Added permission system, to control who can edit Twig labels.

2025-06-21 01:25:55 +02:00 · 2020-05-07 22:29:45 +02:00 · 2020-05-07 22:29:45 +02:00 · 1a35adab17
commit 1a35adab17
parent f1a6bc31a1
6 changed files with 41 additions and 8 deletions
--- a/config/permissions.yaml
+++ b/config/permissions.yaml
@ -482,6 +482,9 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
        label: "perm.self.delete_profiles"
        bit: 4
        alsoSet: ['read_profiles', 'edit_profiles', 'create_profiles']
-
+      use_twig:
+        label: "perm.labels.use_twig"
+        bit: 12
+        alsoSet: ['create_labels', 'edit_options']


--- a/src/Controller/AdminPages/BaseAdminController.php
+++ b/src/Controller/AdminPages/BaseAdminController.php
@ -165,11 +165,22 @@ abstract class BaseAdminController extends AbstractController
            $table = null;
        }

-        $form = $this->createForm($this->form_class, $entity, [
+        $form_options =  [
            'attachment_class' => $this->attachment_class,
            'parameter_class' => $this->parameter_class,
            'disabled' => null !== $timeTravel_timestamp ? true : null,
-        ]);
+        ];
+
+        //Disable editing of options, if user is not allowed to use twig...
+        if (
+            $entity instanceof LabelProfile
+            && $entity->getOptions()->getLinesMode() === 'twig'
+            && !$this->isGranted('@labels.use_twig')
+        ) {
+            $form_options['disable_options'] = true;
+        }
+
+        $form = $this->createForm($this->form_class, $entity, $form_options);

        $form->handleRequest($request);
        if ($form->isSubmitted() && $form->isValid()) {
--- a/src/Controller/LabelController.php
+++ b/src/Controller/LabelController.php
@ -87,7 +87,12 @@ class LabelController extends AbstractController
            $label_options = new LabelOptions();
        }

-        $form = $this->createForm(LabelDialogType::class);
+        //We have to disable the options, if twig mode is selected and user is not allowed to use it.
+        $disable_options = $label_options->getLinesMode() === 'twig' && !$this->isGranted("@labels.use_twig");
+
+        $form = $this->createForm(LabelDialogType::class, null, [
+            'disable_options' => $disable_options,
+        ]);

        //Try to parse given target_type and target_id
        $target_type = $request->query->get('target_type', null);
--- a/src/Form/AdminPages/LabelProfileAdminForm.php
+++ b/src/Form/AdminPages/LabelProfileAdminForm.php
@ -40,12 +40,16 @@ class LabelProfileAdminForm extends BaseEntityAdminForm
                'class' => 'checkbox-custom',
            ],
        ]);
-        $builder->add('options', LabelOptionsType::class);
+        $builder->add('options', LabelOptionsType::class, [
+            'label' => false,
+            'disabled' => $options['disable_options'],
+        ]);
    }

    public function configureOptions(OptionsResolver $resolver): void
    {
        parent::configureOptions($resolver);
        $resolver->setDefault('data_class', LabelProfile::class);
+        $resolver->setDefault('disable_options', false);
    }
 }
--- a/src/Form/LabelOptionsType.php
+++ b/src/Form/LabelOptionsType.php
@ -29,9 +29,17 @@ use Symfony\Component\Form\Extension\Core\Type\NumberType;
 use Symfony\Component\Form\Extension\Core\Type\TextareaType;
 use Symfony\Component\Form\FormBuilderInterface;
 use Symfony\Component\OptionsResolver\OptionsResolver;
+use Symfony\Component\Security\Core\Security;

 class LabelOptionsType extends AbstractType
 {
+    private $security;
+
+    public function __construct(Security $security)
+    {
+        $this->security = $security;
+    }
+
    public function buildForm(FormBuilderInterface $builder, array $options)
    {
        $builder->add('width', NumberType::class, [
@ -120,7 +128,8 @@ class LabelOptionsType extends AbstractType
            ],
            'label_attr' => [
                'class' => 'radio-custom radio-inline'
-            ]
+            ],
+            'disabled' => !$this->security->isGranted('@labels.use_twig')
        ]);
    }

--- a/src/Form/LabelSystem/LabelDialogType.php
+++ b/src/Form/LabelSystem/LabelDialogType.php
@ -53,7 +53,7 @@ class LabelDialogType extends AbstractType

        $builder->add('options', LabelOptionsType::class, [
            'label' => false,
-            'disabled' => !$this->security->isGranted('@labels.edit_options'),
+            'disabled' => !$this->security->isGranted('@labels.edit_options') || $options['disable_options'],

        ]);
        $builder->add('update', SubmitType::class, [
@ -64,6 +64,7 @@ class LabelDialogType extends AbstractType
    public function configureOptions(OptionsResolver $resolver)
    {
        parent::configureOptions($resolver);
-        $resolver->setDefault('mapped', 'false');
+        $resolver->setDefault('mapped', false);
+        $resolver->setDefault('disable_options', false);
    }
 }