diff --git a/config/permissions.yaml b/config/permissions.yaml index b13eefb4..ce5efbc6 100644 --- a/config/permissions.yaml +++ b/config/permissions.yaml @@ -20,6 +20,9 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co operations: # Here are all possible operations are listed => the op name is mapped to bit value read: label: "perm.read" + # If a part can be read by a user, he can also see all the datastructures (except devices) + alsoSet: ['storelocations.read', 'footprints.read', 'categories.read', 'suppliers.read', 'manufacturers.read', + 'currencies.read', 'attachment_types.read', 'measurement_units.read'] edit: label: "perm.edit" alsoSet: 'read' @@ -31,8 +34,10 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co alsoSet: ['read', 'edit'] change_favorite: label: "perm.part.change_favorite" + alsoSet: ['edit'] show_history: label: "perm.part.show_history" + alsoSet: ['read'] revert_element: label: "perm.revert_elements" alsoSet: ["read", "edit", "create", "delete", "show_history"] @@ -109,6 +114,7 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co label: "perm.tools.lastActivity" timetravel: label: "perm.tools.timeTravel" + alsoSet: 'parts.show_history' label_scanner: label: "perm.tools.label_scanner" reel_calculator: diff --git a/src/Services/PermissionResolver.php b/src/Services/PermissionResolver.php index e1fbd8e0..ca885008 100644 --- a/src/Services/PermissionResolver.php +++ b/src/Services/PermissionResolver.php @@ -211,18 +211,39 @@ class PermissionResolver */ public function ensureCorrectSetOperations(HasPermissionsInterface $user): void { - //Check for each permission and operation, for an alsoSet attribute - foreach ($this->permission_structure['perms'] as $perm_key => $permission) { - foreach ($permission['operations'] as $op_key => $op) { - if (!empty($op['alsoSet']) && - true === $this->dontInherit($user, $perm_key, $op_key)) { - //Set every op listed in also Set - foreach ($op['alsoSet'] as $set_also) { - $this->setPermission($user, $perm_key, $set_also, true); + //If we have changed anything on the permission structure due to the alsoSet value, this becomes true, so we + //redo the whole process, to ensure that all alsoSet values are set recursively. + $anything_changed = false; + + do { + $anything_changed = false; //Reset the variable for the next iteration + + //Check for each permission and operation, for an alsoSet attribute + foreach ($this->permission_structure['perms'] as $perm_key => $permission) { + foreach ($permission['operations'] as $op_key => $op) { + if (!empty($op['alsoSet']) && + true === $this->dontInherit($user, $perm_key, $op_key)) { + //Set every op listed in also Set + foreach ($op['alsoSet'] as $set_also) { + //If the alsoSet value contains a dot then we set the operation of another permission + if (false !== strpos($set_also, '.')) { + [$set_perm, $set_op] = explode('.', $set_also); + } else { + //Else we set the operation of the same permission + [$set_perm, $set_op] = [$perm_key, $set_also]; + } + + //Check if we change the value of the permission + if ($this->dontInherit($user, $set_perm, $set_op) !== true) { + $this->setPermission($user, $set_perm, $set_op, true); + //Mark the change, so we redo the whole process + $anything_changed = true; + } + } } } } - } + } while($anything_changed); } /**