Forbid access to homepage if a user has no allow permission

This allows to block access to everything (even the homepage) for anonymous access. This fixes issue #290
2025-06-25 19:28:51 +02:00 · 2023-08-20 12:33:08 +02:00 · 2023-08-20 12:33:08 +02:00 · 0e5613b57b
commit 0e5613b57b
parent e66ff40733
4 changed files with 102 additions and 7 deletions
--- a/src/Services/UserSystem/PermissionManager.php
+++ b/src/Services/UserSystem/PermissionManager.php
@ -271,6 +271,27 @@ class PermissionManager
        }
    }

+    /**
+     * This function checks if the given user has any permission set to allow, either directly or inherited.
+     * @param  User  $user
+     * @return bool
+     */
+    public function hasAnyPermissionSetToAllowInherited(User $user): bool
+    {
+        //Iterate over all permissions
+        foreach ($this->permission_structure['perms'] as $perm_key => $permission) {
+            //Iterate over all operations of the permission
+            foreach ($permission['operations'] as $op_key => $op) {
+                //Check if the user has the permission set to allow
+                if ($this->inherit($user, $perm_key, $op_key) === true) {
+                    return true;
+                }
+            }
+        }
+
+        return false;
+    }
+
    protected function generatePermissionStructure()
    {
        $cache = new ConfigCache($this->cache_file, $this->kernel_debug_enabled);