diff --git a/src/Command/User/UsersPermissionsCommand.php b/src/Command/User/UsersPermissionsCommand.php index d18c8c59..9ad38a36 100644 --- a/src/Command/User/UsersPermissionsCommand.php +++ b/src/Command/User/UsersPermissionsCommand.php @@ -65,18 +65,23 @@ class UsersPermissionsCommand extends Command $edit_mapping = $this->renderPermissionTable($output, $user, $inherit); while($edit_mode) { - $index_to_edit = $io->ask('Which permission do you want to edit? Enter the index (e.g. 2-4) to edit or "q" to quit', 'q'); + $index_to_edit = $io->ask('Which permission do you want to edit? Enter the index (e.g. 2-4) to edit, * for all permissions or "q" to quit', 'q'); if ($index_to_edit === 'q') { break; } - if (!isset($edit_mapping[$index_to_edit])) { + if (!isset($edit_mapping[$index_to_edit]) && $index_to_edit !== '*') { $io->error('Invalid index'); continue; } - [$perm_to_edit, $op_to_edit] = $edit_mapping[$index_to_edit]; - $io->note('Editing permission ' . $perm_to_edit . ' with operation ' . $op_to_edit); + if ($index_to_edit === '*') { + $io->warning('You are about to edit all permissions. This will overwrite all permissions!'); + } else { + [$perm_to_edit, $op_to_edit] = $edit_mapping[$index_to_edit]; + $io->note('Editing permission ' . $perm_to_edit . ' with operation ' . $op_to_edit); + } + $new_value_str = $io->ask('Enter the new value for the permission (A = allow, D = disallow, I = inherit)'); switch (strtolower($new_value_str)) { @@ -97,9 +102,18 @@ class UsersPermissionsCommand extends Command continue 2; } - $user->getPermissions()->setPermissionValue($perm_to_edit, $op_to_edit, $new_value); + if ($index_to_edit === '*') { + $this->permissionResolver->setAllPermissions($user, $new_value); + $io->success('Permission updated successfully'); + $this->entityManager->flush(); + + break; //Show the new table + } else { + $this->permissionResolver->setPermission($user, $perm_to_edit, $op_to_edit, $new_value); + } + //Ensure that all operations are set accordingly - $this->ensureCorrectPermissions($user); + $this->permissionResolver->ensureCorrectSetOperations($user); $io->success('Permission updated successfully'); //Save to DB @@ -183,21 +197,4 @@ class UsersPermissionsCommand extends Command return '???'; } - - protected function ensureCorrectPermissions(User $user): void - { - $perm_structure = $this->permissionResolver->getPermissionStructure(); - - foreach ($perm_structure['perms'] as $perm_key => $permission) { - foreach ($permission['operations'] as $op_key => $op) { - if (!empty($op['alsoSet']) && - true === $this->permissionResolver->dontInherit($user, $perm_key, $op_key)) { - //Set every op listed in also Set - foreach ($op['alsoSet'] as $set_also) { - $this->permissionResolver->setPermission($user, $perm_key, $set_also, true); - } - } - } - } - } } diff --git a/src/Services/PermissionResolver.php b/src/Services/PermissionResolver.php index ad8c4bf2..e1fbd8e0 100644 --- a/src/Services/PermissionResolver.php +++ b/src/Services/PermissionResolver.php @@ -204,6 +204,42 @@ class PermissionResolver isset($this->permission_structure['perms'][$permission]['operations'][$operation]); } + /** + * This functions sets all operations mentioned in the alsoSet value of a permission, so that the structure is always valid. + * @param User $user + * @return void + */ + public function ensureCorrectSetOperations(HasPermissionsInterface $user): void + { + //Check for each permission and operation, for an alsoSet attribute + foreach ($this->permission_structure['perms'] as $perm_key => $permission) { + foreach ($permission['operations'] as $op_key => $op) { + if (!empty($op['alsoSet']) && + true === $this->dontInherit($user, $perm_key, $op_key)) { + //Set every op listed in also Set + foreach ($op['alsoSet'] as $set_also) { + $this->setPermission($user, $perm_key, $set_also, true); + } + } + } + } + } + + /** + * Sets all possible operations of all possible permissions of the given entity to the given value. + * @param HasPermissionsInterface $perm_holder + * @param bool|null $new_value + * @return void + */ + public function setAllPermissions(HasPermissionsInterface $perm_holder, ?bool $new_value): void + { + foreach ($this->permission_structure['perms'] as $perm_key => $permission) { + foreach ($permission['operations'] as $op_key => $op) { + $this->setPermission($perm_holder, $perm_key, $op_key, $new_value); + } + } + } + protected function generatePermissionStructure() { $cache = new ConfigCache($this->cache_file, $this->is_debug); diff --git a/src/Validator/Constraints/ValidPermissionValidator.php b/src/Validator/Constraints/ValidPermissionValidator.php index 54b84b21..b6f79f4e 100644 --- a/src/Validator/Constraints/ValidPermissionValidator.php +++ b/src/Validator/Constraints/ValidPermissionValidator.php @@ -56,7 +56,6 @@ class ValidPermissionValidator extends ConstraintValidator public function __construct(PermissionResolver $resolver) { $this->resolver = $resolver; - $this->perm_structure = $resolver->getPermissionStructure(); } /** @@ -74,17 +73,6 @@ class ValidPermissionValidator extends ConstraintValidator /** @var HasPermissionsInterface $perm_holder */ $perm_holder = $this->context->getObject(); - //Check for each permission and operation, for an alsoSet attribute - foreach ($this->perm_structure['perms'] as $perm_key => $permission) { - foreach ($permission['operations'] as $op_key => $op) { - if (!empty($op['alsoSet']) && - true === $this->resolver->dontInherit($perm_holder, $perm_key, $op_key)) { - //Set every op listed in also Set - foreach ($op['alsoSet'] as $set_also) { - $this->resolver->setPermission($perm_holder, $perm_key, $set_also, true); - } - } - } - } + $this->resolver->ensureCorrectSetOperations($perm_holder); } }