mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-07-14 04:14:36 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Allow to change the permissions for users.

Browse source
This commit is contained in:
Jan Böhmer 2019-09-10 17:12:56 +02:00
parent 8e61b06abc
commit 7390f2eccd
18 changed files with 933 additions and 8 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/Configuration/PermissionsConfiguration.php
View file

@ -44,11 +44,18 @@ class PermissionsConfiguration implements ConfigurationInterface
$treeBuilder = new TreeBuilder('permissions');
$rootNode = $treeBuilder->root('permissions');
$rootNode->children()
->arrayNode('groups')
->arrayPrototype()
->children()
->scalarNode('label')->end();
$rootNode->children()
->arrayNode('perms')
->arrayPrototype()
->children()
->scalarNode('label')->end()
->scalarNode('group')->end()
->arrayNode('operations')
->arrayPrototype()
->children()

6
src/Entity/UserSystem/Group.php
View file

@ -64,6 +64,12 @@ class Group extends StructuralDBElement implements HasPermissionsInterface
*/
protected $permissions;
public function __construct()
{
parent::__construct();
$this->permissions = new PermissionsEmbed();
}
/**
* Returns the ID as an string, defined by the element class.
* This should have a form like P000014, for a part with ID 14.

5
src/Entity/UserSystem/User.php
View file

@ -186,6 +186,11 @@ class User extends NamedDBElement implements UserInterface, HasPermissionsInterf
*/
protected $instock_comment_a;
public function __construct()
{
$this->permissions = new PermissionsEmbed();
}
/**
* Checks if the current user, is the user which represents the not logged in (anonymous) users.
*

95
src/Form/Permissions/PermissionGroupType.php Normal file
View file

@ -0,0 +1,95 @@
<?php
/**
*
* part-db version 0.1
* Copyright (C) 2005 Christoph Lechner
* http://www.cl-projects.de/
*
* part-db version 0.2+
* Copyright (C) 2009 K. Jacobs and others (see authors.php)
* http://code.google.com/p/part-db/
*
* Part-DB Version 0.4+
* Copyright (C) 2016 - 2019 Jan Böhmer
* https://github.com/jbtronics
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*
*/
namespace App\Form\Permissions;
use App\Services\PermissionResolver;
use Symfony\Component\Form\AbstractType;
use Symfony\Component\Form\FormBuilderInterface;
use Symfony\Component\OptionsResolver\Options;
use Symfony\Component\OptionsResolver\OptionsResolver;
class PermissionGroupType extends AbstractType
{
protected $resolver;
protected $perm_structure;
public function __construct(PermissionResolver $resolver)
{
$this->resolver = $resolver;
$this->perm_structure = $resolver->getPermissionStructure();
}
public function buildForm(FormBuilderInterface $builder, array $options)
{
$permissions = $this->perm_structure['perms'];
foreach ($permissions as $key => $permission) {
//Check if the permission belongs to our group
if (isset($permission['group'])) {
if ($permission['group'] !== $options['group_name']) {
continue;
}
} else {
//Skip perrmissions without groups unless we have this as blanko group
if ($options['group_name'] !== "*") {
continue;
}
}
$builder->add($key, PermissionType::class, [
'perm_name' => $key,
'label' => $permission['label'] ?? $key,
'mapped' => false,
'data' => $builder->getData(),
'disabled' => $options['disabled']
]);
}
}
public function configureOptions(OptionsResolver $resolver)
{
parent::configureOptions($resolver);
$resolver->setDefault('group_name', function (Options $options) {
return trim($options['name']);
});
$resolver->setDefault('label', function (Options $options) {
if (!empty($this->perm_structure['groups'][$options['group_name']]['label'])) {
return $this->perm_structure['groups'][$options['group_name']]['label'];
}
return $options['name'];
});
}
}

157
src/Form/Permissions/PermissionType.php Normal file
View file

@ -0,0 +1,157 @@
<?php
/**
*
* part-db version 0.1
* Copyright (C) 2005 Christoph Lechner
* http://www.cl-projects.de/
*
* part-db version 0.2+
* Copyright (C) 2009 K. Jacobs and others (see authors.php)
* http://code.google.com/p/part-db/
*
* Part-DB Version 0.4+
* Copyright (C) 2016 - 2019 Jan Böhmer
* https://github.com/jbtronics
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*
*/
namespace App\Form\Permissions;
use App\Form\Type\TriStateCheckboxType;
use App\Services\PermissionResolver;
use Symfony\Component\Form\AbstractType;
use Symfony\Component\Form\DataMapperInterface;
use Symfony\Component\Form\Exception;
use Symfony\Component\Form\Extension\Core\Type\CheckboxType;
use Symfony\Component\Form\FormBuilderInterface;
use Symfony\Component\Form\FormInterface;
use Symfony\Component\OptionsResolver\Options;
use Symfony\Component\OptionsResolver\OptionsResolver;
class PermissionType extends AbstractType implements DataMapperInterface
{
protected $resolver;
protected $perm_structure;
public function __construct(PermissionResolver $resolver)
{
$this->resolver = $resolver;
$this->perm_structure = $resolver->getPermissionStructure();
}
public function configureOptions(OptionsResolver $resolver)
{
parent::configureOptions($resolver);
$resolver->setDefault('perm_name', function (Options $options) {
return $options['name'];
});
$resolver->setDefault('label', function (Options $options) {
if (!empty($this->perm_structure['perms'][$options['perm_name']]['label'])) {
return $this->perm_structure['perms'][$options['perm_name']]['label'];
}
return $options['name'];
});
$resolver->setDefaults([
]);
}
public function buildForm(FormBuilderInterface $builder, array $options)
{
$operations = $this->perm_structure['perms'][$options['perm_name']]['operations'];
foreach ($operations as $key => $operation) {
$builder->add($key, TriStateCheckboxType::class, [
'required' => false,
'mapped' => false,
'label' => $operation['label'] ?? null,
'disabled' => $options['disabled']
]);
}
$builder->setDataMapper($this);
}
/**
* Maps the view data of a compound form to its children.
*
* The method is responsible for calling {@link FormInterface::setData()}
* on the children of compound forms, defining their underlying model data.
*
* @param mixed $viewData View data of the compound form being initialized
* @param FormInterface[]|\Traversable $forms A list of {@link FormInterface} instances
*
* @throws Exception\UnexpectedTypeException if the type of the data parameter is not supported
*/
public function mapDataToForms($viewData, $forms)
{
foreach ($forms as $form) {
$value = $this->resolver->dontInherit(
$viewData,
$form->getParent()->getConfig()->getOption('perm_name'),
$form->getName()
);
$form->setData($value);
}
}
/**
* Maps the model data of a list of children forms into the view data of their parent.
*
* This is the internal cascade call of FormInterface::submit for compound forms, since they
* cannot be bound to any input nor the request as scalar, but their children may:
*
* $compoundForm->submit($arrayOfChildrenViewData)
* // inside:
* $childForm->submit($childViewData);
* // for each entry, do the same and/or reverse transform
* $this->dataMapper->mapFormsToData($compoundForm, $compoundInitialViewData)
* // then reverse transform
*
* When a simple form is submitted the following is happening:
*
* $simpleForm->submit($submittedViewData)
* // inside:
* $this->viewData = $submittedViewData
* // then reverse transform
*
* The model data can be an array or an object, so this second argument is always passed
* by reference.
*
* @param FormInterface[]|\Traversable $forms A list of {@link FormInterface} instances
* @param mixed $viewData The compound form's view data that get mapped
* its children model data
*
* @throws Exception\UnexpectedTypeException if the type of the data parameter is not supported
*/
public function mapFormsToData($forms, &$viewData)
{
foreach ($forms as $form) {
$value = $form->getData();
$this->resolver->setPermission(
$viewData,
$form->getParent()->getConfig()->getOption('perm_name'),
$form->getName(),
$value
);
}
}
}

72
src/Form/Permissions/PermissionsType.php Normal file
View file

@ -0,0 +1,72 @@
<?php
/**
*
* part-db version 0.1
* Copyright (C) 2005 Christoph Lechner
* http://www.cl-projects.de/
*
* part-db version 0.2+
* Copyright (C) 2009 K. Jacobs and others (see authors.php)
* http://code.google.com/p/part-db/
*
* Part-DB Version 0.4+
* Copyright (C) 2016 - 2019 Jan Böhmer
* https://github.com/jbtronics
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*
*/
namespace App\Form\Permissions;
use App\Services\PermissionResolver;
use Symfony\Component\Form\AbstractType;
use Symfony\Component\Form\FormBuilderInterface;
class PermissionsType extends AbstractType
{
protected $resolver;
protected $perm_structure;
public function __construct(PermissionResolver $resolver)
{
$this->resolver = $resolver;
$this->perm_structure = $resolver->getPermissionStructure();
}
public function buildForm(FormBuilderInterface $builder, array $options)
{
$groups = $this->perm_structure['groups'];
foreach ($groups as $key => $group) {
$builder->add($key,PermissionGroupType::class, [
'group_name' => $key,
'mapped' => false,
'data' => $builder->getData(),
'disabled' => $options['disabled']
]);
}
$builder->add('blanko', PermissionGroupType::class, [
'group_name' => '*',
'label' => 'perm.group.other',
'mapped' => false,
'data' => $builder->getData(),
'disabled' => $options['disabled']
]);
}
}

174
src/Form/Type/TriStateCheckboxType.php Normal file
View file

@ -0,0 +1,174 @@
<?php
/**
*
* part-db version 0.1
* Copyright (C) 2005 Christoph Lechner
* http://www.cl-projects.de/
*
* part-db version 0.2+
* Copyright (C) 2009 K. Jacobs and others (see authors.php)
* http://code.google.com/p/part-db/
*
* Part-DB Version 0.4+
* Copyright (C) 2016 - 2019 Jan Böhmer
* https://github.com/jbtronics
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*
*/
namespace App\Form\Type;
use Symfony\Component\Form\AbstractType;
use Symfony\Component\Form\DataTransformerInterface;
use Symfony\Component\Form\Exception\TransformationFailedException;
use Symfony\Component\Form\Extension\Core\Type\CheckboxType;
use Symfony\Component\Form\FormBuilderInterface;
use Symfony\Component\Form\FormInterface;
use Symfony\Component\Form\FormView;
use Symfony\Component\OptionsResolver\OptionsResolver;
class TriStateCheckboxType extends AbstractType implements DataTransformerInterface
{
public function buildForm(FormBuilderInterface $builder, array $options) : void
{
$builder->addViewTransformer($this);
}
public function configureOptions(OptionsResolver $resolver)
{
$resolver->setDefaults([
'label_attr' => ['class' => 'checkbox-custom checkbox-inline'],
'attr' => ['class' => 'tristate'],
'compound' => false
]);
}
public function getBlockPrefix()
{
return 'tristate';
}
/**
* {@inheritdoc}
*/
public function buildView(FormView $view, FormInterface $form, array $options)
{
$view->vars = array_replace($view->vars, [
'value' => $form->getViewData(),
'checked' => true === $form->getData(),
'indeterminate' => null === $form->getData()
]);
}
/**
* Transforms a value from the original representation to a transformed representation.
*
* This method is called when the form field is initialized with its default data, on
* two occasions for two types of transformers:
*
* 1. Model transformers which normalize the model data.
* This is mainly useful when the same form type (the same configuration)
* has to handle different kind of underlying data, e.g The DateType can
* deal with strings or \DateTime objects as input.
*
* 2. View transformers which adapt the normalized data to the view format.
* a/ When the form is simple, the value returned by convention is used
* directly in the view and thus can only be a string or an array. In
* this case the data class should be null.
*
* b/ When the form is compound the returned value should be an array or
* an object to be mapped to the children. Each property of the compound
* data will be used as model data by each child and will be transformed
* too. In this case data class should be the class of the object, or null
* when it is an array.
*
* All transformers are called in a configured order from model data to view value.
* At the end of this chain the view data will be validated against the data class
* setting.
*
* This method must be able to deal with empty values. Usually this will
* be NULL, but depending on your implementation other empty values are
* possible as well (such as empty strings). The reasoning behind this is
* that data transformers must be chainable. If the transform() method
* of the first data transformer outputs NULL, the second must be able to
* process that value.
*
* @param mixed $value The value in the original representation
*
* @return mixed The value in the transformed representation
*
* @throws TransformationFailedException when the transformation fails
*/
public function transform($value)
{
if ($value === true) {
return "true";
}
if ($value === false) {
return "false";
}
if ($value === null) {
return "indeterminate";
}
throw new \InvalidArgumentException('Invalid value encountered!: ' . $value);
}
/**
* Transforms a value from the transformed representation to its original
* representation.
*
* This method is called when {@link Form::submit()} is called to transform the requests tainted data
* into an acceptable format.
*
* The same transformers are called in the reverse order so the responsibility is to
* return one of the types that would be expected as input of transform().
*
* This method must be able to deal with empty values. Usually this will
* be an empty string, but depending on your implementation other empty
* values are possible as well (such as NULL). The reasoning behind
* this is that value transformers must be chainable. If the
* reverseTransform() method of the first value transformer outputs an
* empty string, the second value transformer must be able to process that
* value.
*
* By convention, reverseTransform() should return NULL if an empty string
* is passed.
*
* @param mixed $value The value in the transformed representation
*
* @return mixed The value in the original representation
*
* @throws TransformationFailedException when the transformation fails
*/
public function reverseTransform($value)
{
switch ($value) {
case "true":
return true;
case "false":
case '':
return false;
case "indeterminate":
return null;
default:
throw new \InvalidArgumentException('Invalid value encountered!: ' . $value);
}
}
}

7
src/Form/UserAdminForm.php
View file

@ -35,6 +35,8 @@ namespace App\Form;
use App\Entity\UserSystem\Group;
use App\Entity\Base\NamedDBElement;
use App\Entity\Base\StructuralDBElement;
use App\Form\Permissions\PermissionsType;
use App\Form\Permissions\PermissionType;
use App\Form\Type\StructuralEntityType;
use FOS\CKEditorBundle\Form\Type\CKEditorType;
use Symfony\Bridge\Doctrine\Form\Type\EntityType;
@ -111,6 +113,11 @@ class UserAdminForm extends AbstractType
'disabled' => !$this->security->isGranted('edit_infos', $entity),
])
->add('permissions', PermissionsType::class, [
'mapped' => false,
'data' => $builder->getData(),
//'user' => $builder->getData(),
])
;
/*->add('comment', CKEditorType::class, ['required' => false,
'label' => 'comment.label', 'attr' => ['rows' => 4], 'help' => 'bbcode.hint',

27
src/Services/PermissionResolver.php
View file

@ -60,12 +60,17 @@ class PermissionResolver
$this->permission_structure = $this->getPermissionStructure();
$this->permission_structure = $this->generatePermissionStructure();
//dump($this->permission_structure);
}
protected function getPermissionStructure()
public function getPermissionStructure() : array
{
return $this->permission_structure;
}
protected function generatePermissionStructure()
{
$cache = new ConfigCache($this->cache_file, $this->is_debug);
@ -166,6 +171,24 @@ class PermissionResolver
return null; //The inherited value is never resolved. Should be treat as false, in Voters.
}
/**
* Sets the new value for the operation
* @param HasPermissionsInterface $user The user or group for which the value should be changed.
* @param string $permission The name of the permission that should be changed.
* @param string $operation The name of the operation that should be changed.
* @param bool|null $new_val The new value for the permission. true = ALLOW, false = DISALLOW, null = INHERIT
*/
public function setPermission(HasPermissionsInterface $user, string $permission, string $operation, ?bool $new_val) : void
{
//Get the permissions from the user
$perm_list = $user->getPermissions();
//Determine bit number using our configuration
$bit = $this->permission_structure['perms'][$permission]['operations'][$operation]['bit'];
$perm_list->setPermissionValue($permission, $bit, $new_val);
}
/**
* Lists the names of all operations that is supported for the given permission.
*