mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-07-02 06:24:34 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Save permissions as JSON in user/group entities.

Browse source
This commit is contained in:
Jan Böhmer 2022-10-30 21:51:24 +01:00
parent 33f8d2ba9e
commit 687ee80255
9 changed files with 316 additions and 40 deletions
Download patch file Download diff file Expand all files Collapse all files

17
src/Entity/UserSystem/Group.php
View file

@ -95,11 +95,17 @@ class Group extends AbstractStructuralDBElement implements HasPermissionsInterfa
*/
protected $attachments;
/**
* @var PermissionData
* @ORM\Column(type="permission_data", nullable=false, name="permissions")
*/
protected PermissionData $permissions;
/** @var PermissionsEmbed
* @ORM\Embedded(class="PermissionsEmbed", columnPrefix="perms_")
* @ValidPermission()
*/
protected $permissions;
protected $permissions_old;
/** @var Collection<int, GroupParameter>
* @ORM\OneToMany(targetEntity="App\Entity\Parameters\GroupParameter", mappedBy="element", cascade={"persist", "remove"}, orphanRemoval=true)
@ -111,7 +117,8 @@ class Group extends AbstractStructuralDBElement implements HasPermissionsInterfa
public function __construct()
{
parent::__construct();
$this->permissions = new PermissionsEmbed();
$this->permissions = new PermissionData();
$this->permissions_old = new PermissionsEmbed();
$this->users = new ArrayCollection();
}
@ -137,8 +144,12 @@ class Group extends AbstractStructuralDBElement implements HasPermissionsInterfa
return $this;
}
public function getPermissions(): PermissionsEmbed
public function getPermissions(): PermissionData
{
if (!isset($this->permissions)) {
$this->permissions = new PermissionData();
}
return $this->permissions;
}

116
src/Entity/UserSystem/PermissionData.php Normal file
View file

@ -0,0 +1,116 @@
<?php
namespace App\Entity\UserSystem;
final class PermissionData implements \JsonSerializable
{
/**
* Permission values.
*/
public const INHERIT = null;
public const ALLOW = true;
public const DISALLOW = false;
/**
* @var array This array contains the permission values for each permission
* This array contains the permission values for each permission, in the form of:
* permission => [
* operation => value,
* ]
*/
protected array $data = [];
/**
* Creates a new Permission Data Instance using the given data.
* By default, a empty array is used, meaning
*/
public function __construct(array $data = [])
{
$this->data = $data;
}
/**
* Check if a permission value is set for the given permission and operation (meaning there value is not inherit).
* @param string $permission
* @param string $operation
* @return bool True if the permission value is set, false otherwise
*/
public function isPermissionSet(string $permission, string $operation): bool
{
return isset($this->data[$permission][$operation]);
}
/**
* Returns the permission value for the given permission and operation.
* @param string $permission
* @param string $operation
* @return bool|null True means allow, false means disallow, null means inherit
*/
public function getPermissionValue(string $permission, string $operation): ?bool
{
if ($this->isPermissionSet($permission, $operation)) {
return $this->data[$permission][$operation];
}
//If the value is not set explicitly, return null (meaning inherit)
return null;
}
/**
* Sets the permission value for the given permission and operation.
* @param string $permission
* @param string $operation
* @param bool|null $value
* @return $this
*/
public function setPermissionValue(string $permission, string $operation, ?bool $value): self
{
if ($value === null) {
//If the value is null, unset the permission value (meaning implicit inherit)
unset($this->data[$permission][$operation]);
} else {
//Otherwise, set the pemission value
if(!isset($this->data[$permission])) {
$this->data[$permission] = [];
}
$this->data[$permission][$operation] = $value;
}
return $this;
}
/**
* Creates a new Permission Data Instance using the given JSON encoded data
* @param string $json
* @return static
* @throws \JsonException
*/
public static function fromJSON(string $json): self
{
$data = json_decode($json, true, 512, JSON_THROW_ON_ERROR);
return new self($data);
}
/**
* Returns an JSON encodable representation of this object.
* @return array|mixed
*/
public function jsonSerialize()
{
$ret = [];
//Filter out all empty or null values
foreach ($this->data as $permission => $operations) {
$ret[$permission] = array_filter($operations, function ($value) {
return $value !== null;
});
//If the permission has no operations, unset it
if (empty($ret[$permission])) {
unset($ret[$permission]);
}
}
return $ret;
}
}

16
src/Entity/UserSystem/User.php
View file

@ -265,11 +265,17 @@ class User extends AttachmentContainingDBElement implements UserInterface, HasPe
*/
protected $currency;
/**
* @var PermissionData
* @ORM\Column(type="permission_data", nullable=false, name="permissions")
*/
protected PermissionData $permissions;
/** @var PermissionsEmbed
* @ORM\Embedded(class="PermissionsEmbed", columnPrefix="perms_")
* @ValidPermission()
*/
protected $permissions;
protected $permissions_old;
/**
* @var DateTime the time until the password reset token is valid
@ -280,7 +286,7 @@ class User extends AttachmentContainingDBElement implements UserInterface, HasPe
public function __construct()
{
parent::__construct();
$this->permissions = new PermissionsEmbed();
$this->permissions = new PermissionData();
$this->u2fKeys = new ArrayCollection();
$this->webauthn_keys = new ArrayCollection();
}
@ -427,8 +433,12 @@ class User extends AttachmentContainingDBElement implements UserInterface, HasPe
return $this;
}
public function getPermissions(): PermissionsEmbed
public function getPermissions(): PermissionData
{
if (!isset($this->permissions)) {
$this->permissions = new PermissionData();
}
return $this->permissions;
}