mirror of
https://github.com/Part-DB/Part-DB-server.git
synced 2025-06-21 09:35:49 +02:00
Implemented permissions on Admin pages.
This commit is contained in:
Jan Böhmer
parent
6649460ed6
commit
004c7970a7
4 changed files with 42 additions and 14 deletions
|
|
@ -64,6 +64,8 @@ class AttachmentTypeController extends AbstractController
|
||||||
public function edit(AttachmentType $entity, Request $request, EntityManagerInterface $em)
|
public function edit(AttachmentType $entity, Request $request, EntityManagerInterface $em)
|
||||||
{
|
{
|
||||||
|
|
||||||
|
$this->denyAccessUnlessGranted('read', $entity);
|
||||||
|
|
||||||
$form = $this->createForm(BaseEntityAdminForm::class, $entity);
|
$form = $this->createForm(BaseEntityAdminForm::class, $entity);
|
||||||
|
|
||||||
$form->handleRequest($request);
|
$form->handleRequest($request);
|
||||||
|
|
@ -88,7 +90,7 @@ class AttachmentTypeController extends AbstractController
|
||||||
{
|
{
|
||||||
$new_entity = new AttachmentType();
|
$new_entity = new AttachmentType();
|
||||||
|
|
||||||
$this->denyAccessUnlessGranted('create', $new_entity);
|
$this->denyAccessUnlessGranted('read', $new_entity);
|
||||||
|
|
||||||
//Basic edit form
|
//Basic edit form
|
||||||
$form = $this->createForm(BaseEntityAdminForm::class, $new_entity);
|
$form = $this->createForm(BaseEntityAdminForm::class, $new_entity);
|
||||||
|
|
@ -135,6 +137,8 @@ class AttachmentTypeController extends AbstractController
|
||||||
*/
|
*/
|
||||||
public function delete(Request $request, AttachmentType $entity)
|
public function delete(Request $request, AttachmentType $entity)
|
||||||
{
|
{
|
||||||
|
$this->denyAccessUnlessGranted('delete', $entity);
|
||||||
|
|
||||||
if ($this->isCsrfTokenValid('delete'.$entity->getId(), $request->request->get('_token'))) {
|
if ($this->isCsrfTokenValid('delete'.$entity->getId(), $request->request->get('_token'))) {
|
||||||
$entityManager = $this->getDoctrine()->getManager();
|
$entityManager = $this->getDoctrine()->getManager();
|
||||||
|
|
||||||
|
|
@ -164,6 +168,8 @@ class AttachmentTypeController extends AbstractController
|
||||||
*/
|
*/
|
||||||
public function exportAll(EntityManagerInterface $em, EntityExporter $exporter, Request $request)
|
public function exportAll(EntityManagerInterface $em, EntityExporter $exporter, Request $request)
|
||||||
{
|
{
|
||||||
|
$this->denyAccessUnlessGranted('read', $entity);
|
||||||
|
|
||||||
$entities = $em->getRepository(AttachmentType::class)->findAll();
|
$entities = $em->getRepository(AttachmentType::class)->findAll();
|
||||||
|
|
||||||
return $exporter->exportEntityFromRequest($entities,$request);
|
return $exporter->exportEntityFromRequest($entities,$request);
|
||||||
|
|
@ -176,6 +182,8 @@ class AttachmentTypeController extends AbstractController
|
||||||
*/
|
*/
|
||||||
public function exportEntity(AttachmentType $entity, EntityExporter $exporter, Request $request)
|
public function exportEntity(AttachmentType $entity, EntityExporter $exporter, Request $request)
|
||||||
{
|
{
|
||||||
|
$this->denyAccessUnlessGranted('read', $entity);
|
||||||
|
|
||||||
return $exporter->exportEntityFromRequest($entity, $request);
|
return $exporter->exportEntityFromRequest($entity, $request);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -62,19 +62,21 @@ class BaseEntityAdminForm extends AbstractType
|
||||||
$builder
|
$builder
|
||||||
->add('name', TextType::class, ['empty_data' => '', 'label' => 'name.label',
|
->add('name', TextType::class, ['empty_data' => '', 'label' => 'name.label',
|
||||||
'attr' => ['placeholder' => 'part.name.placeholder'],
|
'attr' => ['placeholder' => 'part.name.placeholder'],
|
||||||
'disabled' => !$this->security->isGranted('edit', $entity), ])
|
'disabled' => !$this->security->isGranted($is_new ? 'create' : 'edit', $entity), ])
|
||||||
|
|
||||||
->add('parent', EntityType::class, ['class' => get_class($entity), 'choice_label' => 'full_path',
|
->add('parent', EntityType::class, ['class' => get_class($entity), 'choice_label' => 'full_path',
|
||||||
'attr' => ['class' => 'selectpicker', 'data-live-search' => true], 'required' => false, 'label' => 'parent.label',
|
'attr' => ['class' => 'selectpicker', 'data-live-search' => true], 'required' => false, 'label' => 'parent.label',
|
||||||
'disabled' => !$this->security->isGranted('move', $entity), ])
|
'disabled' => !$this->security->isGranted($is_new ? 'create' : 'move', $entity), ])
|
||||||
|
|
||||||
->add('comment', CKEditorType::class, ['required' => false,
|
->add('comment', CKEditorType::class, ['required' => false,
|
||||||
'label' => 'comment.label', 'attr' => ['rows' => 4], 'help' => 'bbcode.hint',
|
'label' => 'comment.label', 'attr' => ['rows' => 4], 'help' => 'bbcode.hint',
|
||||||
'disabled' => !$this->security->isGranted('edit', $entity)])
|
'disabled' => !$this->security->isGranted($is_new ? 'create' : 'edit', $entity)])
|
||||||
|
|
||||||
//Buttons
|
//Buttons
|
||||||
->add('save', SubmitType::class, ['label' => $is_new ? 'entity.create' : 'entity.edit.save',
|
->add('save', SubmitType::class, ['label' => $is_new ? 'entity.create' : 'entity.edit.save',
|
||||||
'attr' => ['class' => $is_new ? 'btn-success' : '']])
|
'attr' => ['class' => $is_new ? 'btn-success' : ''],
|
||||||
->add('reset', ResetType::class, ['label' => 'entity.edit.reset']);
|
'disabled' => !$this->security->isGranted($is_new ? 'create' : 'edit', $entity)])
|
||||||
|
->add('reset', ResetType::class, ['label' => 'entity.edit.reset',
|
||||||
|
'disabled' => !$this->security->isGranted($is_new ? 'create' : 'edit', $entity)]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -40,30 +40,48 @@ use Symfony\Component\Form\Extension\Core\Type\FileType;
|
||||||
use Symfony\Component\Form\Extension\Core\Type\SubmitType;
|
use Symfony\Component\Form\Extension\Core\Type\SubmitType;
|
||||||
use Symfony\Component\Form\Extension\Core\Type\TextType;
|
use Symfony\Component\Form\Extension\Core\Type\TextType;
|
||||||
use Symfony\Component\Form\FormBuilderInterface;
|
use Symfony\Component\Form\FormBuilderInterface;
|
||||||
|
use Symfony\Component\Security\Core\Security;
|
||||||
|
|
||||||
class ImportType extends AbstractType
|
class ImportType extends AbstractType
|
||||||
{
|
{
|
||||||
|
|
||||||
|
protected $security;
|
||||||
|
|
||||||
|
public function __construct(Security $security)
|
||||||
|
{
|
||||||
|
$this->security = $security;
|
||||||
|
}
|
||||||
|
|
||||||
public function buildForm(FormBuilderInterface $builder, array $options)
|
public function buildForm(FormBuilderInterface $builder, array $options)
|
||||||
{
|
{
|
||||||
|
|
||||||
$data = $options['data'];
|
$data = $options['data'];
|
||||||
|
|
||||||
|
//Disable import if user is not allowed to create elements.
|
||||||
|
$entity = new $data['entity_class'];
|
||||||
|
$perm_name = "create";
|
||||||
|
$disabled = ! $this->security->isGranted($perm_name, $entity);
|
||||||
|
|
||||||
$builder
|
$builder
|
||||||
|
|
||||||
->add('format', ChoiceType::class, ['choices' =>
|
->add('format', ChoiceType::class, ['choices' =>
|
||||||
['JSON' => 'json', 'XML' => 'xml','CSV'=>'csv' ,'YAML' => 'yaml'], 'label' => 'export.format'])
|
['JSON' => 'json', 'XML' => 'xml','CSV'=>'csv' ,'YAML' => 'yaml'], 'label' => 'export.format',
|
||||||
->add('csv_separator', TextType::class, ['data' => ';', 'label' => 'import.csv_separator'])
|
'disabled' => $disabled])
|
||||||
|
->add('csv_separator', TextType::class, ['data' => ';', 'label' => 'import.csv_separator',
|
||||||
|
'disabled' => $disabled])
|
||||||
->add('parent', EntityType::class, ['class' => $data['entity_class'], 'choice_label' => 'full_path',
|
->add('parent', EntityType::class, ['class' => $data['entity_class'], 'choice_label' => 'full_path',
|
||||||
'attr' => ['class' => 'selectpicker', 'data-live-search' => true], 'required' => false, 'label' => 'parent.label'])
|
'attr' => ['class' => 'selectpicker', 'data-live-search' => true], 'required' => false,
|
||||||
|
'label' => 'parent.label', 'disabled' => $disabled])
|
||||||
->add('file', FileType::class, ['label' => 'import.file',
|
->add('file', FileType::class, ['label' => 'import.file',
|
||||||
'attr' => ['class' => 'file', 'data-show-preview' => 'false', 'data-show-upload' => 'false']])
|
'attr' => ['class' => 'file', 'data-show-preview' => 'false', 'data-show-upload' => 'false'], 'disabled' => $disabled])
|
||||||
|
|
||||||
->add('preserve_children', CheckboxType::class, ['data' => true, 'required' => false,
|
->add('preserve_children', CheckboxType::class, ['data' => true, 'required' => false,
|
||||||
'label' => 'import.preserve_children', 'label_attr'=> ['class' => 'checkbox-custom']])
|
'label' => 'import.preserve_children', 'label_attr'=> ['class' => 'checkbox-custom'], 'disabled' => $disabled])
|
||||||
->add('abort_on_validation_error', CheckboxType::class, ['data' => true, 'required' => false,
|
->add('abort_on_validation_error', CheckboxType::class, ['data' => true, 'required' => false,
|
||||||
'label' => 'import.abort_on_validation', 'help'=> 'import.abort_on_validation.help', 'label_attr'=> ['class' => 'checkbox-custom']])
|
'label' => 'import.abort_on_validation', 'help'=> 'import.abort_on_validation.help',
|
||||||
|
'label_attr'=> ['class' => 'checkbox-custom'], 'disabled' => $disabled])
|
||||||
|
|
||||||
//Buttons
|
//Buttons
|
||||||
->add('import', SubmitType::class, ['label' => 'import.btn']);
|
->add('import', SubmitType::class, ['label' => 'import.btn', 'disabled' => $disabled]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -6,7 +6,7 @@
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<div class=""></div>
|
<div class=""></div>
|
||||||
<div class="col offset-3 pl-2">
|
<div class="col offset-3 pl-2">
|
||||||
<button class="btn btn-danger">{% trans %}entity.delete{% endtrans %}</button>
|
<button class="btn btn-danger" {% if not is_granted("delete", entity) %}disabled{% endif %}">{% trans %}entity.delete{% endtrans %}</button>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</form>
|
</form>
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue