From 3c17f81e1d2fb68f69cfa620ca00ad63e83cc17c Mon Sep 17 00:00:00 2001
From: dj3c1t <dj3c1t@free.fr>
Date: Wed, 13 Feb 2013 23:19:55 +0100
Subject: [PATCH] roles multiples possible par user, administrables

---
 content/data/mysql/mtweb.sql                       | 237 ++++++-----
 content/data/xml/mw/action_status/.index           |   2 +-
 content/data/xml/mw/action_status/171.xml          |   4 -
 .../data/xml/mw/action_status/{173.xml => 182.xml} |   2 +-
 .../data/xml/mw/action_status/{170.xml => 187.xml} |   2 +-
 .../data/xml/mw/action_status/{172.xml => 188.xml} |   3 +-
 content/data/xml/mw/config/.index                  |   2 +-
 content/data/xml/mw/config/59.xml                  |   3 +
 content/data/xml/mw/roles/.index                   |   1 +
 content/data/xml/mw/roles/1.xml                    |   4 +
 content/data/xml/mw/roles/2.xml                    |   4 +
 content/data/xml/mw/user_status/.index             |   1 -
 content/data/xml/mw/user_status/1.xml              |   4 -
 content/data/xml/mw/user_status/2.xml              |   4 -
 content/data/xml/mw/users/.index                   |   2 +-
 content/data/xml/mw/users/{14.xml => 18.xml}       |   1 -
 content/data/xml/mw/users_roles/.index             |   1 +
 content/data/xml/mw/users_roles/25.xml             |   4 +
 content/data/xml/mw/users_roles/26.xml             |   4 +
 mw/app/config.xml                                  |  73 ++++
 mw/app/data/modules/sql/mw_data_users.php          | 285 +++++++++++--
 mw/app/data/modules/xml/mw_data_users.php          | 468 ++++++++++++++-------
 mw/app/init/0700_links.php                         |   2 +
 mw/app/mods/admin/users.php                        | 291 ++++++++++---
 mw/app/out/default/admin.php                       |   2 +-
 mw/app/out/default/css/style.css                   |  30 +-
 mw/app/out/default/layouts/admin.xml               |   3 +
 mw/app/out/default/views/admin/colonne.php         |   8 +-
 mw/app/out/default/views/admin/users/add.php       |  19 +-
 mw/app/out/default/views/admin/users/add_role.php  |  29 ++
 mw/app/out/default/views/admin/users/edit.php      |  25 +-
 mw/app/out/default/views/admin/users/edit_role.php |  33 ++
 mw/app/out/default/views/admin/users/list.php      |  16 +-
 mw/app/out/default/views/admin/users/roles.php     |  79 ++++
 mw/app/out/default/views/footer.php                |   8 +-
 mw/app/out/default/views/users/infos/edit.php      |  10 +-
 mw/env/modules/mw_env_config.php                   |  45 ++
 mw/env/modules/mw_env_run.php                      |  84 ++--
 readme.txt                                         |   2 +-
 39 files changed, 1339 insertions(+), 458 deletions(-)
 delete mode 100644 content/data/xml/mw/action_status/171.xml
 rename content/data/xml/mw/action_status/{173.xml => 182.xml} (100%)
 rename content/data/xml/mw/action_status/{170.xml => 187.xml} (100%)
 rename content/data/xml/mw/action_status/{172.xml => 188.xml} (98%)
 create mode 100644 content/data/xml/mw/config/59.xml
 create mode 100644 content/data/xml/mw/roles/.index
 create mode 100644 content/data/xml/mw/roles/1.xml
 create mode 100644 content/data/xml/mw/roles/2.xml
 delete mode 100644 content/data/xml/mw/user_status/.index
 delete mode 100644 content/data/xml/mw/user_status/1.xml
 delete mode 100644 content/data/xml/mw/user_status/2.xml
 rename content/data/xml/mw/users/{14.xml => 18.xml} (83%)
 create mode 100644 content/data/xml/mw/users_roles/.index
 create mode 100644 content/data/xml/mw/users_roles/25.xml
 create mode 100644 content/data/xml/mw/users_roles/26.xml
 create mode 100644 mw/app/out/default/views/admin/users/add_role.php
 create mode 100644 mw/app/out/default/views/admin/users/edit_role.php
 create mode 100644 mw/app/out/default/views/admin/users/roles.php

diff --git a/content/data/mysql/mtweb.sql b/content/data/mysql/mtweb.sql
index 79d3c80..dfc9068 100644
--- a/content/data/mysql/mtweb.sql
+++ b/content/data/mysql/mtweb.sql
@@ -1,108 +1,129 @@
--- phpMyAdmin SQL Dump
--- version 3.3.2deb1
--- http://www.phpmyadmin.net
---
--- Serveur: localhost
--- Généré le : Dim 25 Décembre 2011 à 15:01
--- Version du serveur: 5.1.41
--- Version de PHP: 5.3.2-1ubuntu4.11
-
-SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";
-
---
--- Base de données: `mtweb`
---
-
--- --------------------------------------------------------
-
---
--- Structure de la table `mw_action_status`
---
-
-CREATE TABLE IF NOT EXISTS `mw_action_status` (
-  `id` int(11) NOT NULL AUTO_INCREMENT,
-  `action` varchar(255) NOT NULL,
-  `id_status` int(11) NOT NULL,
-  PRIMARY KEY (`id`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=5 ;
-
---
--- Contenu de la table `mw_action_status`
---
-
-INSERT INTO `mw_action_status` (`id`, `action`, `id_status`) VALUES
-(1, 'admin', 1),
-(2, 'users', 1),
-(3, 'users', 2),
-(4, 'users/identification', 0);
-
--- --------------------------------------------------------
-
---
--- Structure de la table `mw_config`
---
-
-CREATE TABLE IF NOT EXISTS `mw_config` (
-  `id` int(11) NOT NULL AUTO_INCREMENT,
-  `key` varchar(255) NOT NULL,
-  `value` text NOT NULL,
-  PRIMARY KEY (`id`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=20 ;
-
---
--- Contenu de la table `mw_config`
---
-
-INSERT INTO `mw_config` (`id`, `key`, `value`) VALUES
-(1, 'site_name', 'mtweb'),
-(2, 'max_list', '10'),
-(3, 'description', ''),
-(4, 'out', 'dist'),
-(5, 'start_action', ''),
-(6, 'contact_form', '0'),
-(8, 'email', ''),
-(9, 'captcha', '0'),
-(16, 'start_action_params', '');
-
--- --------------------------------------------------------
-
---
--- Structure de la table `mw_users`
---
-
-CREATE TABLE IF NOT EXISTS `mw_users` (
-  `id` int(11) NOT NULL AUTO_INCREMENT,
-  `login` varchar(255) NOT NULL,
-  `password` varchar(255) NOT NULL,
-  `email` varchar(255) NOT NULL,
-  `status` int(11) NOT NULL,
-  PRIMARY KEY (`id`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=8 ;
-
---
--- Contenu de la table `mw_users`
---
-
-INSERT INTO `mw_users` (`id`, `login`, `password`, `email`, `status`) VALUES
-(1, 'admin', '25e4ee4e9229397b6b17776bfceaf8e7', 'admin@domain.tld', 1);
-
--- --------------------------------------------------------
-
---
--- Structure de la table `mw_user_status`
---
-
-CREATE TABLE IF NOT EXISTS `mw_user_status` (
-  `id` int(11) NOT NULL AUTO_INCREMENT,
-  `nom` varchar(255) NOT NULL,
-  `creation_default` tinyint(4) NOT NULL,
-  PRIMARY KEY (`id`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=3 ;
-
---
--- Contenu de la table `mw_user_status`
---
-
-INSERT INTO `mw_user_status` (`id`, `nom`, `creation_default`) VALUES
-(1, 'admin', 0),
-(2, 'membre', 1);
+-- phpMyAdmin SQL Dump
+-- version 3.3.2deb1ubuntu1
+-- http://www.phpmyadmin.net
+--
+-- Serveur: localhost
+-- Généré le : Mer 13 Février 2013 à 23:03
+-- Version du serveur: 5.1.67
+-- Version de PHP: 5.3.2-1ubuntu4.18
+
+SET SQL_MODE="NO_AUTO_VALUE_ON_ZERO";
+
+--
+-- Base de données: `mtweb`
+--
+
+-- --------------------------------------------------------
+
+--
+-- Structure de la table `mw_action_status`
+--
+
+CREATE TABLE IF NOT EXISTS `mw_action_status` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `action` varchar(255) NOT NULL,
+  `id_status` int(11) NOT NULL,
+  PRIMARY KEY (`id`)
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=116 ;
+
+--
+-- Contenu de la table `mw_action_status`
+--
+
+INSERT INTO `mw_action_status` (`id`, `action`, `id_status`) VALUES
+(115, 'users/identification', 0),
+(111, 'users', 2),
+(113, 'admin', 1);
+
+-- --------------------------------------------------------
+
+--
+-- Structure de la table `mw_config`
+--
+
+CREATE TABLE IF NOT EXISTS `mw_config` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `key` varchar(255) NOT NULL,
+  `value` text NOT NULL,
+  PRIMARY KEY (`id`)
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=30 ;
+
+--
+-- Contenu de la table `mw_config`
+--
+
+INSERT INTO `mw_config` (`id`, `key`, `value`) VALUES
+(1, 'site_name', 'mtweb'),
+(2, 'max_list', '10'),
+(3, 'description', ''),
+(4, 'out', 'default'),
+(5, 'start_action', ''),
+(6, 'contact_form', '0'),
+(8, 'email', ''),
+(9, 'captcha', '0'),
+(29, 'default_allow', '1'),
+(22, 'out_colonne', 'on'),
+(16, 'start_action_params', ''),
+(20, 'out_navig_menu_top', 'on');
+
+-- --------------------------------------------------------
+
+--
+-- Structure de la table `mw_roles`
+--
+
+CREATE TABLE IF NOT EXISTS `mw_roles` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `nom` varchar(255) NOT NULL,
+  `intitule` varchar(255) NOT NULL,
+  PRIMARY KEY (`id`)
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=8 ;
+
+--
+-- Contenu de la table `mw_roles`
+--
+
+INSERT INTO `mw_roles` (`id`, `nom`, `intitule`) VALUES
+(1, 'admin', 'administrateur'),
+(2, 'membre', 'membre');
+
+-- --------------------------------------------------------
+
+--
+-- Structure de la table `mw_users`
+--
+
+CREATE TABLE IF NOT EXISTS `mw_users` (
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `login` varchar(255) NOT NULL,
+  `password` varchar(255) NOT NULL,
+  `email` varchar(255) NOT NULL,
+  PRIMARY KEY (`id`)
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=18 ;
+
+--
+-- Contenu de la table `mw_users`
+--
+
+INSERT INTO `mw_users` (`id`, `login`, `password`, `email`) VALUES
+(17, 'admin', '25e4ee4e9229397b6b17776bfceaf8e7', 'admin@domain.tld');
+
+-- --------------------------------------------------------
+
+--
+-- Structure de la table `mw_users_roles`
+--
+
+CREATE TABLE IF NOT EXISTS `mw_users_roles` (
+  `id_user` int(11) NOT NULL,
+  `id_role` int(11) NOT NULL,
+  PRIMARY KEY (`id_user`,`id_role`)
+) ENGINE=InnoDB DEFAULT CHARSET=utf8;
+
+--
+-- Contenu de la table `mw_users_roles`
+--
+
+INSERT INTO `mw_users_roles` (`id_user`, `id_role`) VALUES
+(17, 1),
+(17, 2);
diff --git a/content/data/xml/mw/action_status/.index b/content/data/xml/mw/action_status/.index
index a6b4ce8..0947c33 100644
--- a/content/data/xml/mw/action_status/.index
+++ b/content/data/xml/mw/action_status/.index
@@ -1 +1 @@
-176
\ No newline at end of file
+188
\ No newline at end of file
diff --git a/content/data/xml/mw/action_status/171.xml b/content/data/xml/mw/action_status/171.xml
deleted file mode 100644
index c662bfd..0000000
--- a/content/data/xml/mw/action_status/171.xml
+++ /dev/null
@@ -1,4 +0,0 @@
-<tuple>
-  <id_status><![CDATA[1]]></id_status>
-  <action><![CDATA[users]]></action>
-</tuple>
diff --git a/content/data/xml/mw/action_status/173.xml b/content/data/xml/mw/action_status/182.xml
similarity index 100%
rename from content/data/xml/mw/action_status/173.xml
rename to content/data/xml/mw/action_status/182.xml
index d037f86..5e172e6 100644
--- a/content/data/xml/mw/action_status/173.xml
+++ b/content/data/xml/mw/action_status/182.xml
@@ -1,4 +1,4 @@
 <tuple>
-  <id_status><![CDATA[0]]></id_status>
   <action><![CDATA[users/identification]]></action>
+  <id_status><![CDATA[0]]></id_status>
 </tuple>
diff --git a/content/data/xml/mw/action_status/170.xml b/content/data/xml/mw/action_status/187.xml
similarity index 100%
rename from content/data/xml/mw/action_status/170.xml
rename to content/data/xml/mw/action_status/187.xml
index 8e3fd22..1f4af7e 100644
--- a/content/data/xml/mw/action_status/170.xml
+++ b/content/data/xml/mw/action_status/187.xml
@@ -1,4 +1,4 @@
 <tuple>
-  <id_status><![CDATA[1]]></id_status>
   <action><![CDATA[admin]]></action>
+  <id_status><![CDATA[1]]></id_status>
 </tuple>
diff --git a/content/data/xml/mw/action_status/172.xml b/content/data/xml/mw/action_status/188.xml
similarity index 98%
rename from content/data/xml/mw/action_status/172.xml
rename to content/data/xml/mw/action_status/188.xml
index c8de13d..d36ab48 100644
--- a/content/data/xml/mw/action_status/172.xml
+++ b/content/data/xml/mw/action_status/188.xml
@@ -1,5 +1,4 @@
 <tuple>
-  <id_status><![CDATA[2]]></id_status>
   <action><![CDATA[users]]></action>
+  <id_status><![CDATA[2]]></id_status>
 </tuple>
-
diff --git a/content/data/xml/mw/config/.index b/content/data/xml/mw/config/.index
index 4800c7d..fc9afb4 100644
--- a/content/data/xml/mw/config/.index
+++ b/content/data/xml/mw/config/.index
@@ -1 +1 @@
-58
\ No newline at end of file
+59
\ No newline at end of file
diff --git a/content/data/xml/mw/config/59.xml b/content/data/xml/mw/config/59.xml
new file mode 100644
index 0000000..fca1fcf
--- /dev/null
+++ b/content/data/xml/mw/config/59.xml
@@ -0,0 +1,3 @@
+<tuple>
+  <default_allow><![CDATA[1]]></default_allow>
+</tuple>
diff --git a/content/data/xml/mw/roles/.index b/content/data/xml/mw/roles/.index
new file mode 100644
index 0000000..7813681
--- /dev/null
+++ b/content/data/xml/mw/roles/.index
@@ -0,0 +1 @@
+5
\ No newline at end of file
diff --git a/content/data/xml/mw/roles/1.xml b/content/data/xml/mw/roles/1.xml
new file mode 100644
index 0000000..59fc94b
--- /dev/null
+++ b/content/data/xml/mw/roles/1.xml
@@ -0,0 +1,4 @@
+<tuple>
+  <nom><![CDATA[admin]]></nom>
+  <intitule><![CDATA[administrateur]]></intitule>
+</tuple>
diff --git a/content/data/xml/mw/roles/2.xml b/content/data/xml/mw/roles/2.xml
new file mode 100644
index 0000000..391bb4c
--- /dev/null
+++ b/content/data/xml/mw/roles/2.xml
@@ -0,0 +1,4 @@
+<tuple>
+  <nom><![CDATA[membre]]></nom>
+  <intitule><![CDATA[membre]]></intitule>
+</tuple>
diff --git a/content/data/xml/mw/user_status/.index b/content/data/xml/mw/user_status/.index
deleted file mode 100644
index bf0d87a..0000000
--- a/content/data/xml/mw/user_status/.index
+++ /dev/null
@@ -1 +0,0 @@
-4
\ No newline at end of file
diff --git a/content/data/xml/mw/user_status/1.xml b/content/data/xml/mw/user_status/1.xml
deleted file mode 100644
index fa722e0..0000000
--- a/content/data/xml/mw/user_status/1.xml
+++ /dev/null
@@ -1,4 +0,0 @@
-<tuple>
-  <nom>admin</nom>
-  <creation_default>0</creation_default>
-</tuple>
\ No newline at end of file
diff --git a/content/data/xml/mw/user_status/2.xml b/content/data/xml/mw/user_status/2.xml
deleted file mode 100644
index 93bb41f..0000000
--- a/content/data/xml/mw/user_status/2.xml
+++ /dev/null
@@ -1,4 +0,0 @@
-<tuple>
-  <nom><![CDATA[membre]]></nom>
-  <creation_default><![CDATA[1]]></creation_default>
-</tuple>
diff --git a/content/data/xml/mw/users/.index b/content/data/xml/mw/users/.index
index da2d398..25bf17f 100644
--- a/content/data/xml/mw/users/.index
+++ b/content/data/xml/mw/users/.index
@@ -1 +1 @@
-14
\ No newline at end of file
+18
\ No newline at end of file
diff --git a/content/data/xml/mw/users/14.xml b/content/data/xml/mw/users/18.xml
similarity index 83%
rename from content/data/xml/mw/users/14.xml
rename to content/data/xml/mw/users/18.xml
index c69b833..91293cc 100644
--- a/content/data/xml/mw/users/14.xml
+++ b/content/data/xml/mw/users/18.xml
@@ -2,5 +2,4 @@
   <login><![CDATA[admin]]></login>
   <password><![CDATA[25e4ee4e9229397b6b17776bfceaf8e7]]></password>
   <email><![CDATA[admin@domain.tld]]></email>
-  <status><![CDATA[1]]></status>
 </tuple>
diff --git a/content/data/xml/mw/users_roles/.index b/content/data/xml/mw/users_roles/.index
new file mode 100644
index 0000000..978b4e8
--- /dev/null
+++ b/content/data/xml/mw/users_roles/.index
@@ -0,0 +1 @@
+26
\ No newline at end of file
diff --git a/content/data/xml/mw/users_roles/25.xml b/content/data/xml/mw/users_roles/25.xml
new file mode 100644
index 0000000..cb9fe04
--- /dev/null
+++ b/content/data/xml/mw/users_roles/25.xml
@@ -0,0 +1,4 @@
+<tuple>
+  <id_user><![CDATA[18]]></id_user>
+  <id_role><![CDATA[1]]></id_role>
+</tuple>
diff --git a/content/data/xml/mw/users_roles/26.xml b/content/data/xml/mw/users_roles/26.xml
new file mode 100644
index 0000000..b2b7d04
--- /dev/null
+++ b/content/data/xml/mw/users_roles/26.xml
@@ -0,0 +1,4 @@
+<tuple>
+  <id_user><![CDATA[18]]></id_user>
+  <id_role><![CDATA[2]]></id_role>
+</tuple>
diff --git a/mw/app/config.xml b/mw/app/config.xml
index 968bc45..e73c769 100644
--- a/mw/app/config.xml
+++ b/mw/app/config.xml
@@ -21,4 +21,77 @@
     <form>form</form>
   </params>
 
+  <actions>
+    <module name="index" title="Site">
+      <controleur name="index" title="Accueil">
+        <al title="Accueil du site">
+          <action name="index" />
+        </al>
+      </controleur>
+    </module>
+    <module name="reponses" title="Reponses">
+      <controleur name="html" title="HTML">
+        <al title="Acceder aux pages de redirection">
+          <action name="redirect_javascript" />
+        </al>
+        <al title="Acceder aux pages d'erreur">
+          <action name="erreur" />
+        </al>
+      </controleur>
+    </module>
+    <module name="forms" title="Formulaires">
+      <controleur name="contact" title="Contact">
+        <al title="Utiliser le formulaire de contact">
+          <action name="index" />
+        </al>
+      </controleur>
+    </module>
+    <module name="admin" title="Administration">
+      <controleur name="index" title="Accueil">
+        <al title="Accueil de l'administration">
+          <action name="index" />
+        </al>
+      </controleur>
+      <controleur name="config" title="Configuration">
+        <al title="Editer la configuration du site">
+          <action name="index" />
+        </al>
+      </controleur>
+      <controleur name="users" title="Utilisateurs">
+        <al title="Lister les utilisateurs">
+          <action name="index" />
+        </al>
+        <al title="Editer les utilisateurs">
+          <action name="add" />
+          <action name="edit" />
+          <action name="del" />
+        </al>
+      </controleur>
+      <controleur name="plugins" title="Plugins">
+        <al title="Gerer les plugins">
+          <action name="index" />
+          <action name="install" />
+          <action name="uninstall" />
+          <action name="enable" />
+          <action name="disable" />
+        </al>
+      </controleur>
+    </module>
+    <module name="users" title="Utilisateurs">
+      <controleur name="infos" title="Compte">
+        <al title="Editer ses informations d'utilisateur">
+          <action name="index" />
+          <action name="edit" />
+        </al>
+      </controleur>
+      <controleur name="identification" title="Login">
+        <al title="Acceder a l'identification">
+          <action name="index" />
+          <action name="login" />
+          <action name="logout" />
+        </al>
+      </controleur>
+    </module>
+  </actions>
+
 </config>
\ No newline at end of file
diff --git a/mw/app/data/modules/sql/mw_data_users.php b/mw/app/data/modules/sql/mw_data_users.php
index 4288db7..0a1cf54 100644
--- a/mw/app/data/modules/sql/mw_data_users.php
+++ b/mw/app/data/modules/sql/mw_data_users.php
@@ -16,11 +16,19 @@
       $env = $this->env();
       $users = array("list" => array(), "total" => 0);
       try{
-        $SELECT = "SELECT *";
+        $SELECT = "SELECT #--users.*";
         $FROM = " FROM #--users";
         $WHERE = "";
         $WHERE .= (isset($alpha) ? ($WHERE ? " AND" : " WHERE")." LEFT(login, 1)=".$this->eq($alpha) : "");
-        $WHERE .= (isset($status) ? ($WHERE ? " AND" : " WHERE")." status=".$this->eq($status) : "");
+        if(isset($status)){
+          $SELECT .= ", #--users_roles.id_role as status";
+          $FROM .=
+           " LEFT JOIN #--users_roles ON ("
+          ." #--users_roles.id_user=#--users.id"
+          ." AND #--users_roles.id_role=".$this->eq($status)
+          .")";
+          $WHERE .= ($WHERE ? " AND" : " WHERE")." mw_users_roles.id_role IS NOT NULL";
+        }
         $LIMIT = ($env->config("max_list") ? " LIMIT ".$env->config("max_list")." OFFSET ".$start : "");
         $sql = "SELECT count(*) as n FROM(".$SELECT.$FROM.$WHERE.") res";
         $rst = $sgbd->query($sql);
@@ -31,12 +39,33 @@
           $rst = $sgbd->query($sql);
           while($v_rst = $sgbd->fetch_assoc($rst)) $users["list"][$v_rst["id"]] = $v_rst;
           $sgbd->free_result($rst);
+          foreach($users["list"] as $id_user => $user){
+            if(($status = $this->list_user_status($id_user)) !== false){
+              $users["list"][$id_user]["status"] = $status;
+            }
+            else{
+              $users = false;
+              break;
+            }
+          }
         }
       }
       catch(Exception $e) { $users = false; }
       return $users;
     }
 
+    function list_user_status($id_user){
+      $sgbd = $this->sgbd();
+      $status = array();
+      try{
+        $rst = $sgbd->query("SELECT id_role FROM #--users_roles WHERE id_user=".$this->eq($id_user));
+        while($v_rst = $sgbd->fetch_assoc($rst)) $status[] = $v_rst["id_role"];
+        $sgbd->free_result($rst);
+      }
+      catch(Exception $e) { $status = false; }
+      return $status;
+    }
+
     function user_by_id($id){
       $sgbd = $this->sgbd();
       $user = array();
@@ -45,6 +74,8 @@
         $rst = $sgbd->query($sql);
         if($v_rst = $sgbd->fetch_assoc($rst)) $user = $v_rst;
         $sgbd->free_result($rst);
+        if(($status = $this->list_user_status($user["id"])) !== false) $user["status"] = $status;
+        else $user = false;
       }
       catch(Exception $e) { $user = false; }
       return $user;
@@ -58,6 +89,10 @@
         $rst = $sgbd->query($sql);
         if($v_rst = $sgbd->fetch_assoc($rst)) $user = $v_rst;
         $sgbd->free_result($rst);
+        if($user){
+          if(($status = $this->list_user_status($user["id"])) !== false) $user["status"] = $status;
+          else $user = false;
+        }
       }
       catch(Exception $e) { $user = false; }
       return $user;
@@ -81,14 +116,21 @@
       $user_id = false;
       try{
         $sql =
-         "INSERT INTO #--users(login, password, email, status) VALUES"
+         "INSERT INTO #--users(login, password, email) VALUES"
         ."( ".$this->eq($login)
         .", ".$this->eq($password)
         .", ".$this->eq($email)
-        .", ".$status
         .")";
         $sgbd->query($sql);
         $user_id = $sgbd->insert_id();
+        foreach($status as $id_role){
+          $sql =
+           "INSERT INTO #--users_roles(id_user, id_role) VALUES"
+          ."( ".$user_id
+          .", ".$this->eq($id_role)
+          .")";
+          $sgbd->query($sql);
+        }
       }
       catch(Exception $e) { $user_id = false; }
       return $user_id;
@@ -102,21 +144,35 @@
         ."  login=".$this->eq($login)
         .", password=".$this->eq($password)
         .", email=".$this->eq($email)
-        .", status=".$status
-        ." WHERE id=".$id;
+        ." WHERE id=".$this->eq($id);
+        $sgbd->query($sql);
+        $sql = "DELETE FROM #--users_roles WHERE id_user=".$this->eq($id);
         $sgbd->query($sql);
+        foreach($status as $id_role){
+          $sql =
+           "INSERT INTO #--users_roles(id_user, id_role) VALUES"
+          ."( ".$this->eq($id)
+          .", ".$this->eq($id_role)
+          .")";
+          $sgbd->query($sql);
+        }
       }
       catch(Exception $e) { return false; }
       return true;
     }
 
     function del_user($login){
-      $sgbd = $this->sgbd();
-      try{
-        $sql = "DELETE FROM #--users WHERE login=".$this->eq($login);
-        $sgbd->query($sql);
+      if(($user = $this->user($login)) !== false){
+        $sgbd = $this->sgbd();
+        try{
+          $sql = "DELETE FROM #--users WHERE login=".$this->eq($login)." AND id=".$user["id"];
+          $sgbd->query($sql);
+          $sql = "DELETE FROM #--users_roles WHERE id_user=".$user["id"];
+          $sgbd->query($sql);
+        }
+        catch(Exception $e) { return false; }
       }
-      catch(Exception $e) { return false; }
+      else return false;
       return true;
     }
 
@@ -124,16 +180,11 @@
     #                                                                                   status
     #
 
-    function status(){
-      if(!isset($this->user_status)) return false;
-      return $this->user_status;
-    }
-
     function init_user_status($status = array()){
       $sgbd = $this->sgbd();
       $this->user_status = array();
       try{
-        $sql = "SELECT * FROM #--user_status";
+        $sql = "SELECT * FROM #--roles";
         $rst = $sgbd->query($sql);
         while($v_rst = $sgbd->fetch_assoc($rst)) $this->user_status[$v_rst["id"]] = $v_rst;
         $sgbd->free_result($rst);
@@ -142,24 +193,141 @@
       return $this->user_status;
     }
 
-    function init_action_status($status = array()){
-      if(!isset($this->user_status)) return false;
+    function add_role($nom, $intitule){
       $sgbd = $this->sgbd();
-      $this->action_status = array();
       try{
-        $sql = "SELECT * FROM #--action_status";
+        $sql =
+         "INSERT INTO #--roles(nom, intitule) VALUES("
+        ."  ".$this->eq($nom)
+        .", ".$this->eq($intitule)
+        .")";
         $rst = $sgbd->query($sql);
-        while($v_rst = $sgbd->fetch_assoc($rst)) $this->action_status[$v_rst["id"]] = $v_rst;
+        $id_role = $sgbd->insert_id();
+      }
+      catch(Exception $e) { $id_role = false; }
+      return $id_role;
+    }
+
+    function get_role($id){
+      if($id === "0") return array(
+        "id" => 0,
+        "nom" => "",
+        "intitule" => ""
+      );
+      $sgbd = $this->sgbd();
+      $role = array();
+      try{
+        $sql = "SELECT * FROM #--roles WHERE id=".$this->eq($id);
+        $rst = $sgbd->query($sql);
+        if($v_rst = $sgbd->fetch_assoc($rst)) $role = $v_rst;
         $sgbd->free_result($rst);
       }
-      catch(Exception $e) { $this->action_status = false; }
-      return $this->action_status;
+      catch(Exception $e) { $role = false; }
+      return $role;
+    }
+
+    function set_role($id, $nom, $intitule){
+      $sgbd = $this->sgbd();
+      try{
+        $sql =
+         "UPDATE #--roles SET"
+        ."  nom=".$this->eq($nom)
+        .", intitule=".$this->eq($intitule)
+        ." WHERE id=".$this->eq($id);
+        $rst = $sgbd->query($sql);
+      }
+      catch(Exception $e) { return false; }
+      return true;
+    }
+
+    function clear_role_actions($id_role){
+      $sgbd = $this->sgbd();
+      try{
+        $sql = "DELETE FROM #--action_status WHERE id_status=".$this->eq($id_role);
+        $sgbd->query($sql);
+      }
+      catch(Exception $e) { return false; }
+      return true;
+    }
+
+    function clear_role_users($id_role){
+      $sgbd = $this->sgbd();
+      try{
+        $sql = "DELETE FROM #--users_roles WHERE id_role=".$this->eq($id_role);
+        $sgbd->query($sql);
+      }
+      catch(Exception $e) { return false; }
+      return true;
+    }
+
+    function add_role_action($id_role, $action){
+      $sgbd = $this->sgbd();
+      try{
+        $sql = "INSERT INTO #--action_status(action, id_status) VALUES(".$this->eq($action).", ".$this->eq($id_role).")";
+        $sgbd->query($sql);
+        $id_action_status = $sgbd->insert_id();
+      }
+      catch(Exception $e) { $id_action_status = false; }
+      return $id_action_status;
+    }
+
+    function del_role($id_role){
+      $sgbd = $this->sgbd();
+      try{
+        $sql = "DELETE FROM #--roles WHERE id=".$this->eq($id_role);
+        $sgbd->query($sql);
+      }
+      catch(Exception $e) { return false; }
+      return true;
+    }
+
+    function status(){
+      if(!isset($this->user_status)) return false;
+      return $this->user_status;
     }
 
     function get_user_status(){
+      $user_status = array();
       $user = $this->get_session_user();
-      if($user && isset($user["status"])) return $user["status"];
-      return 0;
+      if($user && isset($user["id"])){
+        $sgbd = $this->sgbd();
+        try{
+          $sql = "SELECT id_role FROM #--users_roles WHERE id_user=".$this->eq($user["id"]);
+          $rst = $sgbd->query($sql);
+          while($v_rst = $sgbd->fetch_assoc($rst)) $user_status[] = $v_rst["id_role"];
+          $sgbd->free_result($rst);
+        }
+        catch(Exception $_e){ return false; }
+      }
+      else $user_status[] = 0;
+      if(!$user_status) $user_status[] = 0;
+      return $user_status;
+    }
+
+    function init_action_status($status = array()){
+      if(!isset($this->user_status)) return false;
+      $this->action_status = $this->read_action_status();
+      return $this->action_status;
+    }
+
+    function read_action_status($params = array()){
+      $group_by_action = isset($params["group_by_action"]) ? $params["group_by_action"] : false;
+      $sgbd = $this->sgbd();
+      $action_status = array();
+      try{
+        $sql = "SELECT * FROM #--action_status";
+        $rst = $sgbd->query($sql);
+        while($v_rst = $sgbd->fetch_assoc($rst)){
+          if($group_by_action){
+            if(!isset($action_status[$v_rst["action"]])) $action_status[$v_rst["action"]] = array();
+            $action_status[$v_rst["action"]][] = $v_rst["id_status"];
+          }
+          else $action_status[$v_rst["id"]] = $v_rst;
+        }
+        $sgbd->free_result($rst);
+      }
+      catch(Exception $e) { $action_status = false; }
+      return $action_status;
     }
 
     function get_action_status($mod, $controller = "index", $action = "index", $set_status = array()){
@@ -183,17 +351,62 @@
       return $status;
     }
 
-    function creation_default_status(){
-      $sgbd = $this->sgbd();
-      $default_status = 0;
-      try{
-        $sql = "SELECT id FROM #--user_status WHERE creation_default=1 LIMIT 0,1";
-        $rst = $sgbd->query($sql);
-        if($v_rst = $sgbd->fetch_assoc($rst)) $default_status = $v_rst["id"];
-        $sgbd->free_result($rst);
+    function get_actions($id_role = null){
+      $env = $this->env();
+      if($actions = $env->get_actions()){
+        if(($action_status = $this->read_action_status(array("group_by_action" => true))) !== false){
+          foreach($actions as $module_name => $module){
+            if(isset($id_role)) $actions[$module_name]["module_allowed"] =
+                isset($action_status[$module_name])
+            &&  in_array($id_role, $action_status[$module_name]);
+            $actions[$module_name]["is_public"] =
+                isset($action_status[$module_name])
+            &&  in_array(0, $action_status[$module_name]);
+            foreach($module["controleurs"] as $controleur_name => $controleur){
+              if(isset($id_role)) $actions[$module_name]["controleurs"][$controleur_name]["controleur_allowed"] =
+                  isset($action_status[$module_name."/".$controleur_name])
+              &&  in_array($id_role, $action_status[$module_name."/".$controleur_name]);
+              $actions[$module_name]["controleurs"][$controleur_name]["is_public"] =
+                  isset($action_status[$module_name."/".$controleur_name])
+              &&  in_array(0, $action_status[$module_name."/".$controleur_name]);
+              foreach($controleur["als"] as $index_als => $al){
+                if($al["actions"]){
+                  if(isset($id_role)){
+                    $HAS_ACTION_NOT_ALLOWED = false;
+                    foreach($al["actions"] as $action_name){
+                      if(
+                          !isset($action_status[$module_name."/".$controleur_name."/".$action_name])
+                      ||  !in_array($id_role, $action_status[$module_name."/".$controleur_name."/".$action_name])
+                      ){
+                        $HAS_ACTION_NOT_ALLOWED = true;
+                        break;
+                      }
+                    }
+                    if(!$HAS_ACTION_NOT_ALLOWED){
+                      $actions[$module_name]["controleurs"][$controleur_name]["als"][$index_als]["action_allowed"] = true;
+                    }
+                  }
+                  $HAS_ACTION_NOT_ALLOWED = false;
+                  foreach($al["actions"] as $action_name){
+                    if(
+                        !isset($action_status[$module_name."/".$controleur_name."/".$action_name])
+                    ||  !in_array(0, $action_status[$module_name."/".$controleur_name."/".$action_name])
+                    ){
+                      $HAS_ACTION_NOT_ALLOWED = true;
+                      break;
+                    }
+                  }
+                  if(!$HAS_ACTION_NOT_ALLOWED){
+                    $actions[$module_name]["controleurs"][$controleur_name]["als"][$index_als]["is_public"] = true;
+                  }
+                }
+              }
+            }
+          }
+          return $actions;
+        }
       }
-      catch(Exception $e) { $default_status = false; }
-      return $default_status;
+      return array();
     }
 
     # ----------------------------------------------------------------------------------------
diff --git a/mw/app/data/modules/xml/mw_data_users.php b/mw/app/data/modules/xml/mw_data_users.php
index 70287a3..2f70095 100644
--- a/mw/app/data/modules/xml/mw_data_users.php
+++ b/mw/app/data/modules/xml/mw_data_users.php
@@ -42,6 +42,15 @@
               $this->users[$user["id"]] = $user;
             }
           }
+          foreach($users["list"] as $id_user => $user){
+            if(($status = $this->list_user_status($id_user)) !== false){
+              $users["list"][$id_user]["status"] = $status;
+            }
+            else{
+              $users = false;
+              break;
+            }
+          }
         }
         else $users = false;
       }
@@ -49,12 +58,35 @@
       return $users;
     }
 
+    function list_user_status($id_user){
+      $sgbd = $this->sgbd();
+      $status = array();
+      if($rst = $sgbd->open_data("users_roles")){
+        while($v_rst = $sgbd->fetch_data($rst)){
+          if(isset($v_rst)){
+            if(isset($v_rst["id_role"]) && isset($v_rst["id_user"]) && $v_rst["id_user"] == $id_user){
+              $status[] = $v_rst["id_role"];
+            }
+          }
+          else{
+            $status = false;
+            break;
+          }
+        }
+        $sgbd->close_data($rst);
+      }
+      else $status = false;
+      return $status;
+    }
+
     function user_by_id($id){
       if(!isset($this->users)) $this->users = array();
       if(isset($this->users[$id])) return $this->users[$id];
       $sgbd = $this->sgbd();
       if(($user = $sgbd->get_data("users", $id)) !== false){
         $this->users[$id] = $user;
+        if(($status = $this->list_user_status($user["id"])) !== false) $user["status"] = $status;
+        else $user = false;
       }
       return $user;
     }
@@ -73,6 +105,10 @@
           else $user = false;
         }
         $sgbd->close_data($rst);
+        if($user){
+          if(($status = $this->list_user_status($user["id"])) !== false) $user["status"] = $status;
+          else $user = false;
+        }
       }
       else $user = false;
       if($user !== false){
@@ -105,35 +141,97 @@
 
     function add_user($login, $password, $email, $status){
       $sgbd = $this->sgbd();
-      return $sgbd->add_data(
-        "users",
-        array(
-          "login" => $login,
-          "password" => $password,
-          "email" => $email,
-          "status" => $status
-        )
-      );
+      if(
+        (
+          $id_user = $sgbd->add_data(
+            "users",
+            array(
+              "login" => $login,
+              "password" => $password,
+              "email" => $email
+            )
+          )
+        ) === false
+      ) return false;
+      $OK = true;
+      foreach($status as $id_role){
+        $OK = $sgbd->add_data(
+          "users_roles",
+          array(
+            "id_user" => $id_user,
+            "id_role" => $id_role
+          )
+        );
+        if(!$OK) break;
+      }
+      if(!$OK) return false;
+      return $id_user;
     }
 
     function set_user($id, $login, $password, $email, $status){
       $sgbd = $this->sgbd();
-      return $sgbd->set_data(
-        "users",
-        $id,
-        array(
-          "login" => $login,
-          "password" => $password,
-          "email" => $email,
-          "status" => $status
+      if(
+        !$sgbd->set_data(
+          "users",
+          $id,
+          array(
+            "login" => $login,
+            "password" => $password,
+            "email" => $email
+          )
         )
-      );
+      ) return false;
+      if($rst = $sgbd->open_data("users_roles")){
+        $OK = true;
+        while($v_rst = $sgbd->fetch_data($rst)){
+          if(isset($v_rst)){
+            if(isset($v_rst["id"]) && isset($v_rst["id_user"]) && $v_rst["id_user"] == $id){
+              if(!$sgbd->del_data("users_roles", $v_rst["id"])){
+                $OK = false;
+                break;
+              }
+            }
+          }
+          else $OK = false;
+        }
+        $sgbd->close_data($rst);
+        if(!$OK) return false;
+      }
+      else return false;
+      foreach($status as $id_role){
+        $OK = $sgbd->add_data(
+          "users_roles",
+          array(
+            "id_user" => $id,
+            "id_role" => $id_role
+          )
+        );
+        if(!$OK) break;
+      }
+      if(!$OK) return false;
+      return true;
     }
 
     function del_user($login){
       if(($user = $this->user($login)) !== false){
         $sgbd = $this->sgbd();
-        return $sgbd->del_data("users", $user["id"]);
+        if(!$sgbd->del_data("users", $user["id"])) return false;
+        if($rst = $sgbd->open_data("users_roles")){
+          $OK = true;
+          while($v_rst = $sgbd->fetch_data($rst)){
+            if(isset($v_rst)){
+              if(isset($v_rst["id"]) && isset($v_rst["id_user"]) && $v_rst["id_user"] == $user["id"]){
+                if(!$sgbd->del_data("users_roles", $v_rst["id"])){
+                  $OK = false;
+                  break;
+                }
+              }
+            }
+            else $OK = false;
+          }
+          $sgbd->close_data($rst);
+          return $OK;
+        }
       }
       return false;
     }
@@ -142,15 +240,10 @@
     #                                                                                   status
     #
 
-    function status(){
-      if(!isset($this->user_status)) return false;
-      return $this->user_status;
-    }
-
     function init_user_status($status = array()){
       $sgbd = $this->sgbd();
       $this->user_status = array();
-      if($rst = $sgbd->open_data("user_status")){
+      if($rst = $sgbd->open_data("roles")){
         while($v_rst = $sgbd->fetch_data($rst)){
           if(isset($v_rst)){
             $this->user_status[$v_rst["id"]] = $v_rst;
@@ -163,119 +256,172 @@
         $sgbd->close_data($rst);
       }
       else $this->user_status = false;
-      if($status && $this->user_status !== false){
-        foreach($status as $new_user_status){
-          $id_status = false;
-          foreach($this->user_status as $user_status) if($new_user_status["nom"] == $user_status["nom"]){
-            $id_status = $user_status["id"];
-            break;
-          }
-          if($id_status){
-            $SAME = true;
-            foreach($new_user_status as $status_key => $status_value){
-              if(!isset($this->user_status[$id_status][$status_key]) || $this->user_status[$id_status][$status_key] != $status_value){
-                $SAME = false;
+      return $this->user_status;
+    }
+
+    function add_role($nom, $intitule){
+      $sgbd = $this->sgbd();
+      $id_role = $sgbd->add_data(
+        "roles",
+        array(
+          "nom" => $nom,
+          "intitule" => $intitule
+        )
+      );
+      if(!isset($id_role)) return false;
+      return $id_role;
+    }
+
+    function get_role($id){
+      if($id === "0") return array(
+        "id" => 0,
+        "nom" => "",
+        "intitule" => ""
+      );
+      $sgbd = $this->sgbd();
+      $role = $sgbd->get_data("roles", $id);
+      if(!isset($role)) return false;
+      return $role ? $role : array();
+    }
+
+    function set_role($id, $nom, $intitule){
+      $sgbd = $this->sgbd();
+      if(
+        !$sgbd->set_data(
+          "roles",
+          $id,
+          array(
+            "nom" => $nom,
+            "intitule" => $intitule
+          )
+        )
+      ) return false;
+      return true;
+    }
+
+    function clear_role_actions($id_role){
+      $sgbd = $this->sgbd();
+      if($rst = $sgbd->open_data("action_status")){
+        $OK = true;
+        while($v_rst = $sgbd->fetch_data($rst)){
+          if(isset($v_rst)){
+            if(isset($v_rst["id"]) && isset($v_rst["id_status"]) && $v_rst["id_status"] == $id_role){
+              if(!$sgbd->del_data("action_status", $v_rst["id"])){
+                $OK = false;
                 break;
               }
             }
-            if(!$SAME){
-              if($sgbd->set_data("user_status", $id_status, $new_user_status)) $this->user_status[$id_status] = $new_user_status;
-              else{
-                $this->user_status = false;
+          }
+          else $OK = false;
+        }
+        $sgbd->close_data($rst);
+        return $OK;
+      }
+      return false;
+    }
+
+    function clear_role_users($id_role){
+      $sgbd = $this->sgbd();
+      if($rst = $sgbd->open_data("users_roles")){
+        $OK = true;
+        while($v_rst = $sgbd->fetch_data($rst)){
+          if(isset($v_rst)){
+            if(isset($v_rst["id"]) && isset($v_rst["id_role"]) && $v_rst["id_role"] == $id_role){
+              if(!$sgbd->del_data("users_roles", $v_rst["id"])){
+                $OK = false;
                 break;
               }
             }
           }
-          else{
-            if($id_status = $sgbd->add_data("user_status", $new_user_status)) $this->user_status[$id_status] = $new_user_status;
+          else $OK = false;
+        }
+        $sgbd->close_data($rst);
+        return $OK;
+      }
+      return false;
+    }
+
+    function add_role_action($id_role, $action){
+      $sgbd = $this->sgbd();
+      $id_action_status = $sgbd->add_data(
+        "action_status",
+        array(
+          "action" => $action,
+          "id_status" => $id_role
+        )
+      );
+      if(!isset($id_action_status)) return false;
+      return $id_action_status;
+    }
+
+    function del_role($id_role){
+      $sgbd = $this->sgbd();
+      return $sgbd->del_data("roles", $id_role) ? true : false;
+    }
+
+    function status(){
+      if(!isset($this->user_status)) return false;
+      return $this->user_status;
+    }
+
+    function get_user_status(){
+      $user_status = array();
+      $user = $this->get_session_user();
+      if($user && isset($user["id"])){
+        $sgbd = $this->sgbd();
+        if($rst = $sgbd->open_data("users_roles")){
+          while($v_rst = $sgbd->fetch_data($rst)){
+            if(isset($v_rst)){
+              if(isset($v_rst["id_role"]) && isset($v_rst["id_user"]) && $v_rst["id_user"] == $user["id"]){
+                $user_status[] = $v_rst["id_role"];
+              }
+            }
             else{
-              $this->user_status = false;
+              $user_status = false;
               break;
             }
           }
+          $sgbd->close_data($rst);
         }
+        else $user_status = false;
+        if($user_status === false) return false;
       }
-      return $this->user_status;
+      else $user_status[] = 0;
+      if(!$user_status) $user_status[] = 0;
+      return $user_status;
     }
 
     function init_action_status($status = array()){
       if(!isset($this->user_status)) return false;
+      $this->action_status = $this->read_action_status();
+      return $this->action_status;
+    }
+
+    function read_action_status($params = array()){
+      if(!isset($this->user_status)) return false;
+      $group_by_action = isset($params["group_by_action"]) ? $params["group_by_action"] : false;
       $sgbd = $this->sgbd();
-      $this->action_status = array();
+      $action_status = array();
       if($rst = $sgbd->open_data("action_status")){
         while($v_rst = $sgbd->fetch_data($rst)){
           if(isset($v_rst)){
-            $this->action_status[$v_rst["id"]] = $v_rst;
+            if(isset($v_rst["action"]) && isset($v_rst["id_status"])){
+              if($group_by_action){
+                if(!isset($action_status[$v_rst["action"]])) $action_status[$v_rst["action"]] = array();
+                $action_status[$v_rst["action"]][] = $v_rst["id_status"];
+              }
+              else $action_status[$v_rst["id"]] = $v_rst;
+            }
           }
           else{
-            $this->action_status = false;
+            $action_status = false;
             break;
           }
         }
         $sgbd->close_data($rst);
       }
-      else $this->action_status = false;
-      if($status && $this->action_status !== false){
-        $STATUS_OK = true;
-        foreach($status as $id_new_action_status => $new_action_status){
-          $FOUND = $new_action_status["id_status"] == "0";
-          if(!$FOUND) foreach($this->user_status as $user_status){
-            if($new_action_status["id_status"] == $user_status["nom"]){
-              $FOUND = true;
-              $status[$id_new_action_status]["id_status"] = $user_status["id"];
-            }
-          }
-          if(!$FOUND){
-            $STATUS_OK = false;
-            break;
-          }
-        }
-        if($STATUS_OK){
-          foreach($status as $new_action_status){
-            $id_status = false;
-            foreach($this->action_status as $action_status){
-              if(
-                   $new_action_status["action"] == $action_status["action"]
-                && $new_action_status["id_status"] == $action_status["id_status"]
-              ){
-                $id_status = $action_status["id"];
-                break;
-              }
-            }
-            if($id_status){
-              $SAME = true;
-              foreach($new_action_status as $status_key => $status_value){
-                if(!isset($this->action_status[$id_status][$status_key]) || $this->action_status[$id_status][$status_key] != $status_value){
-                  $SAME = false;
-                  break;
-                }
-              }
-              if(!$SAME){
-                if($id_status = $sgbd->add_data("action_status", $new_action_status)) $this->action_status[$id_status] = $new_action_status;
-                else{
-                  $this->action_status = false;
-                  break;
-                }
-              }
-            }
-            else{
-              if($id_status = $sgbd->add_data("action_status", $new_action_status)) $this->action_status[$id_status] = $new_action_status;
-              else{
-                $this->action_status = false;
-                break;
-              }
-            }
-          }
-        }
-        else $this->action_status = false;
-      }
-      return $this->action_status;
-    }
-
-    function get_user_status(){
-      $user = $this->get_session_user();
-      if($user && isset($user["status"])) return $user["status"];
-      return 0;
+      else $action_status = false;
+      return $action_status;
     }
 
     function get_action_status($mod, $controller = "index", $action = "index", $set_status = array()){
@@ -298,63 +444,65 @@
         $sgbd->close_data($rst);
       }
       else $status = false;
-      if($status !== false){
-        if($set_status){
-          foreach($set_status as $new_action_status){
-            $id_status = false;
-            foreach($status as $user_status) if($new_user_status["nom"] == $user_status["nom"]){
-              $id_status = $user_status["id"];
-              break;
-            }
-            if($id_status){
-              $SAME = true;
-              foreach($new_user_status as $status_key => $status_value){
-                if(!isset($status[$id_status][$status_key]) || $status[$id_status][$status_key] != $status_value){
-                  $SAME = false;
-                  break;
-                }
-              }
-              if(!$SAME){
-                if($sgbd->set_data("user_status", $id_status, $new_user_status)) $status[$id_status] = $new_user_status;
-                else{
-                  $status = false;
-                  break;
-                }
-              }
-            }
-            else{
-              if($id_status = $sgbd->add_data("user_status", $new_user_status)) $status[$id_status] = $new_user_status;
-              else{
-                $status = false;
-                break;
-              }
-            }
-          }
-        }
-      }
       return $status;
     }
 
-    function creation_default_status(){
-      $sgbd = $this->sgbd();
-      $default_status = 0;
-      if($rst = $sgbd->open_data("user_status")){
-        while($v_rst = $sgbd->fetch_data($rst)){
-          if(isset($v_rst)){
-            if(isset($v_rst["creation_default"]) && $v_rst["creation_default"] == 1){
-              $default_status = $v_rst["id"];
-              break;
+    function get_actions($id_role = null){
+      $env = $this->env();
+      if($actions = $env->get_actions()){
+        if(($action_status = $this->read_action_status(array("group_by_action" => true))) !== false){
+          foreach($actions as $module_name => $module){
+            if(isset($id_role)) $actions[$module_name]["module_allowed"] =
+                isset($action_status[$module_name])
+            &&  in_array($id_role, $action_status[$module_name]);
+            $actions[$module_name]["is_public"] =
+                isset($action_status[$module_name])
+            &&  in_array(0, $action_status[$module_name]);
+            foreach($module["controleurs"] as $controleur_name => $controleur){
+              if(isset($id_role)) $actions[$module_name]["controleurs"][$controleur_name]["controleur_allowed"] =
+                  isset($action_status[$module_name."/".$controleur_name])
+              &&  in_array($id_role, $action_status[$module_name."/".$controleur_name]);
+              $actions[$module_name]["controleurs"][$controleur_name]["is_public"] =
+                  isset($action_status[$module_name."/".$controleur_name])
+              &&  in_array(0, $action_status[$module_name."/".$controleur_name]);
+              foreach($controleur["als"] as $index_als => $al){
+                if($al["actions"]){
+                  if(isset($id_role)){
+                    $HAS_ACTION_NOT_ALLOWED = false;
+                    foreach($al["actions"] as $action_name){
+                      if(
+                          !isset($action_status[$module_name."/".$controleur_name."/".$action_name])
+                      ||  !in_array($id_role, $action_status[$module_name."/".$controleur_name."/".$action_name])
+                      ){
+                        $HAS_ACTION_NOT_ALLOWED = true;
+                        break;
+                      }
+                    }
+                    if(!$HAS_ACTION_NOT_ALLOWED){
+                      $actions[$module_name]["controleurs"][$controleur_name]["als"][$index_als]["action_allowed"] = true;
+                    }
+                  }
+                  $HAS_ACTION_NOT_ALLOWED = false;
+                  foreach($al["actions"] as $action_name){
+                    if(
+                        !isset($action_status[$module_name."/".$controleur_name."/".$action_name])
+                    ||  !in_array(0, $action_status[$module_name."/".$controleur_name."/".$action_name])
+                    ){
+                      $HAS_ACTION_NOT_ALLOWED = true;
+                      break;
+                    }
+                  }
+                  if(!$HAS_ACTION_NOT_ALLOWED){
+                    $actions[$module_name]["controleurs"][$controleur_name]["als"][$index_als]["is_public"] = true;
+                  }
+                }
+              }
             }
           }
-          else{
-            $default_status = false;
-            break;
-          }
+          return $actions;
         }
-        $sgbd->close_data($rst);
       }
-      else $default_status = false;
-      return $default_status;
+      return array();
     }
 
     # ----------------------------------------------------------------------------------------
diff --git a/mw/app/init/0700_links.php b/mw/app/init/0700_links.php
index ffc029b..2057a4a 100644
--- a/mw/app/init/0700_links.php
+++ b/mw/app/init/0700_links.php
@@ -3,6 +3,8 @@
   if($this->init_links()){
     $this->set_link("admin/config", $this->url("admin/config"), "Configuration", 10);
     $this->set_link("admin/users", $this->url("admin/users"), "Utilisateurs", 20);
+    $this->set_link("admin/users/list", $this->url("admin/users/index"), "Liste des utilisateurs", 10);
+    $this->set_link("admin/users/roles", $this->url("admin/users/roles"), "R&ocirc;les", 20);
     $this->set_link("admin/plugins", $this->url("admin/plugins"), "Plugins", 30);
   }
   else $this->erreur("impossible de charger les liens", true);
diff --git a/mw/app/mods/admin/users.php b/mw/app/mods/admin/users.php
index 12f3e56..95dfed0 100644
--- a/mw/app/mods/admin/users.php
+++ b/mw/app/mods/admin/users.php
@@ -10,22 +10,26 @@
       return true;
     }
 
+    // ------------------------------------------------------------------------------------
+    //                                                                         utilisateurs
+    //
+
     function index(&$env){
       $data = $env->data();
+      if($this->status) $env->set_out("status", $this->status);
+      else{
+        $env->erreur("impossible de lire la liste des status");
+        return;
+      }
       if(
-        $env->set_out(
-          "users",
-          $data->users(
+        ( $users = $data->users(
             isset($_GET[$env->param("start")]) ? $_GET[$env->param("start")] : 0,
             isset($_GET[$env->param("alpha")]) ? $_GET[$env->param("alpha")] : null,
             isset($_GET[$env->param("status")]) ? $_GET[$env->param("status")] : null
           )
         ) !== false
       ){
-        if($this->status){
-          $env->set_out("status", $this->status);
-        }
-        else $env->erreur("impossible de lire la liste des status");
+        $env->set_out("users", $users);
       }
       else $env->erreur("impossible de lire la liste des utilisateurs");
     }
@@ -34,48 +38,73 @@
       $data = $env->data();
       if($this->status){
         $env->set_out("status", $this->status);
-        $env->set_out("user", array("status" => $data->creation_default_status()));
+        $user = array(
+          "login" => "",
+          "email" => "",
+          "status" => array()
+        );
         if($_POST){
-          $env->set_out("user", $_POST);
+          $VALID = true;
           if($_POST["login"]){
-            if(($exists = $data->user($_POST["login"])) !== false){
-              if(!$exists){
-                $VALID = true;
-                if(!$_POST["email"]){
-                  $env->message("merci de preciser un email");
-                  $VALID = false;
-                }
-                if(!$_POST["password"]){
-                  $env->message("merci de preciser un mot de passe");
-                  $VALID = false;
-                }
-                if($_POST["password"] != $_POST["password_confirm"]){
-                  $env->message("la confirmation du mot de passe est incorrecte");
-                  $VALID = false;
-                }
-                if($VALID){
-                  if(
-                    $data->add_user(
-                      $_POST["login"],
-                      md5($_POST["password"]),
-                      $_POST["email"],
-                      $_POST["status"]
-                    )
-                  ){
-                    $env->redirect(
-                      $env->url("admin/users"),
-                      "l'utilisateur <strong>".$_POST["login"]."</strong> a &eacute;t&eacute; ajout&eacute;"
-                    );
-                  }
-                  else $env->erreur("Impossible d'ajouter l'utilisateur");
-                }
+            $user["login"] = $_POST["login"];
+          }
+          else{
+            $env->message("merci de pr&eacute;ciser un login");
+            $VALID = false;
+          }
+          if(($exists = $data->user($_POST["login"])) !== false){
+            if($exists){
+              $env->message("ce login existe d&eacute;j&agrave;");
+              $VALID = false;
+            }
+          }
+          else{
+            $env->erreur("impossible de savoir si cet login existe d&eacute;j&agrave;");
+            return;
+          }
+          if($_POST["email"]) $user["email"] = $_POST["email"];
+          else{
+            $env->message("merci de preciser un email");
+            $VALID = false;
+          }
+          if($_POST["password"]){
+            if($_POST["password"] == $_POST["password_confirm"]) $user["password"] = md5($_POST["password"]);
+            else{
+              $env->message("la confirmation du mot de passe est incorrecte");
+              $VALID = false;
+            }
+          }
+          else{
+            $env->message("merci de preciser un mot de passe");
+            $VALID = false;
+          }
+          $user["status"] = array();
+          foreach($_POST as $key => $value){
+            if(substr($key, 0, 7) == "status_"){
+              $id_role = substr($key, 7);
+              if(preg_match("/^[0-9]+$/", $id_role)){
+                $user["status"][] = $id_role;
               }
-              else $env->message("ce login existe d&eacute;j&agrave;");
             }
-            else $env->erreur("impossible de savoir si cet login existe d&eacute;j&agrave;");
           }
-          else $env->message("merci de pr&eacute;ciser un login");
+          if($VALID){
+            if(
+              $data->add_user(
+                $user["login"],
+                $user["password"],
+                $user["email"],
+                $user["status"]
+              )
+            ){
+              $env->redirect(
+                $env->url("admin/users/edit", array("id" => $user["login"])),
+                "l'utilisateur <strong>".$_POST["login"]."</strong> a &eacute;t&eacute; ajout&eacute;"
+              );
+            }
+            else $env->erreur("Impossible d'ajouter l'utilisateur");
+          }
         }
+        $env->set_out("user", $user);
       }
       else $env->erreur("impossible de lire la liste des status");
     }
@@ -84,16 +113,11 @@
       $data = $env->data();
       if($this->status){
         $env->set_out("status", $this->status);
-        if($env->set_out("user", $data->user($_GET[$env->param("id")]))){
+        if($user = $data->user($_GET[$env->param("id")])){
           if($_POST){
-            $user = $env->out("user");
-            $id = $user["id"];
-            $login = $user["login"];
-            $password = $user["password"];
-            $_POST["login"] = $login;
-            $env->set_out("user", $_POST);
             $VALID = true;
-            if(!$_POST["email"]){
+            if($_POST["email"]) $user["email"] = $_POST["email"];
+            else{
               $env->message("merci de preciser un email");
               $VALID = false;
             }
@@ -106,24 +130,35 @@
                 $env->message("la confirmation du mot de passe est incorrecte");
                 $VALID = false;
               }
+              if($VALID) $user["password"] = md5($_POST["password"]);
+            }
+            $user["status"] = array();
+            foreach($_POST as $key => $value){
+              if(substr($key, 0, 7) == "status_"){
+                $id_role = substr($key, 7);
+                if(preg_match("/^[0-9]+$/", $id_role) && isset($this->status[$id_role])){
+                  $user["status"][] = $id_role;
+                }
+              }
             }
             if($VALID){
               if(
                 $data->set_user(
-                  $id,
-                  $login,
-                  isset($_POST["change_password"]) && $_POST["change_password"] ? md5($_POST["password"]) : $password,
-                  $_POST["email"],
-                  $_POST["status"]
+                  $user["id"],
+                  $user["login"],
+                  $user["password"],
+                  $user["email"],
+                  $user["status"]
                 )
               )
               $env->redirect(
-                $env->url("admin/users"),
-                "l'utilisateur <strong>".$login."</strong> a &eacute;t&eacute; modifi&eacute;"
+                $env->url("admin/users/edit", array("id" => $user["login"])),
+                "l'utilisateur a &eacute;t&eacute; modifi&eacute;"
               );
               else $env->erreur("Impossible de mettre &agrave; jour l'utilisateur");
             }
           }
+          $env->set_out("user", $user);
         }
         else $env->erreur("Impossible de lire les informations de cet utilisateur");
       }
@@ -143,6 +178,146 @@
       else $env->erreur("Impossible de lire les informations de cet utilisateur");
     }
 
+    // ------------------------------------------------------------------------------------
+    //                                                                                roles
+    //
+
+    function set_default_allow(&$env){
+      $default_allow = $_GET[$env->param("id")];
+      if(!isset($default_allow) || ($default_allow !== "0" && $default_allow !== "1")){
+        $env->erreur("parametre default_allow invalide");
+        return;
+      }
+      $data = $env->data();
+      if(!$data->set_config("default_allow", $default_allow)){
+        $env->erreur("impossible de mettre a jour la configuration default_allow");
+        return;
+      }
+      $env->redirect(
+        $env->url("admin/users/roles"),
+        "la configuration default_allow a &eacute;t&eacute; enregistr&eacute;e"
+      );
+    }
+
+    function roles(&$env){
+      $data = $env->data();
+      $roles = $data->status();
+      $id_role = isset($_GET[$env->param("id")]) && $_GET[$env->param("id")] ? $_GET[$env->param("id")] : 0;
+      $env->set_out("id_role", $id_role);
+      if(!isset($roles) || $roles === false){
+        $env->erreur("impossible de lire la liste des roles");
+        return;
+      }
+      $env->set_out("roles", $roles);
+      if(($actions = $data->get_actions($id_role)) === false){
+        $env->erreur("impossible de lire la liste des droits d'acces");
+        return;
+      }
+      $env->set_out("actions", $actions);
+
+    }
+
+    function add_role(&$env){
+      $data = $env->data();
+      $role = array(
+        "nom" => "",
+        "intitule" => ""
+      );
+      if($_POST){
+        if(!($role["nom"] = $_POST["nom"])) $env->message("merci de preciser un nom");
+        if(!($role["intitule"] = $_POST["intitule"])) $env->message("merci de preciser un intitule");
+        if(!$env->messages()){
+          if(($id_role = $data->add_role($role["nom"], $role["intitule"])) !== false){
+            $env->redirect(
+              $env->url("admin/users/roles", array("id" => $id_role)),
+              "le r&ocirc;le a &eacute;t&eacute; enregistr&eacute;"
+            );
+          }
+          else $env->erreur("impossible d'enregistrer les informations du role");
+        }
+      }
+      $env->set_out("role", $role);
+    }
+
+    function edit_role(&$env){
+      $data = $env->data();
+      if(!isset($_GET[$env->param("id")]) || !($role = $data->get_role($_GET[$env->param("id")]))){
+        $env->erreur("impossible de lire les informations du role");
+        return;
+      }
+      if($_POST){
+        if(!($role["nom"] = $_POST["nom"])) $env->message("merci de preciser un nom");
+        if(!($role["intitule"] = $_POST["intitule"])) $env->message("merci de preciser un intitule");
+        if(!$env->messages()){
+          if($data->set_role($role["id"], $role["nom"], $role["intitule"])){
+            $env->redirect(
+              $env->url("admin/users/roles", array("id" => $role["id"])),
+              "le r&ocirc;le a &eacute;t&eacute; enregistr&eacute;"
+            );
+          }
+          else $env->erreur("impossible d'enregistrer les informations du role");
+        }
+      }
+      $env->set_out("role", $role);
+    }
+
+    function save_role(&$env){
+      $data = $env->data();
+      if(!($role = $data->get_role($_POST["id_role"]))){
+        $env->erreur("impossible de lire les informations du role");
+        return;
+      }
+      if(!$data->clear_role_actions($role["id"])){
+        $env->erreur("impossible de supprimer les actions du role");
+        return;
+      }
+      $action_status = array();
+      $als = array();
+      foreach($_POST as $key => $value){
+        if(substr($key, 0, 7) == "module_" && ($action = substr($key, 7))) $action_status[$action] = $role["id"];
+        elseif(substr($key, 0, 11) == "controleur_" && ($action = substr($key, 11))) $action_status[$action] = $role["id"];
+        elseif(substr($key, 0, 3) == "al_" && ($al_index = substr($key, 3))) $als[] = $al_index;
+      }
+      foreach($als as $al_index){
+        $al_prefix = "action_".$al_index."_";
+        $al_prefix_length = strlen($al_prefix);
+        foreach($_POST as $key => $value){
+          if(substr($key, 0, $al_prefix_length) == $al_prefix) $action_status[$value] = $role["id"];
+        }
+      }
+      foreach($action_status as $action => $id_role){
+        if(!$data->add_role_action($id_role, $action)){
+          $env->erreur("impossible d'enregistrer les actions du role");
+          return;
+        }
+      }
+      $env->redirect(
+        $env->url("admin/users/roles", array("id" => $role["id"])),
+        "les actions du r&ocirc;le ont &eacute;t&eacute; enregistr&eacute;es"
+      );
+    }
+
+    function del_role(&$env){
+      $data = $env->data();
+      if(!isset($_GET[$env->param("id")]) || !($role = $data->get_role($_GET[$env->param("id")]))){
+        $env->erreur("impossible de lire les informations du role");
+        return;
+      }
+      if($data->clear_role_actions($role["id"])){
+        if($data->clear_role_users($role["id"])){
+          if($data->del_role($role["id"])){
+            $env->redirect(
+              $env->url("admin/users/roles"),
+              "le r&ocirc;le a &eacute;t&eacute; effac&eacute;"
+            );
+          }
+          else $env->erreur("impossible de supprimer le role");
+        }
+        else $env->erreur("impossible de supprimer le role aux utilisateurs");
+      }
+      else $env->erreur("impossible de supprimer les actions du role");
+    }
+
   }
 
 ?>
\ No newline at end of file
diff --git a/mw/app/out/default/admin.php b/mw/app/out/default/admin.php
index 7f56398..bbdc722 100644
--- a/mw/app/out/default/admin.php
+++ b/mw/app/out/default/admin.php
@@ -14,7 +14,7 @@
     <div id="main">
       <div class="content">
 
-        <div id="colonne">
+        <div id="colonne" class="admin">
 <?php require $this->out_file("views/admin/colonne.php"); ?>
         </div>
 
diff --git a/mw/app/out/default/css/style.css b/mw/app/out/default/css/style.css
index ef6fbcd..c44c85e 100644
--- a/mw/app/out/default/css/style.css
+++ b/mw/app/out/default/css/style.css
@@ -168,32 +168,32 @@ strong{
 
 /* ------------------------------------------------- MENU COLONNE */
 
-#colonne ul.menu{
+#colonne .menu ul{
   list-style-type: none;
   margin: 5px 20px 5px 10px;
   padding: 0;
 }
 
-#colonne ul.menu ul{
+#colonne .menu ul ul{
   list-style-type: none;
   margin: 0 0 0 20px;
   padding: 0;
 }
 
-#colonne ul.menu li{
+#colonne .menu ul li{
   margin: 1px 0;
   padding: 0;
   border-bottom: solid 1px #e5e5e5;
 }
 
-#colonne ul.menu li a{
+#colonne .menu ul li a{
   display: block;
   line-height: 2em;
   padding: 0 1em;
   background-color: #f5f5f5;
 }
 
-#colonne ul.menu li a:hover{
+#colonne .menu ul li a:hover{
   color: #000066;
   background-color: #f1f1f1;
 }
@@ -339,6 +339,26 @@ table.admin td.action{
   width: 50px;
 }
 
+ul.actions li{
+  margin-left: 15px;
+}
+
+ul.actions li.public{
+  background-color: #f5fff2;
+}
+
+form ul.actions li{
+  padding: 0;
+}
+
+form ul.actions li label{
+  display: inline;
+  float: none;
+  width: auto;
+  text-align: left;
+  padding-right: 0px;
+}
+
 .navig{
   text-align: right;
   border: solid 1px #d5d5d5;
diff --git a/mw/app/out/default/layouts/admin.xml b/mw/app/out/default/layouts/admin.xml
index 5faea5a..a7a9ee9 100644
--- a/mw/app/out/default/layouts/admin.xml
+++ b/mw/app/out/default/layouts/admin.xml
@@ -7,6 +7,9 @@
       <index content="views/admin/users/list.php" />
       <add content="views/admin/users/add.php" />
       <edit content="views/admin/users/edit.php" />
+      <roles content="views/admin/users/roles.php" />
+      <add_role content="views/admin/users/add_role.php" />
+      <edit_role content="views/admin/users/edit_role.php" />
     </users>
     <config content="views/admin/config.php" />
     <plugins>
diff --git a/mw/app/out/default/views/admin/colonne.php b/mw/app/out/default/views/admin/colonne.php
index 561c2d8..b680bce 100644
--- a/mw/app/out/default/views/admin/colonne.php
+++ b/mw/app/out/default/views/admin/colonne.php
@@ -1,7 +1,5 @@
 <?php $data = $this->data(); if(($admin_menu = $data->get_link("admin")) && $admin_menu["subs"]) : ?>
-<ul class="menu">
-  <?php foreach($admin_menu["subs"] as $link) : ?>
-  <li><a href="<?php echo $link["url"]; ?>"><?php echo $link["intitule"]; ?></a></li>
-  <?php endforeach; ?>
-</ul>
+
+<?php echo get_menu_ul($admin_menu); ?>
+
 <?php endif; ?>
\ No newline at end of file
diff --git a/mw/app/out/default/views/admin/users/add.php b/mw/app/out/default/views/admin/users/add.php
index 6132b7f..7e840df 100644
--- a/mw/app/out/default/views/admin/users/add.php
+++ b/mw/app/out/default/views/admin/users/add.php
@@ -14,15 +14,18 @@
         </div>
       </li>
       <li>
-        <label for="status">statut</label>
+        <label for="status">r&ocirc;le</label>
         <div class="form_input">
-          <select name="status" id="status">
-          <?php foreach($this->out["status"] as $id_status => $status) : ?>
-            <option value="<?php echo $id_status; ?>"<?php echo $this->out["user"]["status"] == $id_status ? " selected" : ""; ?>>
-              <?php echo $status["nom"]; ?>
-            </option>
-          <?php endforeach; ?>
-          </select>
+          <ul>
+            <?php foreach($this->out["status"] as $id_status => $status) : ?>
+              <li>
+                <input type="checkbox" name="status_<?php echo $id_status; ?>"<?php
+                  echo in_array($id_status, $this->out["user"]["status"]) ? " checked" : "";
+                ?> />
+                <?php echo $status["intitule"]; ?>
+              </li>
+            <?php endforeach; ?>
+          </ul>
         </div>
       </li>
       <li>
diff --git a/mw/app/out/default/views/admin/users/add_role.php b/mw/app/out/default/views/admin/users/add_role.php
new file mode 100644
index 0000000..2122b9e
--- /dev/null
+++ b/mw/app/out/default/views/admin/users/add_role.php
@@ -0,0 +1,29 @@
+<h2>Ajouter un r&ocirc;le</h2>
+
+<ul class="buttons">
+  <li><a href="<?php echo $this->url("admin/users/roles"); ?>">Retour &agrave; la liste des actions</a></li>
+</ul>
+
+<form name="role_form" action="<?php echo $this->url("admin/users/add_role"); ?>" method="post">
+  <fieldset>
+    <ul>
+      <li>
+        <label for="nom">Nom</label>
+        <div class="form_input">
+          <input type="text" name="nom" id="nom" value="<?php echo $this->out["role"]["nom"]; ?>" />
+        </div>
+      </li>
+      <li>
+        <label for="nom">Intitul&eacute;</label>
+        <div class="form_input">
+          <input type="text" name="intitule" id="nom" value="<?php echo $this->out["role"]["intitule"]; ?>" />
+        </div>
+      </li>
+      <li>
+        <div class="form_buttons">
+          <input type="submit" value="Enregistrer" />
+        </div>
+      </li>
+    </ul>
+  </fieldset>
+</form>
diff --git a/mw/app/out/default/views/admin/users/edit.php b/mw/app/out/default/views/admin/users/edit.php
index 9b2ba0f..f00600b 100644
--- a/mw/app/out/default/views/admin/users/edit.php
+++ b/mw/app/out/default/views/admin/users/edit.php
@@ -2,9 +2,13 @@
 
 <ul class="buttons">
   <li><a href="<?php echo $this->url("admin/users"); ?>">Retour &agrave; la liste des utilisateurs</a></li>
+  <li><a href="<?php echo $this->url("admin/users/del", array("id" => $this->out["user"]["login"])); ?>"
+       class="admin_link"
+       title="supprimer cet utilisateur"
+       onclick="return confirm('Supprimer cet utilisateur ?')"><img src="<?php echo $this->out_url("icons/del.gif"); ?>"/></a></li>
 </ul>
 
-<form name="user_form" action="<?php echo $this->url("admin/users/edit", array("id" => $_GET[$this->param("id")])); ?>" method="post">
+<form name="user_form" action="<?php echo $this->url("admin/users/edit", array("id" => $this->out["user"]["login"])); ?>" method="post">
   <fieldset>
     <ul>
       <li>
@@ -14,15 +18,18 @@
         </div>
       </li>
       <li>
-        <label for="status">statut</label>
+        <label for="status">r&ocirc;le</label>
         <div class="form_input">
-          <select name="status" id="status">
-          <?php foreach($this->out["status"] as $id_status => $status) : ?>
-            <option value="<?php echo $id_status; ?>"<?php echo $this->out["user"]["status"] == $id_status ? " selected" : ""; ?>>
-              <?php echo $status["nom"]; ?>
-            </option>
-          <?php endforeach; ?>
-          </select>
+          <ul>
+            <?php foreach($this->out["status"] as $id_status => $status) : ?>
+              <li>
+                <input type="checkbox" name="status_<?php echo $id_status; ?>"<?php
+                  echo in_array($id_status, $this->out["user"]["status"]) ? " checked" : "";
+                ?> />
+                <?php echo $status["intitule"]; ?>
+              </li>
+            <?php endforeach; ?>
+          </ul>
         </div>
       </li>
       <li>
diff --git a/mw/app/out/default/views/admin/users/edit_role.php b/mw/app/out/default/views/admin/users/edit_role.php
new file mode 100644
index 0000000..055ef1e
--- /dev/null
+++ b/mw/app/out/default/views/admin/users/edit_role.php
@@ -0,0 +1,33 @@
+<h2>Editer un r&ocirc;le</h2>
+
+<ul class="buttons">
+  <li><a href="<?php echo $this->url("admin/users/roles", array("id" => $this->out["role"]["id"])); ?>">Retour &agrave; la liste des actions</a></li>
+  <li><a href="<?php echo $this->url("admin/users/del_role", array("id" => $this->out["role"]["id"])); ?>"
+       class="admin_link"
+       title="supprimer ce role"
+       onclick="return confirm('Supprimer ce role ?')"><img src="<?php echo $this->out_url("icons/del.gif"); ?>" /></a></li>
+</ul>
+
+<form name="role_form" action="<?php echo $this->url("admin/users/edit_role", array("id" => $this->out["role"]["id"])); ?>" method="post">
+  <fieldset>
+    <ul>
+      <li>
+        <label for="nom">Nom</label>
+        <div class="form_input">
+          <input type="text" name="nom" id="nom" value="<?php echo $this->out["role"]["nom"]; ?>" />
+        </div>
+      </li>
+      <li>
+        <label for="nom">Intitul&eacute;</label>
+        <div class="form_input">
+          <input type="text" name="intitule" id="nom" value="<?php echo $this->out["role"]["intitule"]; ?>" />
+        </div>
+      </li>
+      <li>
+        <div class="form_buttons">
+          <input type="submit" value="Enregistrer" />
+        </div>
+      </li>
+    </ul>
+  </fieldset>
+</form>
diff --git a/mw/app/out/default/views/admin/users/list.php b/mw/app/out/default/views/admin/users/list.php
index dd5e21c..2640b96 100644
--- a/mw/app/out/default/views/admin/users/list.php
+++ b/mw/app/out/default/views/admin/users/list.php
@@ -47,14 +47,22 @@
   <tr>
     <th>login</th>
     <th>email</th>
-    <th>statut</th>
+    <th>r&ocirc;le</th>
     <th align="center" colspan="2">actions</th>
   </tr>
   <?php foreach($this->out["users"]["list"] as $id_user => $user) : ?>
   <tr class="hl">
     <td><?php echo $user["login"]; ?></td>
     <td><a href="mailto:<?php echo $user["email"]; ?>"><?php echo $user["email"]; ?></a></td>
-    <td><?php echo $this->out["status"][$user["status"]]["nom"]; ?></td>
+    <td>
+    <?php
+
+      $role = "";
+      foreach($user["status"] as $id_role) $role .= ($role ? ", " : "").$this->out["status"][$id_role]["intitule"];
+
+    ?>
+    <?php echo $role; ?>
+    </td>
     <td class="action">
     <a href="<?php echo $this->url("admin/users/edit", array("id" => $user["login"])); ?>"
        class="admin_link"
@@ -63,8 +71,8 @@
     <td class="action">
     <a href="<?php echo $this->url("admin/users/del", array("id" => $user["login"])); ?>"
        class="admin_link"
-       title="supprimer cet utilisateur"><img src="<?php echo $this->out_url("icons/del.gif"); ?>"
-       onclick="return confirm('Supprimer cet utilisateur ?')"/></a>
+       title="supprimer cet utilisateur"
+       onclick="return confirm('Supprimer cet utilisateur ?')"><img src="<?php echo $this->out_url("icons/del.gif"); ?>"/></a>
     </td>
   </tr>
   <?php endforeach; ?>
diff --git a/mw/app/out/default/views/admin/users/roles.php b/mw/app/out/default/views/admin/users/roles.php
new file mode 100644
index 0000000..a65184c
--- /dev/null
+++ b/mw/app/out/default/views/admin/users/roles.php
@@ -0,0 +1,79 @@
+<h2>Les r&ocirc;les</h2>
+
+<h3>Politique d'acc&egrave;s</h3>
+<p>
+  <label for="default_allow">Autoriser l'acc&egrave;s par d&eacute;faut</label>
+  <select id="default_allow" onchange="document.location=this.options[this.selectedIndex].value;">
+    <option value="<?php echo $this->url("admin/users/set_default_allow", array("id" => "1")); ?>"<?php echo $this->config("default_allow") ? " selected" : ""; ?>>oui</option>
+    <option value="<?php echo $this->url("admin/users/set_default_allow", array("id" => "0")); ?>"<?php echo $this->config("default_allow") ? "" : " selected"; ?> />non</option>
+  </select>
+</p>
+<br />
+
+<h3>
+  Autorisations d'accès pour
+  <select onchange="document.location=this.options[this.selectedIndex].value;">
+    <option value="<?php echo $this->url("admin/users/roles", array("id" => 0)); ?>">Visiteurs non identifiés</option>
+    <?php foreach($this->out["roles"] as $id_role => $role) : ?>
+    <option value="<?php echo $this->url("admin/users/roles", array("id" => $id_role)); ?>"<?php echo $this->out["id_role"] == $id_role ? " selected" : ""; ?>><?php echo $role["intitule"]; ?></option>
+    <?php endforeach; ?>
+  </select>
+  <?php if($this->out["id_role"]) : ?>
+  <a href="<?php echo $this->url("admin/users/edit_role", array("id" => $this->out["id_role"])); ?>"
+       class="admin_link"
+       title="modifier ce role"><img src="<?php echo $this->out_url("icons/edit.gif"); ?>" /></a>
+  <a href="<?php echo $this->url("admin/users/del_role", array("id" => $this->out["id_role"])); ?>"
+       class="admin_link"
+       title="supprimer ce role"><img src="<?php echo $this->out_url("icons/del.gif"); ?>"
+       onclick="return confirm('Supprimer ce role ?')"/></a>
+  <?php endif; ?>
+  <a href="<?php echo $this->url("admin/users/add_role"); ?>"
+       class="admin_link"
+       title="ajouter un role"><img src="<?php echo $this->out_url("icons/add.gif"); ?>" /></a>
+</h3>
+
+
+<?php if($this->out["actions"]) : ?>
+<form action="<?php echo $this->url("admin/users/save_role"); ?>" method="post">
+  <input type="hidden" name="id_role" value="<?php echo $this->out["id_role"]; ?>" />
+  <ul class="actions">
+  <?php $index_al = 0; foreach($this->out["actions"] as $module_name => $module) : ?>
+    <li<?php echo $module["is_public"] ? " class=\"public\"" : "" ?>>
+      <input type="checkbox" name="module_<?php echo $module_name; ?>"<?php echo $module["module_allowed"] ? " checked" : "" ?> />
+      <label><?php echo $module_name; ?></label>
+      <?php if($module["controleurs"]) : ?>
+      <ul>
+        <?php foreach($module["controleurs"] as $controleur_name => $controleur) : ?>
+        <li<?php echo $controleur["is_public"] ? " class=\"public\"" : "" ?>>
+          <input type="checkbox" name="controleur_<?php echo $module_name."/".$controleur_name; ?>"<?php echo $controleur["controleur_allowed"] ? " checked" : "" ?> />
+          <label><?php echo $controleur_name; ?></label>
+          <?php if($controleur["als"]) : ?>
+          <ul>
+            <?php foreach($controleur["als"] as $al) : $index_al++; ?>
+            <li<?php echo $al["is_public"] ? " class=\"public\"" : "" ?>>
+              <input type="checkbox" name="al_<?php echo $index_al; ?>"<?php echo $al["action_allowed"] ? " checked" : "" ?> />
+              <?php foreach($al["actions"] as $index_action=> $action_name) : ?>
+              <input type="hidden" name="action_<?php echo $index_al; ?>_<?php echo $index_action; ?>" value="<?php echo $module_name."/".$controleur_name."/".$action_name; ?>" />
+              <?php endforeach; ?>
+              <label><?php echo $al["title"]; ?></label>
+            </li>
+            <?php endforeach; ?>
+          </ul>
+          <?php endif; ?>
+        </li>
+        <?php endforeach; ?>
+      </ul>
+      <?php endif; ?>
+    </li>
+  <?php endforeach; ?>
+    <li>
+      <div class="form_buttons">
+        <input type="submit" value="Enregistrer" />
+      </div>
+    </li>
+  </ul>
+</form>
+<?php else : ?>
+<p>Aucune action d&eacute;clar&eacute;e</p>
+<?php endif; ?>
+
diff --git a/mw/app/out/default/views/footer.php b/mw/app/out/default/views/footer.php
index 4c1750f..12f5305 100644
--- a/mw/app/out/default/views/footer.php
+++ b/mw/app/out/default/views/footer.php
@@ -1,12 +1,14 @@
 <ul>
-<?php if($this->config("contact_form")) : ?>
+<?php if($this->config("contact_form") && $this->status_ok("forms/contact")) : ?>
   <li><a href="<?php echo $this->url("forms/contact"); ?>">contact</a></li>
 <?php endif; ?>
 <?php if(!($user = $this->user())) : ?>
-   <li><a href="<?php echo $this->url("users/identification"); ?>">s'identifier</a></li>
+  <li><a href="<?php echo $this->url("users/identification"); ?>">s'identifier</a></li>
 <?php else : ?>
   <li>Bienvenue <strong><?php echo $user["login"]; ?></strong></li>
-  <li><a href="<?php echo $this->url("users"); ?>">compte</a></li>
+  <?php if($this->status_ok("users/infos")) : ?>
+  <li><a href="<?php echo $this->url("users/infos"); ?>">compte</a></li>
+  <?php endif; ?>
 <?php if($this->status_ok("admin")) : ?>
   <li><a href="<?php echo $this->url("admin"); ?>">admin</a></li>
 <?php endif; ?>
diff --git a/mw/app/out/default/views/users/infos/edit.php b/mw/app/out/default/views/users/infos/edit.php
index ee99a89..80c2717 100644
--- a/mw/app/out/default/views/users/infos/edit.php
+++ b/mw/app/out/default/views/users/infos/edit.php
@@ -10,9 +10,15 @@
         </div>
       </li>
       <li>
-        <label for="status_name">statut</label>
+        <label for="status_name">r&ocirc;le</label>
         <div class="form_input">
-          <input type="text" name="status_name" id="status_name" value="<?php echo $this->out["status"][$this->out["user"]["status"]]["nom"]; ?>" disabled="disabled" />
+          <?php
+            $role = "";
+            foreach($this->out["user"]["status"] as $id_role){
+              $role .= ($role ? ", " : "").$this->out["status"][$id_role]["intitule"];
+            }
+            echo $role;
+          ?>
         </div>
       </li>
       <li>
diff --git a/mw/env/modules/mw_env_config.php b/mw/env/modules/mw_env_config.php
index 64da6d3..a708431 100644
--- a/mw/env/modules/mw_env_config.php
+++ b/mw/env/modules/mw_env_config.php
@@ -8,6 +8,7 @@
     var $PARAMS;
     var $CONFIG;
     var $bdd;
+    var $actions;
 
     function load_config($bdd, $CONFIG){
       if(true){
@@ -54,6 +55,46 @@
           )
         );
       }
+      if(isset($app_config["subs"]["actions"][0]["subs"]["module"])){
+        foreach($app_config["subs"]["actions"][0]["subs"]["module"] as $module_elt){
+          $module_name = $module_elt["attrs"]["name"];
+          if(!isset($this->actions[$module_name])) $this->actions[$module_name] = array(
+            "controleurs" => array(),
+            "module_allowed" => false,
+            "is_public" => false
+          );
+          if(isset($module_elt["subs"]["controleur"])){
+            foreach($module_elt["subs"]["controleur"] as $controleur_elt){
+              $controleur_name = $controleur_elt["attrs"]["name"];
+              if(!isset($this->actions[$module_name]["controleurs"][$controleur_name])) $this->actions[$module_name]["controleurs"][$controleur_name] = array(
+                "als" => array(),
+                "controleur_allowed" => false,
+                "is_public" => false
+              );
+              if(isset($controleur_elt["subs"]["al"])){
+                $al_index = 0;
+                foreach($controleur_elt["subs"]["al"] as $al_elt){
+                  $action_title = $al_elt["attrs"]["title"];
+                  if(isset($al_elt["subs"]["action"])){
+                    foreach($al_elt["subs"]["action"] as $action_elt){
+                      if(!isset($this->actions[$module_name]["controleurs"][$controleur_name]["als"][$al_index])){
+                        $this->actions[$module_name]["controleurs"][$controleur_name]["als"][$al_index] = array(
+                          "title" => $action_title,
+                          "action_allowed" => false,
+                          "is_public" => false,
+                          "actions" => array()
+                        );
+                      }
+                      $this->actions[$module_name]["controleurs"][$controleur_name]["als"][$al_index]["actions"][] = $action_elt["attrs"]["name"];
+                    }
+                  }
+                  $al_index++;
+                }
+              }
+            }
+          }
+        }
+      }
     }
 
     function get_config_file(){
@@ -123,6 +164,10 @@
       return false;
     }
 
+    function get_actions(){
+      return isset($this->actions) ? $this->actions : array();
+    }
+
   }
 
 ?>
\ No newline at end of file
diff --git a/mw/env/modules/mw_env_run.php b/mw/env/modules/mw_env_run.php
index 51b6330..31242f5 100644
--- a/mw/env/modules/mw_env_run.php
+++ b/mw/env/modules/mw_env_run.php
@@ -76,48 +76,58 @@
     }
 
     function status_ok($etat, $CHECK_FORMAT = true){
-      $OK = $this->config("default_allow");
       $data = $this->data();
       if($CHECK_FORMAT) $etat = $this->valid_etat($etat);
-      if($etat !== false){
-        if(($user_status = $data->get_user_status()) !== false){
-          if(
-            (
-              $action_status = $data->get_action_status(
-                $etat["mod"],
-                $etat["controller"],
-                $etat["action"]
-              )
-            ) !== false
-          ){
-            $action = $etat["mod"]."/".$etat["controller"]."/".$etat["action"];
-            if(isset($action_status[$action])){
-              $OK =
-                   (isset($action_status[$action][0]) && $action_status[$action][0])
-                || (isset($action_status[$action][$user_status]) && $action_status[$action][$user_status]);
-            }
-            else{
-              $action = $etat["mod"]."/".$etat["controller"];
-              if(isset($action_status[$action])){
-                $OK =
-                     (isset($action_status[$action][0]) && $action_status[$action][0])
-                  || (isset($action_status[$action][$user_status]) && $action_status[$action][$user_status]);
-              }
-              else{
-                $action = $etat["mod"];
-                if(isset($action_status[$action])){
-                  $OK =
-                       (isset($action_status[$action][0]) && $action_status[$action][0])
-                    || (isset($action_status[$action][$user_status]) && $action_status[$action][$user_status]);
-                }
-              }
-            }
+      if($etat === false){
+        $this->erreur("etat invalide");
+        return false;
+      }
+      if(($user_status = $data->get_user_status()) === false){
+        $this->erreur("Impossible de lire les roles de l'utilisateur courant");
+        return false;
+      }
+      if(!$user_status){
+        $this->erreur("L'utilisateur courant n'a aucun role");
+        return false;
+      }
+      if(
+        (
+          $action_status = $data->get_action_status(
+            $etat["mod"],
+            $etat["controller"],
+            $etat["action"]
+          )
+        ) === false
+      ){
+        $this->erreur("Impossible de lire les status des actions en base");
+        return false;
+      }
+      foreach($user_status as $id_role){
+        $OK = $this->config("default_allow");
+        $action = $etat["mod"];
+        if(isset($action_status[$action])){
+          $OK =
+               (isset($action_status[$action][0]) && $action_status[$action][0])
+            || (isset($action_status[$action][$id_role]) && $action_status[$action][$id_role]);
+        }
+        if(!$OK){
+          $action = $etat["mod"]."/".$etat["controller"];
+          if(isset($action_status[$action])){
+            $OK =
+                 (isset($action_status[$action][0]) && $action_status[$action][0])
+              || (isset($action_status[$action][$id_role]) && $action_status[$action][$id_role]);
+          }
+        }
+        if(!$OK){
+          $action = $etat["mod"]."/".$etat["controller"]."/".$etat["action"];
+          if(isset($action_status[$action])){
+            $OK =
+                 (isset($action_status[$action][0]) && $action_status[$action][0])
+              || (isset($action_status[$action][$id_role]) && $action_status[$action][$id_role]);
           }
-          else $this->erreur("Impossible de lire les status des actions en base");
         }
-        else $this->erreur("Impossible de lire le statut de l'utilisateur courant");
+        if($OK) break;
       }
-      else $this->erreur("etat invalide");
       return $OK;
     }
 
diff --git a/readme.txt b/readme.txt
index cb7a226..a167fce 100644
--- a/readme.txt
+++ b/readme.txt
@@ -50,7 +50,7 @@ installation :
   Par defaut, mtweb stocke ses donnees dans des fichiers XML.
   pour utilisez le stockage des donnees avec MySql :
 
-  - importez les tables fournies dans le fichier "content/data/sql/mysql/mtweb.sql"
+  - importez les tables fournies dans le fichier "content/data/mysql/mtweb.sql"
   - puis dans le fichier "config.php" :
      - commentez la partie relative aux donnees XML
      - decommentez la partie relative aux donnees MySql
-- 
2.1.4