mirror of
https://github.com/Part-DB/Part-DB-server.git
synced 2025-06-22 09:53:35 +02:00
If a user can view parts, he is also allowed to view any subsequent datastructures.
Otherwise it is really difficult to implement permission correct part viewing.
This commit is contained in:
Jan Böhmer
parent
41450b8bd3
commit
63a1855eb6
2 changed files with 36 additions and 9 deletions
|
|
@ -20,6 +20,9 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
|
||||||
operations: # Here are all possible operations are listed => the op name is mapped to bit value
|
operations: # Here are all possible operations are listed => the op name is mapped to bit value
|
||||||
read:
|
read:
|
||||||
label: "perm.read"
|
label: "perm.read"
|
||||||
|
# If a part can be read by a user, he can also see all the datastructures (except devices)
|
||||||
|
alsoSet: ['storelocations.read', 'footprints.read', 'categories.read', 'suppliers.read', 'manufacturers.read',
|
||||||
|
'currencies.read', 'attachment_types.read', 'measurement_units.read']
|
||||||
edit:
|
edit:
|
||||||
label: "perm.edit"
|
label: "perm.edit"
|
||||||
alsoSet: 'read'
|
alsoSet: 'read'
|
||||||
|
|
@ -31,8 +34,10 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
|
||||||
alsoSet: ['read', 'edit']
|
alsoSet: ['read', 'edit']
|
||||||
change_favorite:
|
change_favorite:
|
||||||
label: "perm.part.change_favorite"
|
label: "perm.part.change_favorite"
|
||||||
|
alsoSet: ['edit']
|
||||||
show_history:
|
show_history:
|
||||||
label: "perm.part.show_history"
|
label: "perm.part.show_history"
|
||||||
|
alsoSet: ['read']
|
||||||
revert_element:
|
revert_element:
|
||||||
label: "perm.revert_elements"
|
label: "perm.revert_elements"
|
||||||
alsoSet: ["read", "edit", "create", "delete", "show_history"]
|
alsoSet: ["read", "edit", "create", "delete", "show_history"]
|
||||||
|
|
@ -109,6 +114,7 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
|
||||||
label: "perm.tools.lastActivity"
|
label: "perm.tools.lastActivity"
|
||||||
timetravel:
|
timetravel:
|
||||||
label: "perm.tools.timeTravel"
|
label: "perm.tools.timeTravel"
|
||||||
|
alsoSet: 'parts.show_history'
|
||||||
label_scanner:
|
label_scanner:
|
||||||
label: "perm.tools.label_scanner"
|
label: "perm.tools.label_scanner"
|
||||||
reel_calculator:
|
reel_calculator:
|
||||||
|
|
|
||||||
|
|
@ -211,18 +211,39 @@ class PermissionResolver
|
||||||
*/
|
*/
|
||||||
public function ensureCorrectSetOperations(HasPermissionsInterface $user): void
|
public function ensureCorrectSetOperations(HasPermissionsInterface $user): void
|
||||||
{
|
{
|
||||||
//Check for each permission and operation, for an alsoSet attribute
|
//If we have changed anything on the permission structure due to the alsoSet value, this becomes true, so we
|
||||||
foreach ($this->permission_structure['perms'] as $perm_key => $permission) {
|
//redo the whole process, to ensure that all alsoSet values are set recursively.
|
||||||
foreach ($permission['operations'] as $op_key => $op) {
|
$anything_changed = false;
|
||||||
if (!empty($op['alsoSet']) &&
|
|
||||||
true === $this->dontInherit($user, $perm_key, $op_key)) {
|
do {
|
||||||
//Set every op listed in also Set
|
$anything_changed = false; //Reset the variable for the next iteration
|
||||||
foreach ($op['alsoSet'] as $set_also) {
|
|
||||||
$this->setPermission($user, $perm_key, $set_also, true);
|
//Check for each permission and operation, for an alsoSet attribute
|
||||||
|
foreach ($this->permission_structure['perms'] as $perm_key => $permission) {
|
||||||
|
foreach ($permission['operations'] as $op_key => $op) {
|
||||||
|
if (!empty($op['alsoSet']) &&
|
||||||
|
true === $this->dontInherit($user, $perm_key, $op_key)) {
|
||||||
|
//Set every op listed in also Set
|
||||||
|
foreach ($op['alsoSet'] as $set_also) {
|
||||||
|
//If the alsoSet value contains a dot then we set the operation of another permission
|
||||||
|
if (false !== strpos($set_also, '.')) {
|
||||||
|
[$set_perm, $set_op] = explode('.', $set_also);
|
||||||
|
} else {
|
||||||
|
//Else we set the operation of the same permission
|
||||||
|
[$set_perm, $set_op] = [$perm_key, $set_also];
|
||||||
|
}
|
||||||
|
|
||||||
|
//Check if we change the value of the permission
|
||||||
|
if ($this->dontInherit($user, $set_perm, $set_op) !== true) {
|
||||||
|
$this->setPermission($user, $set_perm, $set_op, true);
|
||||||
|
//Mark the change, so we redo the whole process
|
||||||
|
$anything_changed = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
} while($anything_changed);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue