mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-07-02 14:34:31 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Added permission to control if a user is allowed to withdraw/add/move parts

Browse source
This commit is contained in:
Jan Böhmer 2023-01-07 21:23:36 +01:00
parent 89a4846259
commit 60d5776cb7
7 changed files with 55 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

3
src/Controller/PartController.php
View file

@ -354,12 +354,15 @@ class PartController extends AbstractController
switch ($action) {
case "withdraw":
case "remove":
$this->denyAccessUnlessGranted('withdraw', $partLot);
$withdrawAddHelper->withdraw($partLot, $amount, $comment);
break;
case "add":
$this->denyAccessUnlessGranted('add', $partLot);
$withdrawAddHelper->add($partLot, $amount, $comment);
break;
case "move":
$this->denyAccessUnlessGranted('move', $partLot);
$withdrawAddHelper->move($partLot, $targetLot, $amount, $comment);
break;
default:

7
src/Security/Voter/PartLotVoter.php
View file

@ -57,7 +57,7 @@ class PartLotVoter extends ExtendedVoter
$this->security = $security;
}
protected const ALLOWED_PERMS = ['read', 'edit', 'create', 'delete', 'show_history', 'revert_element'];
protected const ALLOWED_PERMS = ['read', 'edit', 'create', 'delete', 'show_history', 'revert_element', 'withdraw', 'add', 'move'];
protected function voteOnUser(string $attribute, $subject, User $user): bool
{
@ -65,6 +65,11 @@ class PartLotVoter extends ExtendedVoter
throw new \RuntimeException('This voter can only handle PartLot objects!');
}
if (in_array($attribute, ['withdraw', 'add', 'move']))
{
return $this->resolver->inherit($user, 'parts_stock', $attribute) ?? false;
}
switch ($attribute) {
case 'read':
$operation = 'read';

5
src/Services/UserSystem/PermissionManager.php
View file

@ -77,6 +77,11 @@ class PermissionManager
*/
public function dontInherit(HasPermissionsInterface $user, string $permission, string $operation): ?bool
{
//Check that the permission/operation combination is valid
if (! $this->isValidOperation($permission, $operation)) {
throw new InvalidArgumentException('The permission/operation combination "'.$permission.'/'.$operation.'" is not valid!');
}
//Get the permissions from the user
return $user->getPermissions()->getPermissionValue($permission, $operation);
}

1
src/Services/UserSystem/PermissionPresetsHelper.php
View file

@ -102,6 +102,7 @@ class PermissionPresetsHelper
//Set datastructures
$this->permissionResolver->setAllOperationsOfPermission($permHolder, 'parts', PermissionData::ALLOW);
$this->permissionResolver->setAllOperationsOfPermission($permHolder, 'parts_stock', PermissionData::ALLOW);
$this->permissionResolver->setAllOperationsOfPermission($permHolder, 'categories', PermissionData::ALLOW);
$this->permissionResolver->setAllOperationsOfPermission($permHolder, 'storelocations', PermissionData::ALLOW);
$this->permissionResolver->setAllOperationsOfPermission($permHolder, 'footprints', PermissionData::ALLOW);