<Condition>, subject)) {
                 this.abilitiesByConfig.push({ action, subject })
             }
         })
@@ -106,56 +120,74 @@ class AbilityUtils {
     /**
      * Parcourt les services définis dans la configuration, et établit si oui ou non l'habilité est autorisée
      *
-     * TODO: voir pourquoi on a besoin d'accepter un param null pour le hasProfile?
-     *
      * @return {boolean}
-     * @param services
+     * @param conditions  Les conditions à l'obtention de l'habileté, telles que définies dans les fichiers de config
+     * @param subject  For debugging purpose only
      */
-    hasConfigAbility(services: AnyJson) {
-        for (const service in services) {
-            let handlers = services[service] as Array<{ function: string, parameters?: Array<any>, result?: any }>
-
-            if (handlers.some((handler) => !this.testConfigService(handler))) {
-                return false
-            }
-        }
-        return true
+    hasConfigAbility(conditions: Array<Condition>, subject: string = '') {
+        return conditions.every((condition) => this.execAndValidateCondition(condition, subject))
     }
 
+    /**
+     * Correspondances entre les noms des fonctions définies dans les conditions des fichiers de configuration et
+     * les méthodes correspondantes
+     *
+     * TODO: voir pourquoi on a besoin d'accepter un param null pour le hasProfile?
+     */
     handlerMap: any = {
-        hasAllRoleAbilities: (parameters: any) => this.hasAllRoleAbilities(parameters),
-        hasAnyProfile: (parameters: any) => parameters === null || this.hasAnyProfile(parameters),
-        hasAllModules: (parameters: any) => this.hasAllModules(parameters),
-        isAdminAccount: (parameters: any) => this.accessProfile.isAdminAccount,
-        isSchool: (parameters: any) => this.organizationProfile.isSchool,
-        isArtist: (parameters: any) => this.organizationProfile.isArtist,
-        isManagerProduct: (parameters: any) => this.organizationProfile.isManagerProduct,
-        isOrganizationWithChildren: (parameters: any) => this.organizationProfile.hasChildren,
-        isAssociation: (parameters: any) => this.organizationProfile.isAssociation,
-        isShowAdherentList: (parameters: any) => this.organizationProfile.isShowAdherentList,
-        isCmf: (parameters: any) => this.organizationProfile.isCmf,
-        getWebsite: (parameters: any) => this.organizationProfile.getWebsite,
+        accessHasAllRoleAbilities: (parameters: any) => this.hasAllRoleAbilities(parameters),
+        accessHasAnyRoleAbility: (parameters: any) => this.hasAnyRoleAbility(parameters),
+        accessHasAnyProfile: (parameters: any) => parameters === null || this.hasAnyProfile(parameters),
+        accessHasAllModules: (parameters: any) => this.hasAllModules(parameters),
+        organizationHasAnyModule: (parameters: any) => this.hasAnyModule(parameters),
+        accessIsAdminAccount: (parameters: any) => this.accessProfile.isAdminAccount,
+        organizationIsSchool: (parameters: any) => this.organizationProfile.isSchool,
+        organizationIsArtist: (parameters: any) => this.organizationProfile.isArtist,
+        organizationIsManagerProduct: (parameters: any) => this.organizationProfile.isManagerProduct,
+        organizationHasChildren: (parameters: any) => this.organizationProfile.hasChildren,
+        organizationIsAssociation: (parameters: any) => this.organizationProfile.isAssociation,
+        organizationIsShowAdherentList: (parameters: any) => this.organizationProfile.isShowAdherentList,
+        organizationIsCmf: (parameters: any) => this.organizationProfile.isCmf,
+        organizationHasWebsite: (parameters: any) => this.organizationProfile.getWebsite,
     }
 
-    private testConfigService(handler: { function: string, parameters?: Array<any>, result?: any }) {
-        const expectedResult: boolean = handler.result ?? true;
-        const parameters = handler.parameters ?? []
+    /**
+     * Exécute la fonction associée à la condition, et compare le résultat obtenu au résultat attendu (true par défaut)
+     *
+     * @param condition  Un condition à la possession d'une habilité, telle que définie dans les fichiers de config
+     * @param subject  For debugging purpose only
+     * @private
+     */
+    private execAndValidateCondition(
+        condition: Condition,
+        subject: string = ''
+    ) {
+        const expectedResult: boolean = condition.expectedResult ?? true;
+        const parameters = condition.parameters ?? []
 
-        const actualResult = this.handlerMap[handler.function](parameters ?? null)
+        if (!(condition.function in this.handlerMap)) {
+            throw new Error('unknown condition function : ' + condition.function)
+        }
+        const actualResult = this.handlerMap[condition.function](parameters ?? null)
 
         return actualResult === expectedResult
     }
 
     /**
-     * Est-ce que l'utilisateur possède l'habilité passée en paramètre
+     * Est-ce que l'utilisateur possède l'habilité en paramètre
      *
      * @return {boolean}
      * @param ability
      */
-    hasRoleAbility(ability: AbilitiesType) {
-        return this.abilitiesByRoles.some(
-            (candidate) => candidate.action === ability.action && candidate.subject === ability.subject
-        )
+    hasRoleAbility(ability: AbilitiesType): boolean {
+        // console.log(ability, this.abilitiesByRoles.some((candidate: AbilitiesType) => {
+        //     return candidate.subject === ability.subject && (candidate.action === ability.action || candidate.action === 'manage')
+        // }))
+
+        return this.abilitiesByRoles.some((candidate: AbilitiesType) => {
+            return candidate.subject === ability.subject &&
+                (candidate.action === ability.action || candidate.action === 'manage') // 'manage' permet aussi l'action 'read'
+        })
     }
 
     /**
@@ -165,9 +197,17 @@ class AbilityUtils {
      * @return {boolean}
      */
     hasAllRoleAbilities(abilities: Array<AbilitiesType>): boolean {
-        return abilities.every(
-            ability => this.hasRoleAbility(ability)
-        )
+        return abilities.every(ability => this.hasRoleAbility(ability))
+    }
+
+    /**
+     * Est-ce que l'utilisateur possède au moins l'une des habilités passées en paramètre
+     *
+     * @param {Array<AbilitiesType>} abilities Habilités à tester
+     * @return {boolean}
+     */
+    hasAnyRoleAbility(abilities: Array<AbilitiesType>): boolean {
+        return abilities.some(ability => this.hasRoleAbility(ability))
     }
 
     /**