Show a warning flash message, if permissions were corrected and missing permissions were set

Related to issue #435

src/Services/UserSystem/PermissionManager.php

@@ -230,12 +230,16 @@ class PermissionManager
 
     /**
      * This functions sets all operations mentioned in the alsoSet value of a permission, so that the structure is always valid.
+     * This function should be called after every setPermission() call.
+     * @return bool true if values were changed/corrected, false if not
      */
-    public function ensureCorrectSetOperations(HasPermissionsInterface $user): void
+    public function ensureCorrectSetOperations(HasPermissionsInterface $user): bool
     {
         //If we have changed anything on the permission structure due to the alsoSet value, this becomes true, so we
         //redo the whole process, to ensure that all alsoSet values are set recursively.
 
+        $return_value = false;
+
         do {
             $anything_changed = false; //Reset the variable for the next iteration
 
@@ -254,12 +258,15 @@ class PermissionManager
                                 $this->setPermission($user, $set_perm, $set_op, true);
                                 //Mark the change, so we redo the whole process
                                 $anything_changed = true;
+                                $return_value = true;
                             }
                         }
                     }
                 }
             }
         } while($anything_changed);
+
+        return $return_value;
     }
 
     /**

src/Validator/Constraints/ValidPermissionValidator.php

@@ -22,15 +22,21 @@ declare(strict_types=1);
 
 namespace App\Validator\Constraints;
 
+use App\Controller\GroupController;
+use App\Controller\UserController;
 use App\Security\Interfaces\HasPermissionsInterface;
 use App\Services\UserSystem\PermissionManager;
 use Symfony\Component\Form\Exception\UnexpectedTypeException;
+use Symfony\Component\HttpFoundation\RequestStack;
+use Symfony\Component\HttpFoundation\Session\Session;
 use Symfony\Component\Validator\Constraint;
 use Symfony\Component\Validator\ConstraintValidator;
 
+use function Symfony\Component\Translation\t;
+
 class ValidPermissionValidator extends ConstraintValidator
 {
-    public function __construct(protected PermissionManager $resolver)
+    public function __construct(protected PermissionManager $resolver, protected RequestStack $requestStack)
     {
     }
 
@@ -49,6 +55,26 @@ class ValidPermissionValidator extends ConstraintValidator
         /** @var HasPermissionsInterface $perm_holder */
         $perm_holder = $this->context->getObject();
 
-        $this->resolver->ensureCorrectSetOperations($perm_holder);
+        $changed = $this->resolver->ensureCorrectSetOperations($perm_holder);
+
+        //Sending a flash message if the permissions were fixed (only if called from UserController or GroupController)
+        //This is pretty hacky and bad design but I dont see a better way without a complete rewrite of how permissions are validated
+        //on the admin pages
+        if ($changed) {
+            //Check if this was called in context of UserController
+            $request = $this->requestStack->getMainRequest();
+            if (!$request) {
+                return;
+            }
+            //Determine the controller class (the part before the ::)
+            $controller_class = explode('::', $request->attributes->get('_controller'))[0];
+
+            if (in_array($controller_class, [UserController::class, GroupController::class])) {
+                /** @var Session $session */
+                $session = $this->requestStack->getSession();
+                $flashBag = $session->getFlashBag();
+                $flashBag->add('warning', t('user.edit.flash.permissions_fixed'));
+            }
+        }
     }
 }