Check for permissions to access settings menu and added settings menu to sidebar menu

2025-07-12 11:24:31 +02:00 · 2025-07-06 22:29:35 +02:00 · 2025-07-06 22:29:35 +02:00 · 38c826713f
commit 38c826713f
parent b9c3358f7f
5 changed files with 31 additions and 14 deletions
--- a/config/permissions.yaml
+++ b/config/permissions.yaml
@ -265,17 +265,13 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
  #      label: "perm.database.write_db_settings"
  #      alsoSet: ['read_db_settings', 'see_status']
-  #config:
+  config:
-  #  label: "perm.config"
+    label: "perm.config"
-  #  group: "system"
+    group: "system"
-  #  operations:
+    operations:
-  #    read_config:
+      change_system_settings:
-  #      label: "perm.config.read_config"
+        label: "perm.config.change_system_settings"
-  #    edit_config:
+        apiTokenRole: ROLE_API_ADMIN
  #      label: "perm.config.edit_config"
  #      alsoSet: 'read_config'
  #    server_info:
  #      label: "perm.config.server_info"
  system:
    label: "perm.system"
--- a/src/Controller/SettingsController.php
+++ b/src/Controller/SettingsController.php
@ -40,6 +40,8 @@ class SettingsController extends AbstractController
    #[Route("/settings", name: "system_settings")]
    public function systemSettings(Request $request, TagAwareCacheInterface $cache): Response
    {
        $this->denyAccessUnlessGranted('@config.change_system_settings');
        //Create a clone of the settings object
        $settings = $this->settingsManager->createTemporaryCopy(AppSettings::class);
@ -62,9 +64,6 @@ class SettingsController extends AbstractController
            $cache->invalidateTags(['tree_treeview', 'sidebar_tree_update']);
        }
        //Render the form
        return $this->render('settings/settings.html.twig', [
            'form' => $form
--- a/src/Services/Trees/ToolsTreeBuilder.php
+++ b/src/Services/Trees/ToolsTreeBuilder.php
@ -289,6 +289,13 @@ class ToolsTreeBuilder
            ))->setIcon('fa-fw fa-treeview fa-solid fa-database');
        }
        if ($this->security->isGranted('@config.change_system_settings')) {
            $nodes[] = (new TreeViewNode(
                $this->translator->trans('tree.tools.system.settings'),
                $this->urlGenerator->generate('system_settings')
            ))->setIcon('fa fa-fw fa-gears fa-solid');
        }
        return $nodes;
    }
 }
--- a/src/Services/UserSystem/PermissionPresetsHelper.php
+++ b/src/Services/UserSystem/PermissionPresetsHelper.php
@ -105,6 +105,9 @@ class PermissionPresetsHelper
        $this->permissionResolver->setAllOperationsOfPermission($perm_holder, 'suppliers', PermissionData::ALLOW);
        $this->permissionResolver->setAllOperationsOfPermission($perm_holder, 'projects', PermissionData::ALLOW);
        //Allow to change system settings
        $this->permissionResolver->setPermission($perm_holder, 'config', 'change_system_settings', PermissionData::ALLOW);
        //Allow to manage Oauth tokens
        $this->permissionResolver->setPermission($perm_holder, 'system', 'manage_oauth_tokens', PermissionData::ALLOW);
        //Allow to show updates
--- a/translations/messages.en.xlf
+++ b/translations/messages.en.xlf
@ -13012,5 +13012,17 @@ Please note, that you can not impersonate a disabled user. If you try you will g
        <target>Show the image overlay with attachment details on hovering over the part image gallery.</target>
      </segment>
    </unit>
    <unit id="ALfPkeR" name="perm.config.change_system_settings">
      <segment>
        <source>perm.config.change_system_settings</source>
        <target>Change system settings</target>
      </segment>
    </unit>
    <unit id="TlHeIjk" name="tree.tools.system.settings">
      <segment>
        <source>tree.tools.system.settings</source>
        <target>System settings</target>
      </segment>
    </unit>
  </file>
 </xliff>