mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-25 03:08:51 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Check permissions in edit part form.

Browse source
This commit is contained in:
Jan Böhmer 2019-03-19 19:00:39 +01:00
parent 6ed2eeabae
commit 8d36bf913d
3 changed files with 62 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

17
src/Security/Voter/PartVoter.php
View file

@ -31,7 +31,15 @@ class PartVoter extends ExtendedVoter
if ($subject instanceof Part)
{
return in_array($attribute, $this->resolver->listOperationsForPermission('parts'), false);
//Check if a sub permission should be checked -> $attribute has format name.edit
if(strpos($attribute, '.') !== false) {
[$perm, $op] = explode('.', $attribute);
return in_array($op, $this->resolver->listOperationsForPermission('parts_'.$perm), false);
}
return in_array($attribute, $this->resolver->listOperationsForPermission('parts'), false);
}
return false;
@ -41,6 +49,13 @@ class PartVoter extends ExtendedVoter
protected function voteOnUser($attribute, $subject, User $user): bool
{
if($subject instanceof Part) {
//Check for sub permissions
if(strpos($attribute, '.') !== false) {
[$perm, $op] = explode('.', $attribute);
return $this->resolver->inherit($user, 'parts_'. $perm, $op) ?? false;
}
//Null concealing operator means, that no
return $this->resolver->inherit($user, 'parts', $attribute) ?? false;
}