Renamed "devices" permission to "projects"

2025-06-30 05:24:28 +02:00 · 2023-01-08 20:10:58 +01:00 · 2023-01-08 20:10:58 +01:00 · 7b6a906d98
commit 7b6a906d98
parent f2dfe12087
19 changed files with 157 additions and 23 deletions
--- a/src/Controller/ProjectController.php
+++ b/src/Controller/ProjectController.php
@ -80,7 +80,7 @@ class ProjectController extends AbstractController
        if($project) {
            $this->denyAccessUnlessGranted('edit', $project);
        } else {
-            $this->denyAccessUnlessGranted('@devices.edit');
+            $this->denyAccessUnlessGranted('@projects.edit');
        }

        $builder = $this->createFormBuilder();
--- a/src/Controller/TreeController.php
+++ b/src/Controller/TreeController.php
@ -138,7 +138,7 @@ class TreeController extends AbstractController
     */
    public function deviceTree(?Project $device = null): JsonResponse
    {
-        if ($this->isGranted('@devices.read')) {
+        if ($this->isGranted('@projects.read')) {
            $tree = $this->treeGenerator->getTreeView(Project::class, $device, 'devices');
        } else {
            return new JsonResponse("Access denied", 403);
--- a/src/DataFixtures/GroupFixtures.php
+++ b/src/DataFixtures/GroupFixtures.php
@ -72,7 +72,7 @@ class GroupFixtures extends Fixture

    private function addDevicesPermissions(Group $group): void
    {
-        $this->permissionManager->setAllOperationsOfPermission($group, 'devices', true);
+        $this->permissionManager->setAllOperationsOfPermission($group, 'projects', true);
    }

 }
--- a/src/Entity/Parts/PartTraits/ProjectTrait.php
+++ b/src/Entity/Parts/PartTraits/ProjectTrait.php
@ -62,7 +62,7 @@ trait ProjectTrait


    /**
-     *  Get all devices which uses this part.
+     *  Get all projects which uses this part.
     *
     * @return Project[] * all devices which uses this part as a one-dimensional array of Device objects
     *                  (empty array if there are no ones)
--- a/src/Entity/UserSystem/PermissionData.php
+++ b/src/Entity/UserSystem/PermissionData.php
@ -40,7 +40,7 @@ final class PermissionData implements \JsonSerializable
    /**
     * The current schema version of the permission data
     */
-    public const CURRENT_SCHEMA_VERSION = 1;
+    public const CURRENT_SCHEMA_VERSION = 2;

    /**
     * @var array This array contains the permission values for each permission
@ -69,6 +69,56 @@ final class PermissionData implements \JsonSerializable
        }
    }

+    /**
+     * Checks if any of the operations of the given permission is defined (meaning it is either ALLOW or DENY)
+     * @param  string  $permission
+     * @return bool
+     */
+    public function isAnyOperationOfPermissionSet(string $permission): bool
+    {
+        return !empty($this->data[$permission]);
+    }
+
+    /**
+     * Returns an associative array containing all defined (non-INHERIT) operations of the given permission.
+     * @param  string  $permission
+     * @return array An array in the form ["operation" => value], returns an empty array if no operations are defined
+     */
+    public function getAllDefinedOperationsOfPermission(string $permission): array
+    {
+        if (empty($this->data[$permission])) {
+            return [];
+        }
+
+        return $this->data[$permission];
+    }
+
+    /**
+     * Sets all operations of the given permission via the given array.
+     * The data is an array in the form [$operation => $value], all existing values will be overwritten/deleted.
+     * @param  string  $permission
+     * @param  array  $data
+     * @return $this
+     */
+    public function setAllOperationsOfPermission(string $permission, array $data): self
+    {
+        $this->data[$permission] = $data;
+
+        return $this;
+    }
+
+    /**
+     * Removes a whole permission from the data including all operations (effectivly setting them to INHERIT)
+     * @param  string  $permission
+     * @return $this
+     */
+    public function removePermission(string $permission): self
+    {
+        unset($this->data[$permission]);
+
+        return $this;
+    }
+
    /**
     * Check if a permission value is set for the given permission and operation (meaning there value is not inherit).
     * @param  string  $permission
--- a/src/Security/Voter/ParameterVoter.php
+++ b/src/Security/Voter/ParameterVoter.php
@ -96,7 +96,7 @@ class ParameterVoter extends ExtendedVoter
        } elseif ($subject instanceof CurrencyParameter) {
            $param = 'currencies';
        } elseif ($subject instanceof ProjectParameter) {
-            $param = 'devices';
+            $param = 'projects';
        } elseif ($subject instanceof FootprintParameter) {
            $param = 'footprints';
        } elseif ($subject instanceof GroupParameter) {
--- a/src/Security/Voter/StructureVoter.php
+++ b/src/Security/Voter/StructureVoter.php
@ -40,7 +40,7 @@ class StructureVoter extends ExtendedVoter
    protected const OBJ_PERM_MAP = [
        AttachmentType::class => 'attachment_types',
        Category::class => 'categories',
-        Project::class => 'devices',
+        Project::class => 'projects',
        Footprint::class => 'footprints',
        Manufacturer::class => 'manufacturers',
        Storelocation::class => 'storelocations',
--- a/src/Services/UserSystem/PermissionPresetsHelper.php
+++ b/src/Services/UserSystem/PermissionPresetsHelper.php
@ -111,6 +111,7 @@ class PermissionPresetsHelper
        $this->permissionResolver->setAllOperationsOfPermission($permHolder, 'currencies', PermissionData::ALLOW);
        $this->permissionResolver->setAllOperationsOfPermission($permHolder, 'measurement_units', PermissionData::ALLOW);
        $this->permissionResolver->setAllOperationsOfPermission($permHolder, 'suppliers', PermissionData::ALLOW);
+        $this->permissionResolver->setAllOperationsOfPermission($permHolder, 'projects', PermissionData::ALLOW);

        //Attachments permissions
        $this->permissionResolver->setPermission($permHolder, 'attachments', 'show_private', PermissionData::ALLOW);
@ -150,8 +151,8 @@ class PermissionPresetsHelper
        $this->permissionResolver->setPermission($perm_holder, 'labels', 'edit_options', PermissionData::ALLOW);
        $this->permissionResolver->setPermission($perm_holder, 'labels', 'read_profiles', PermissionData::ALLOW);

-        //Set devices permissions
-        $this->permissionResolver->setPermission($perm_holder, 'devices', 'read', PermissionData::ALLOW);
+        //Set projects permissions
+        $this->permissionResolver->setPermission($perm_holder, 'projects', 'read', PermissionData::ALLOW);

        return $perm_holder;
    }
--- a/src/Services/UserSystem/PermissionSchemaUpdater.php
+++ b/src/Services/UserSystem/PermissionSchemaUpdater.php
@ -133,4 +133,14 @@ class PermissionSchemaUpdater
            $holder->getPermissions()->setPermissionValue('parts_stock', 'move', $new_value);
        }
    }
+
+    private function upgradeSchemaToVersion2(HasPermissionsInterface $holder): void
+    {
+        //If the projects permissions are not defined yet, rename devices permission to projects (just copy its data over)
+        if (!$holder->getPermissions()->isAnyOperationOfPermissionSet('projects')) {
+            $operations_value = $holder->getPermissions()->getAllDefinedOperationsOfPermission('devices');
+            $holder->getPermissions()->setAllOperationsOfPermission('projects', $operations_value);
+            $holder->getPermissions()->removePermission('devices');
+        }
+    }
 }