mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-21 01:25:55 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

If a user can view parts, he is also allowed to view any subsequent datastructures.

Browse source 
Otherwise it is really difficult to implement permission correct part viewing.
This commit is contained in:
Jan Böhmer 2022-11-13 18:18:08 +01:00
parent 41450b8bd3
commit 63a1855eb6
2 changed files with 36 additions and 9 deletions
Download patch file Download diff file Expand all files Collapse all files

6
config/permissions.yaml
View file

@ -20,6 +20,9 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
operations: # Here are all possible operations are listed => the op name is mapped to bit value
read:
label: "perm.read"
# If a part can be read by a user, he can also see all the datastructures (except devices)
alsoSet: ['storelocations.read', 'footprints.read', 'categories.read', 'suppliers.read', 'manufacturers.read',
'currencies.read', 'attachment_types.read', 'measurement_units.read']
edit:
label: "perm.edit"
alsoSet: 'read'
@ -31,8 +34,10 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
alsoSet: ['read', 'edit']
change_favorite:
label: "perm.part.change_favorite"
alsoSet: ['edit']
show_history:
label: "perm.part.show_history"
alsoSet: ['read']
revert_element:
label: "perm.revert_elements"
alsoSet: ["read", "edit", "create", "delete", "show_history"]
@ -109,6 +114,7 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
label: "perm.tools.lastActivity"
timetravel:
label: "perm.tools.timeTravel"
alsoSet: 'parts.show_history'
label_scanner:
label: "perm.tools.label_scanner"
reel_calculator:

39
src/Services/PermissionResolver.php
View file

@ -211,18 +211,39 @@ class PermissionResolver
*/
public function ensureCorrectSetOperations(HasPermissionsInterface $user): void
{
//Check for each permission and operation, for an alsoSet attribute
foreach ($this->permission_structure['perms'] as $perm_key => $permission) {
foreach ($permission['operations'] as $op_key => $op) {
if (!empty($op['alsoSet']) &&
true === $this->dontInherit($user, $perm_key, $op_key)) {
//Set every op listed in also Set
foreach ($op['alsoSet'] as $set_also) {
$this->setPermission($user, $perm_key, $set_also, true);
//If we have changed anything on the permission structure due to the alsoSet value, this becomes true, so we
//redo the whole process, to ensure that all alsoSet values are set recursively.
$anything_changed = false;
do {
$anything_changed = false; //Reset the variable for the next iteration
//Check for each permission and operation, for an alsoSet attribute
foreach ($this->permission_structure['perms'] as $perm_key => $permission) {
foreach ($permission['operations'] as $op_key => $op) {
if (!empty($op['alsoSet']) &&
true === $this->dontInherit($user, $perm_key, $op_key)) {
//Set every op listed in also Set
foreach ($op['alsoSet'] as $set_also) {
//If the alsoSet value contains a dot then we set the operation of another permission
if (false !== strpos($set_also, '.')) {
[$set_perm, $set_op] = explode('.', $set_also);
} else {
//Else we set the operation of the same permission
[$set_perm, $set_op] = [$perm_key, $set_also];
}
//Check if we change the value of the permission
if ($this->dontInherit($user, $set_perm, $set_op) !== true) {
$this->setPermission($user, $set_perm, $set_op, true);
//Mark the change, so we redo the whole process
$anything_changed = true;
}
}
}
}
}
}
} while($anything_changed);
}
/**