diff --git a/config/permissions.yaml b/config/permissions.yaml
index b8970556..e5a1d65b 100644
--- a/config/permissions.yaml
+++ b/config/permissions.yaml
@@ -265,17 +265,13 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
# label: "perm.database.write_db_settings"
# alsoSet: ['read_db_settings', 'see_status']
- #config:
- # label: "perm.config"
- # group: "system"
- # operations:
- # read_config:
- # label: "perm.config.read_config"
- # edit_config:
- # label: "perm.config.edit_config"
- # alsoSet: 'read_config'
- # server_info:
- # label: "perm.config.server_info"
+ config:
+ label: "perm.config"
+ group: "system"
+ operations:
+ change_system_settings:
+ label: "perm.config.change_system_settings"
+ apiTokenRole: ROLE_API_ADMIN
system:
label: "perm.system"
diff --git a/src/Controller/SettingsController.php b/src/Controller/SettingsController.php
index 3b0eb15c..1da8a443 100644
--- a/src/Controller/SettingsController.php
+++ b/src/Controller/SettingsController.php
@@ -40,6 +40,8 @@ class SettingsController extends AbstractController
#[Route("/settings", name: "system_settings")]
public function systemSettings(Request $request, TagAwareCacheInterface $cache): Response
{
+ $this->denyAccessUnlessGranted('@config.change_system_settings');
+
//Create a clone of the settings object
$settings = $this->settingsManager->createTemporaryCopy(AppSettings::class);
@@ -62,9 +64,6 @@ class SettingsController extends AbstractController
$cache->invalidateTags(['tree_treeview', 'sidebar_tree_update']);
}
-
-
-
//Render the form
return $this->render('settings/settings.html.twig', [
'form' => $form
diff --git a/src/Services/Trees/ToolsTreeBuilder.php b/src/Services/Trees/ToolsTreeBuilder.php
index 18571306..f7a9d1c4 100644
--- a/src/Services/Trees/ToolsTreeBuilder.php
+++ b/src/Services/Trees/ToolsTreeBuilder.php
@@ -289,6 +289,13 @@ class ToolsTreeBuilder
))->setIcon('fa-fw fa-treeview fa-solid fa-database');
}
+ if ($this->security->isGranted('@config.change_system_settings')) {
+ $nodes[] = (new TreeViewNode(
+ $this->translator->trans('tree.tools.system.settings'),
+ $this->urlGenerator->generate('system_settings')
+ ))->setIcon('fa fa-fw fa-gears fa-solid');
+ }
+
return $nodes;
}
}
diff --git a/src/Services/UserSystem/PermissionPresetsHelper.php b/src/Services/UserSystem/PermissionPresetsHelper.php
index eeb80f61..554da8b3 100644
--- a/src/Services/UserSystem/PermissionPresetsHelper.php
+++ b/src/Services/UserSystem/PermissionPresetsHelper.php
@@ -105,6 +105,9 @@ class PermissionPresetsHelper
$this->permissionResolver->setAllOperationsOfPermission($perm_holder, 'suppliers', PermissionData::ALLOW);
$this->permissionResolver->setAllOperationsOfPermission($perm_holder, 'projects', PermissionData::ALLOW);
+ //Allow to change system settings
+ $this->permissionResolver->setPermission($perm_holder, 'config', 'change_system_settings', PermissionData::ALLOW);
+
//Allow to manage Oauth tokens
$this->permissionResolver->setPermission($perm_holder, 'system', 'manage_oauth_tokens', PermissionData::ALLOW);
//Allow to show updates
diff --git a/translations/messages.en.xlf b/translations/messages.en.xlf
index 74df5301..3f0387df 100644
--- a/translations/messages.en.xlf
+++ b/translations/messages.en.xlf
@@ -13012,5 +13012,17 @@ Please note, that you can not impersonate a disabled user. If you try you will g
Show the image overlay with attachment details on hovering over the part image gallery.
+
+
+ perm.config.change_system_settings
+ Change system settings
+
+
+
+
+ tree.tools.system.settings
+ System settings
+
+