mirror of
https://github.com/Part-DB/Part-DB-server.git
synced 2025-06-24 18:58:46 +02:00
Added various useful presets for permissions
This commit is contained in:
Jan Böhmer
parent
5829d42968
commit
1de88e0494
13 changed files with 369 additions and 231 deletions
143
src/Services/UserSystem/PermissionPresetsHelper.php
Normal file
143
src/Services/UserSystem/PermissionPresetsHelper.php
Normal file
|
|
@ -0,0 +1,143 @@
|
|||
<?php
|
||||
|
||||
namespace App\Services\UserSystem;
|
||||
|
||||
use App\Entity\UserSystem\PermissionData;
|
||||
use App\Entity\UserSystem\User;
|
||||
use App\Security\Interfaces\HasPermissionsInterface;
|
||||
use App\Services\PermissionResolver;
|
||||
|
||||
class PermissionPresetsHelper
|
||||
{
|
||||
private PermissionResolver $permissionResolver;
|
||||
|
||||
public function __construct(PermissionResolver $permissionResolver)
|
||||
{
|
||||
$this->permissionResolver = $permissionResolver;
|
||||
}
|
||||
|
||||
/**
|
||||
* Apply the given preset to the permission holding entity (like a user)
|
||||
* The permission data will be reset during the process and then the preset will be applied.
|
||||
*
|
||||
* @param
|
||||
* @param string $preset_name The name of the preset to use
|
||||
* @return PermissionData
|
||||
*/
|
||||
public function applyPreset(HasPermissionsInterface $perm_holder, string $preset_name): HasPermissionsInterface
|
||||
{
|
||||
//We need to reset the permission data first (afterwards all values are inherit)
|
||||
$perm_holder->getPermissions()->resetPermissions();
|
||||
|
||||
switch($preset_name) {
|
||||
case 'all_inherit':
|
||||
//Do nothing, all values are inherit after reset
|
||||
break;
|
||||
case 'all_forbid':
|
||||
$this->allForbid($perm_holder);
|
||||
break;
|
||||
case 'all_allow':
|
||||
$this->allAllow($perm_holder);
|
||||
break;
|
||||
case 'read_only':
|
||||
$this->readOnly($perm_holder);
|
||||
break;
|
||||
case 'editor':
|
||||
$this->editor($perm_holder);
|
||||
break;
|
||||
case 'admin':
|
||||
$this->admin($perm_holder);
|
||||
break;
|
||||
|
||||
default:
|
||||
throw new \InvalidArgumentException('Unknown permission preset name: '.$preset_name);
|
||||
}
|
||||
|
||||
//Ensure that permissions are valid (alsoSet values are set), this allows us to use the permission inheritance system to keep the presets short
|
||||
$this->permissionResolver->ensureCorrectSetOperations($perm_holder);
|
||||
|
||||
return $perm_holder;
|
||||
}
|
||||
|
||||
private function admin(HasPermissionsInterface $perm_holder): void
|
||||
{
|
||||
//Apply everything from editor permission
|
||||
$this->editor($perm_holder);
|
||||
|
||||
//Allow user and group access
|
||||
$this->permissionResolver->setAllOperationsOfPermission($perm_holder, 'users', PermissionData::ALLOW);
|
||||
$this->permissionResolver->setAllOperationsOfPermission($perm_holder, 'groups', PermissionData::ALLOW);
|
||||
|
||||
//Allow access to system log and server infos
|
||||
$this->permissionResolver->setPermission($perm_holder, 'system', 'show_logs', PermissionData::ALLOW);
|
||||
$this->permissionResolver->setPermission($perm_holder, 'system', 'server_infos', PermissionData::ALLOW);
|
||||
}
|
||||
|
||||
private function editor(HasPermissionsInterface $permHolder): HasPermissionsInterface
|
||||
{
|
||||
//Apply everything from read-only
|
||||
$this->readOnly($permHolder);
|
||||
|
||||
//Set datastructures
|
||||
$this->permissionResolver->setAllOperationsOfPermission($permHolder, 'parts', PermissionData::ALLOW);
|
||||
$this->permissionResolver->setAllOperationsOfPermission($permHolder, 'categories', PermissionData::ALLOW);
|
||||
$this->permissionResolver->setAllOperationsOfPermission($permHolder, 'storelocations', PermissionData::ALLOW);
|
||||
$this->permissionResolver->setAllOperationsOfPermission($permHolder, 'footprints', PermissionData::ALLOW);
|
||||
$this->permissionResolver->setAllOperationsOfPermission($permHolder, 'manufacturers', PermissionData::ALLOW);
|
||||
$this->permissionResolver->setAllOperationsOfPermission($permHolder, 'attachment_types', PermissionData::ALLOW);
|
||||
$this->permissionResolver->setAllOperationsOfPermission($permHolder, 'currencies', PermissionData::ALLOW);
|
||||
$this->permissionResolver->setAllOperationsOfPermission($permHolder, 'measurement_units', PermissionData::ALLOW);
|
||||
$this->permissionResolver->setAllOperationsOfPermission($permHolder, 'suppliers', PermissionData::ALLOW);
|
||||
|
||||
//Attachments permissions
|
||||
$this->permissionResolver->setPermission($permHolder, 'attachments', 'show_private', PermissionData::ALLOW);
|
||||
|
||||
//Labels permissions (allow all except use twig)
|
||||
$this->permissionResolver->setAllOperationsOfPermission($permHolder, 'labels', PermissionData::ALLOW);
|
||||
$this->permissionResolver->setPermission($permHolder,'labels', 'use_twig', PermissionData::INHERIT);
|
||||
|
||||
//Self permissions
|
||||
$this->permissionResolver->setPermission($permHolder, 'self', 'edit_infos', PermissionData::ALLOW);
|
||||
|
||||
//Various other permissions
|
||||
$this->permissionResolver->setPermission($permHolder, 'tools', 'lastActivity', PermissionData::ALLOW);
|
||||
|
||||
|
||||
return $permHolder;
|
||||
}
|
||||
|
||||
private function readOnly(HasPermissionsInterface $perm_holder): HasPermissionsInterface
|
||||
{
|
||||
//It is sufficient to only set the read operation to allow, read operations for datastructures are inherited
|
||||
$this->permissionResolver->setPermission($perm_holder, 'parts', 'read', PermissionData::ALLOW);
|
||||
|
||||
//Set tools permissions
|
||||
$this->permissionResolver->setPermission($perm_holder, 'tools', 'statistics', PermissionData::ALLOW);
|
||||
$this->permissionResolver->setPermission($perm_holder, 'tools', 'label_scanner', PermissionData::ALLOW);
|
||||
$this->permissionResolver->setPermission($perm_holder, 'tools', 'reel_calculator', PermissionData::ALLOW);
|
||||
|
||||
//Set attachments permissions
|
||||
$this->permissionResolver->setPermission($perm_holder, 'attachments', 'list_attachments', PermissionData::ALLOW);
|
||||
|
||||
//Set user (self) permissions
|
||||
$this->permissionResolver->setPermission($perm_holder, 'self', 'show_permissions', PermissionData::ALLOW);
|
||||
|
||||
//Label permissions
|
||||
$this->permissionResolver->setPermission($perm_holder, 'labels', 'create_labels', PermissionData::ALLOW);
|
||||
$this->permissionResolver->setPermission($perm_holder, 'labels', 'edit_options', PermissionData::ALLOW);
|
||||
|
||||
return $perm_holder;
|
||||
}
|
||||
|
||||
private function AllForbid(HasPermissionsInterface $perm_holder): HasPermissionsInterface
|
||||
{
|
||||
$this->permissionResolver->setAllPermissions($perm_holder, PermissionData::DISALLOW);
|
||||
return $perm_holder;
|
||||
}
|
||||
|
||||
private function AllAllow(HasPermissionsInterface $perm_holder): HasPermissionsInterface
|
||||
{
|
||||
$this->permissionResolver->setAllPermissions($perm_holder, PermissionData::ALLOW);
|
||||
return $perm_holder;
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue