Added permission to control if a user is allowed to withdraw/add/move parts

2025-06-21 09:35:49 +02:00 · 2023-01-07 21:23:36 +01:00 · 2023-01-07 21:23:36 +01:00 · 60d5776cb7
commit 60d5776cb7
parent 89a4846259
7 changed files with 55 additions and 5 deletions
--- a/config/permissions.yaml
+++ b/config/permissions.yaml
@ -27,7 +27,7 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
                  'currencies.read', 'attachment_types.read', 'measurement_units.read']
      edit:
        label: "perm.edit"
-        alsoSet: 'read'
+        alsoSet: ['read', 'parts_stock.withdraw', 'parts_stock.add', 'parts_stock.move']
      create:
        label: "perm.create"
        alsoSet: ['read', 'edit']
@ -44,6 +44,18 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
        label: "perm.revert_elements"
        alsoSet: ["read", "edit", "create", "delete", "show_history"]

+  parts_stock:
+    group: "data"
+    label: "perm.parts_stock"
+    operations:
+      withdraw:
+        label: "perm.parts_stock.withdraw"
+      add:
+        label: "perm.parts_stock.add"
+      move:
+        label: "perm.parts_stock.move"
+
+
  storelocations: &PART_CONTAINING
    label: "perm.storelocations"
    group: "data"
--- a/src/Controller/PartController.php
+++ b/src/Controller/PartController.php
@ -354,12 +354,15 @@ class PartController extends AbstractController
            switch ($action) {
                case "withdraw":
                case "remove":
+                    $this->denyAccessUnlessGranted('withdraw', $partLot);
                    $withdrawAddHelper->withdraw($partLot, $amount, $comment);
                    break;
                case "add":
+                    $this->denyAccessUnlessGranted('add', $partLot);
                    $withdrawAddHelper->add($partLot, $amount, $comment);
                    break;
                case "move":
+                    $this->denyAccessUnlessGranted('move', $partLot);
                    $withdrawAddHelper->move($partLot, $targetLot, $amount, $comment);
                    break;
                default:
--- a/src/Security/Voter/PartLotVoter.php
+++ b/src/Security/Voter/PartLotVoter.php
@ -57,7 +57,7 @@ class PartLotVoter extends ExtendedVoter
        $this->security = $security;
    }

-    protected const ALLOWED_PERMS = ['read', 'edit', 'create', 'delete', 'show_history', 'revert_element'];
+    protected const ALLOWED_PERMS = ['read', 'edit', 'create', 'delete', 'show_history', 'revert_element', 'withdraw', 'add', 'move'];

    protected function voteOnUser(string $attribute, $subject, User $user): bool
    {
@ -65,6 +65,11 @@ class PartLotVoter extends ExtendedVoter
            throw new \RuntimeException('This voter can only handle PartLot objects!');
        }

+        if (in_array($attribute, ['withdraw', 'add', 'move']))
+        {
+            return $this->resolver->inherit($user, 'parts_stock', $attribute) ?? false;
+        }
+
        switch ($attribute) {
            case 'read':
                $operation = 'read';
--- a/src/Services/UserSystem/PermissionManager.php
+++ b/src/Services/UserSystem/PermissionManager.php
@ -77,6 +77,11 @@ class PermissionManager
     */
    public function dontInherit(HasPermissionsInterface $user, string $permission, string $operation): ?bool
    {
+        //Check that the permission/operation combination is valid
+        if (! $this->isValidOperation($permission, $operation)) {
+            throw new InvalidArgumentException('The permission/operation combination "'.$permission.'/'.$operation.'" is not valid!');
+        }
+
        //Get the permissions from the user
        return $user->getPermissions()->getPermissionValue($permission, $operation);
    }
--- a/src/Services/UserSystem/PermissionPresetsHelper.php
+++ b/src/Services/UserSystem/PermissionPresetsHelper.php
@ -102,6 +102,7 @@ class PermissionPresetsHelper

        //Set datastructures
        $this->permissionResolver->setAllOperationsOfPermission($permHolder, 'parts', PermissionData::ALLOW);
+        $this->permissionResolver->setAllOperationsOfPermission($permHolder, 'parts_stock', PermissionData::ALLOW);
        $this->permissionResolver->setAllOperationsOfPermission($permHolder, 'categories', PermissionData::ALLOW);
        $this->permissionResolver->setAllOperationsOfPermission($permHolder, 'storelocations', PermissionData::ALLOW);
        $this->permissionResolver->setAllOperationsOfPermission($permHolder, 'footprints', PermissionData::ALLOW);
--- a/templates/Parts/info/_part_lots.html.twig
+++ b/templates/Parts/info/_part_lots.html.twig
@ -65,21 +65,21 @@
                    <button type="button" class="btn btn-outline-primary" data-bs-toggle="modal" data-bs-target="#withdraw-modal"
                            data-action="withdraw" data-lot-id="{{ lot.id }}" data-lot-amount="{{ lot.amount }}"
                            title="{% trans %}part.info.withdraw_modal.title.withdraw{% endtrans %}"
-                            {% if not withdraw_add_helper.canWithdraw(lot) %}disabled{% endif %}
+                            {% if not is_granted('withdraw', lot) or not withdraw_add_helper.canWithdraw(lot) %}disabled{% endif %}
                    >
                        <i class="fa-solid fa-minus fa-fw"></i>
                    </button>
                    <button type="button" class="btn btn-outline-primary" data-bs-toggle="modal" data-bs-target="#withdraw-modal"
                            data-action="add" data-lot-id="{{ lot.id }}" data-lot-amount="{{ lot.amount }}"
                            title="{% trans %}part.info.withdraw_modal.title.add{% endtrans %}"
-                            {% if not withdraw_add_helper.canAdd(lot) %}disabled{% endif %}
+                            {% if not is_granted('add', lot) or not withdraw_add_helper.canAdd(lot) %}disabled{% endif %}
                    >
                        <i class="fa-solid fa-plus fa-fw"></i>
                    </button>
                    <button type="button" class="btn btn-outline-primary" data-bs-toggle="modal" data-bs-target="#withdraw-modal"
                            data-action="move" data-lot-id="{{ lot.id }}" data-lot-amount="{{ lot.amount }}"
                            title="{% trans %}part.info.withdraw_modal.title.move{% endtrans %}"
-                            {% if not withdraw_add_helper.canWithdraw(lot) or part.partLots.count == 1 %}disabled{% endif %}
+                            {% if not is_granted('move', lot) or not withdraw_add_helper.canWithdraw(lot) or part.partLots.count == 1 %}disabled{% endif %}
                    >
                        <i class="fa-solid fa-right-left fa-fw"></i>
                    </button>
--- a/translations/messages.en.xlf
+++ b/translations/messages.en.xlf
@ -10193,5 +10193,29 @@ Element 3</target>
        <target>Added/Moved/Withdrawn parts successfully.</target>
      </segment>
    </unit>
+    <unit id="oghrs8X" name="perm.parts_stock">
+      <segment>
+        <source>perm.parts_stock</source>
+        <target>Parts Stock</target>
+      </segment>
+    </unit>
+    <unit id="YjbdSVx" name="perm.parts_stock.withdraw">
+      <segment>
+        <source>perm.parts_stock.withdraw</source>
+        <target>Withdraw parts from stock</target>
+      </segment>
+    </unit>
+    <unit id="P4saY9b" name="perm.parts_stock.add">
+      <segment>
+        <source>perm.parts_stock.add</source>
+        <target>Add parts to stock</target>
+      </segment>
+    </unit>
+    <unit id="JR4LXfJ" name="perm.parts_stock.move">
+      <segment>
+        <source>perm.parts_stock.move</source>
+        <target>Move parts between lots</target>
+      </segment>
+    </unit>
  </file>
 </xliff>