Show the permissions a user have on the user info page.

src/Controller/UserController.php

@@ -31,6 +31,7 @@ namespace App\Controller;
 
 use App\Entity\Attachments\AttachmentType;
 use App\Entity\UserSystem\User;
+use App\Form\Permissions\PermissionsType;
 use App\Form\UserAdminForm;
 use App\Form\UserSettingsType;
 use App\Services\EntityExporter;
@@ -135,9 +136,18 @@ class UserController extends AdminPages\BaseAdminController
             $avatar = $packages->getUrl('/img/default_avatar.png');
         }
 
+        //Show permissions to user
+        $builder = $this->createFormBuilder()->add('permissions',PermissionsType::class, [
+            'mapped' => false,
+            'disabled' => true,
+            'inherit' => true,
+            'data' => $user
+        ]);
+
         return $this->render('Users/user_info.html.twig', [
             'user' => $user,
             'avatar' => $avatar,
+            'form' => $builder->getForm()->createView()
         ]);
     }
 

src/Form/Permissions/PermissionGroupType.php

@@ -71,7 +71,8 @@ class PermissionGroupType extends AbstractType
                 'label' => $permission['label'] ?? $key,
                 'mapped' => false,
                 'data' => $builder->getData(),
-                'disabled' => $options['disabled']
+                'disabled' => $options['disabled'],
+                'inherit' => $options['inherit']
             ]);
         }
     }
@@ -84,6 +85,8 @@ class PermissionGroupType extends AbstractType
             return trim($options['name']);
         });
 
+        $resolver->setDefault('inherit', false);
+
         $resolver->setDefault('label', function (Options $options) {
             if (!empty($this->perm_structure['groups'][$options['group_name']]['label'])) {
                 return $this->perm_structure['groups'][$options['group_name']]['label'];

src/Form/Permissions/PermissionType.php

@@ -44,7 +44,7 @@ use Symfony\Component\Form\FormView;
 use Symfony\Component\OptionsResolver\Options;
 use Symfony\Component\OptionsResolver\OptionsResolver;
 
-class PermissionType extends AbstractType implements DataMapperInterface
+class PermissionType extends AbstractType
 {
     protected $resolver;
     protected $perm_structure;
@@ -76,6 +76,7 @@ class PermissionType extends AbstractType implements DataMapperInterface
         });
 
         $resolver->setDefaults([
+            'inherit' => false
         ]);
     }
 
@@ -92,76 +93,11 @@ class PermissionType extends AbstractType implements DataMapperInterface
             ]);
         }
 
-        $builder->setDataMapper($this);
+        $builder->setDataMapper(new PermissionsMapper($this->resolver, $options['inherit']));
     }
 
     public function buildView(FormView $view, FormInterface $form, array $options)
     {
         $view->vars['multi_checkbox'] = $options['multi_checkbox'];
     }
-
-    /**
-     * Maps the view data of a compound form to its children.
-     *
-     * The method is responsible for calling {@link FormInterface::setData()}
-     * on the children of compound forms, defining their underlying model data.
-     *
-     * @param mixed $viewData View data of the compound form being initialized
-     * @param FormInterface[]|\Traversable $forms A list of {@link FormInterface} instances
-     *
-     * @throws Exception\UnexpectedTypeException if the type of the data parameter is not supported
-     */
-    public function mapDataToForms($viewData, $forms)
-    {
-        foreach ($forms as $form) {
-            $value = $this->resolver->dontInherit(
-                $viewData,
-                $form->getParent()->getConfig()->getOption('perm_name'),
-                $form->getName()
-            );
-            $form->setData($value);
-        }
-    }
-
-    /**
-     * Maps the model data of a list of children forms into the view data of their parent.
-     *
-     * This is the internal cascade call of FormInterface::submit for compound forms, since they
-     * cannot be bound to any input nor the request as scalar, but their children may:
-     *
-     *     $compoundForm->submit($arrayOfChildrenViewData)
-     *     // inside:
-     *     $childForm->submit($childViewData);
-     *     // for each entry, do the same and/or reverse transform
-     *     $this->dataMapper->mapFormsToData($compoundForm, $compoundInitialViewData)
-     *     // then reverse transform
-     *
-     * When a simple form is submitted the following is happening:
-     *
-     *     $simpleForm->submit($submittedViewData)
-     *     // inside:
-     *     $this->viewData = $submittedViewData
-     *     // then reverse transform
-     *
-     * The model data can be an array or an object, so this second argument is always passed
-     * by reference.
-     *
-     * @param FormInterface[]|\Traversable $forms A list of {@link FormInterface} instances
-     * @param mixed $viewData The compound form's view data that get mapped
-     *                                               its children model data
-     *
-     * @throws Exception\UnexpectedTypeException if the type of the data parameter is not supported
-     */
-    public function mapFormsToData($forms, &$viewData)
-    {
-        foreach ($forms as $form) {
-            $value = $form->getData();
-            $this->resolver->setPermission(
-                $viewData,
-                $form->getParent()->getConfig()->getOption('perm_name'),
-                $form->getName(),
-                $value
-            );
-        }
-    }
 }

src/Form/Permissions/PermissionsMapper.php

@@ -0,0 +1,128 @@
+<?php
+/**
+ *
+ * part-db version 0.1
+ * Copyright (C) 2005 Christoph Lechner
+ * http://www.cl-projects.de/
+ *
+ * part-db version 0.2+
+ * Copyright (C) 2009 K. Jacobs and others (see authors.php)
+ * http://code.google.com/p/part-db/
+ *
+ * Part-DB Version 0.4+
+ * Copyright (C) 2016 - 2019 Jan Böhmer
+ * https://github.com/jbtronics
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
+ *
+ */
+
+namespace App\Form\Permissions;
+
+
+use App\Services\PermissionResolver;
+use Symfony\Component\Form\DataMapperInterface;
+use Symfony\Component\Form\FormInterface;
+
+/**
+ * This class is a data mapper that maps the permission data from DB (accessed via a PermissionResolver),
+ * to TristateCheckboxes and vice versa.
+ */
+class PermissionsMapper implements DataMapperInterface
+{
+    protected $resolver;
+    protected $inherit;
+
+    public function __construct(PermissionResolver $resolver, bool $inherit = false)
+    {
+        $this->inherit = $inherit;
+        $this->resolver = $resolver;
+    }
+
+    /**
+     * Maps the view data of a compound form to its children.
+     *
+     * The method is responsible for calling {@link FormInterface::setData()}
+     * on the children of compound forms, defining their underlying model data.
+     *
+     * @param mixed $viewData View data of the compound form being initialized
+     * @param FormInterface[]|\Traversable $forms A list of {@link FormInterface} instances
+     *
+     */
+    public function mapDataToForms($viewData, $forms)
+    {
+        foreach ($forms as $form) {
+            if ($this->inherit) {
+                $value = $this->resolver->inherit(
+                    $viewData,
+                    $form->getParent()->getConfig()->getOption('perm_name'),
+                    $form->getName()
+                ) ?? false;
+            } else {
+                $value = $this->resolver->dontInherit(
+                    $viewData,
+                    $form->getParent()->getConfig()->getOption('perm_name'),
+                    $form->getName()
+                );
+            }
+            $form->setData($value);
+        }
+    }
+
+    /**
+     * Maps the model data of a list of children forms into the view data of their parent.
+     *
+     * This is the internal cascade call of FormInterface::submit for compound forms, since they
+     * cannot be bound to any input nor the request as scalar, but their children may:
+     *
+     *     $compoundForm->submit($arrayOfChildrenViewData)
+     *     // inside:
+     *     $childForm->submit($childViewData);
+     *     // for each entry, do the same and/or reverse transform
+     *     $this->dataMapper->mapFormsToData($compoundForm, $compoundInitialViewData)
+     *     // then reverse transform
+     *
+     * When a simple form is submitted the following is happening:
+     *
+     *     $simpleForm->submit($submittedViewData)
+     *     // inside:
+     *     $this->viewData = $submittedViewData
+     *     // then reverse transform
+     *
+     * The model data can be an array or an object, so this second argument is always passed
+     * by reference.
+     *
+     * @param FormInterface[]|\Traversable $forms A list of {@link FormInterface} instances
+     * @param mixed $viewData The compound form's view data that get mapped
+     *                                               its children model data
+     *
+     */
+    public function mapFormsToData($forms, &$viewData)
+    {
+        if ($this->inherit) {
+            throw new \RuntimeException('The permission type is readonly when it is showing read only data!');
+        }
+
+        foreach ($forms as $form) {
+            $value = $form->getData();
+            $this->resolver->setPermission(
+                $viewData,
+                $form->getParent()->getConfig()->getOption('perm_name'),
+                $form->getName(),
+                $value
+            );
+        }
+    }
+}

src/Form/Permissions/PermissionsType.php

@@ -62,7 +62,8 @@ class PermissionsType extends AbstractType
                     return [new NoLockout()];
                 }
                 return [];
-            }
+            },
+            'inherit' => false,
         ]);
 
 
@@ -82,7 +83,8 @@ class PermissionsType extends AbstractType
                 'group_name' => $key,
                 'mapped' => false,
                 'data' => $builder->getData(),
-                'disabled' => $options['disabled']
+                'disabled' => $options['disabled'],
+                'inherit' => $options['inherit']
             ]);
         }
 
@@ -91,7 +93,8 @@ class PermissionsType extends AbstractType
             'label' => 'perm.group.other',
             'mapped' => false,
             'data' => $builder->getData(),
-            'disabled' => $options['disabled']
+            'disabled' => $options['disabled'],
+            'inherit' => $options['inherit']
         ]);
     }
 }

src/Security/Voter/UserVoter.php

@@ -78,8 +78,10 @@ class UserVoter extends ExtendedVoter
                 }
             }
             //Else just check users permission:
+            if ($this->resolver->isValidOperation('users', $attribute)) {
                 return $this->resolver->inherit($user, 'users', $attribute) ?? false;
             }
+        }
 
         return false;
     }

templates/Users/user_info.html.twig

@@ -59,3 +59,17 @@
         </div>
     </div>
 {% endblock %}
+
+{% block additional_content %}
+    {% if is_granted('read', user) or is_granted('show_permissions', user) %}
+    <div class="card mt-3">
+        <div class="card-header"><i class="fas fa-gavel fa-fw"></i>
+            {% trans %}user.permissions{% endtrans %}</div>
+        <div class="card-body">
+            {{ form_start(form) }}
+            {{ form_row(form.permissions) }}
+            {{ form_end(form) }}
+        </div>
+    </div>
+    {% endif %}
+{% endblock %}

templates/main_card.html.twig

@@ -13,4 +13,6 @@
     </div>
     {% endblock %}
 </div>
+
+   {% block additional_content %}{% endblock %}
 {% endblock %}