From a88a2e04cf31f5451bcc08b8a52ed9cdc41a8515 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jan=20B=C3=B6hmer?= <mail@jan-boehmer.de>
Date: Sun, 9 Jun 2024 00:11:58 +0200
Subject: [PATCH] Added the required initial users and groups for the database
 migration

---
 migrations/Version20221114193325.php   | 44 ++--------------
 migrations/Version20240606203053.php   | 37 ++++++++++++-
 src/Migration/WithPermPresetsTrait.php | 72 ++++++++++++++++++++++++++
 3 files changed, 110 insertions(+), 43 deletions(-)
 create mode 100644 src/Migration/WithPermPresetsTrait.php

diff --git a/migrations/Version20221114193325.php b/migrations/Version20221114193325.php
index 2775ab5e..9766ccf3 100644
--- a/migrations/Version20221114193325.php
+++ b/migrations/Version20221114193325.php
@@ -4,24 +4,20 @@ declare(strict_types=1);
 
 namespace DoctrineMigrations;
 
-use App\Entity\UserSystem\PermissionData;
 use App\Migration\AbstractMultiPlatformMigration;
-use App\Security\Interfaces\HasPermissionsInterface;
+use App\Migration\WithPermPresetsTrait;
 use App\Services\UserSystem\PermissionPresetsHelper;
 use Doctrine\DBAL\Connection;
 use Doctrine\DBAL\Schema\Schema;
-use Doctrine\Migrations\AbstractMigration;
 use Psr\Log\LoggerInterface;
 use Symfony\Component\DependencyInjection\ContainerAwareInterface;
-use Symfony\Component\DependencyInjection\ContainerInterface;
 
 /**
  * Auto-generated Migration: Please modify to your needs!
  */
 final class Version20221114193325 extends AbstractMultiPlatformMigration implements ContainerAwareInterface
 {
-    private ?ContainerInterface $container = null;
-    private ?PermissionPresetsHelper $permission_presets_helper = null;
+    use WithPermPresetsTrait;
 
     public function __construct(Connection $connection, LoggerInterface $logger)
     {
@@ -33,34 +29,6 @@ final class Version20221114193325 extends AbstractMultiPlatformMigration impleme
         return 'Update the permission system to the new system. Please note that all permissions will be reset!';
     }
 
-    private function getJSONPermDataFromPreset(string $preset): string
-    {
-        if ($this->permission_presets_helper === null) {
-            throw new \RuntimeException('PermissionPresetsHelper not set! There seems to be some issue with the dependency injection!');
-        }
-
-        //Create a virtual user on which we can apply the preset
-        $user = new class implements HasPermissionsInterface {
-
-            public PermissionData $perm_data;
-
-            public function __construct()
-            {
-                $this->perm_data = new PermissionData();
-            }
-
-            public function getPermissions(): PermissionData
-            {
-                return $this->perm_data;
-            }
-        };
-
-        //Apply the preset to the virtual user
-        $this->permission_presets_helper->applyPreset($user, $preset);
-
-        //And return the json data
-        return json_encode($user->getPermissions());
-    }
 
     private function addDataMigrationAndWarning(): void
     {
@@ -164,13 +132,7 @@ final class Version20221114193325 extends AbstractMultiPlatformMigration impleme
         $this->addSql('CREATE INDEX user_idx_username ON "users" (name)');
     }
 
-    public function setContainer(ContainerInterface $container = null)
-    {
-        if ($container) {
-            $this->container = $container;
-            $this->permission_presets_helper = $container->get(PermissionPresetsHelper::class);
-        }
-    }
+
 
     public function postgreSQLUp(Schema $schema): void
     {
diff --git a/migrations/Version20240606203053.php b/migrations/Version20240606203053.php
index b305f739..326f7aa2 100644
--- a/migrations/Version20240606203053.php
+++ b/migrations/Version20240606203053.php
@@ -5,14 +5,18 @@ declare(strict_types=1);
 namespace DoctrineMigrations;
 
 use App\Migration\AbstractMultiPlatformMigration;
+use App\Migration\WithPermPresetsTrait;
+use App\Services\UserSystem\PermissionPresetsHelper;
 use Doctrine\DBAL\Schema\Schema;
-use Doctrine\Migrations\AbstractMigration;
+use Symfony\Component\DependencyInjection\ContainerAwareInterface;
 
 /**
  * Auto-generated Migration: Please modify to your needs!
  */
-final class Version20240606203053 extends AbstractMultiPlatformMigration
+final class Version20240606203053 extends AbstractMultiPlatformMigration implements ContainerAwareInterface
 {
+    use WithPermPresetsTrait;
+
     public function getDescription(): string
     {
         return 'Initial schema for Postgres';
@@ -233,6 +237,35 @@ final class Version20240606203053 extends AbstractMultiPlatformMigration
         $this->addSql('ALTER TABLE "users" ADD CONSTRAINT FK_1483A5E9EA7100A1 FOREIGN KEY (id_preview_attachment) REFERENCES "attachments" (id) ON DELETE SET NULL NOT DEFERRABLE INITIALLY IMMEDIATE');
         $this->addSql('ALTER TABLE "users" ADD CONSTRAINT FK_1483A5E938248176 FOREIGN KEY (currency_id) REFERENCES currencies (id) NOT DEFERRABLE INITIALLY IMMEDIATE');
         $this->addSql('ALTER TABLE webauthn_keys ADD CONSTRAINT FK_799FD143A76ED395 FOREIGN KEY (user_id) REFERENCES "users" (id) NOT DEFERRABLE INITIALLY IMMEDIATE');
+
+        //Create the initial groups and users
+        //Retrieve the json representations of the presets
+        $admin = $this->getJSONPermDataFromPreset(PermissionPresetsHelper::PRESET_ADMIN);
+        $editor = $this->getJSONPermDataFromPreset(PermissionPresetsHelper::PRESET_EDITOR);
+        $read_only = $this->getJSONPermDataFromPreset(PermissionPresetsHelper::PRESET_READ_ONLY);
+
+
+        $sql = <<<EOD
+        INSERT INTO "groups" ("id", "parent_id", "comment", "not_selectable", "name", "permissions_data", "enforce_2fa") VALUES
+            (1, NULL, 'Users of this group can do everything: Read, Write and Administrative actions.', FALSE, 'admins', '$admin', FALSE),
+            (2, NULL, 'Users of this group can only read informations, use tools, and do not have access to administrative tools.', FALSE, 'readonly', '$read_only', FALSE),
+            (3, NULL, 'Users of this group, can edit part informations, create new ones, etc. but are not allowed to use administrative tools. (But can read current configuration, and see Server status)', FALSE, 'users', '$editor', FALSE);
+        
+        EOD;
+        $this->addSql($sql);
+
+        $admin_pw = $this->getInitalAdminPW();
+
+        $sql = <<<EOD
+        INSERT INTO "users" ("id", "group_id", "name", "password", "need_pw_change", "first_name", "last_name", "department", "email", 
+                             "config_language", "config_timezone", "config_theme", "config_instock_comment_w", "config_instock_comment_a", 
+                             "currency_id", "settings", "disabled", "backup_codes", "trusted_device_cookie_version",
+                            "permissions_data", "saml_user", "about_me"
+                             ) VALUES
+            (1, 2, 'anonymous', '', FALSE, '', '', '', '', NULL, NULL, NULL, '', '', NULL, '{}', FALSE, 'null', 0, 'null', FALSE, ''),
+            (2, 1, 'admin', '{$admin_pw}', TRUE, '', '', '', '', NULL, NULL, NULL, '', '', NULL, '{}', FALSE, 'null', 0, '{$admin}', FALSE, '')
+        EOD;
+        $this->addSql($sql);
     }
 
     public function postgreSQLDown(Schema $schema): void
diff --git a/src/Migration/WithPermPresetsTrait.php b/src/Migration/WithPermPresetsTrait.php
new file mode 100644
index 00000000..debbade8
--- /dev/null
+++ b/src/Migration/WithPermPresetsTrait.php
@@ -0,0 +1,72 @@
+<?php
+/*
+ * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
+ *
+ *  Copyright (C) 2019 - 2024 Jan Böhmer (https://github.com/jbtronics)
+ *
+ *  This program is free software: you can redistribute it and/or modify
+ *  it under the terms of the GNU Affero General Public License as published
+ *  by the Free Software Foundation, either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU Affero General Public License for more details.
+ *
+ *  You should have received a copy of the GNU Affero General Public License
+ *  along with this program.  If not, see <https://www.gnu.org/licenses/>.
+ */
+
+declare(strict_types=1);
+
+
+namespace App\Migration;
+
+use App\Entity\UserSystem\PermissionData;
+use App\Security\Interfaces\HasPermissionsInterface;
+use App\Services\UserSystem\PermissionPresetsHelper;
+use Symfony\Component\DependencyInjection\ContainerInterface;
+
+trait WithPermPresetsTrait
+{
+    private ?ContainerInterface $container = null;
+    private ?PermissionPresetsHelper $permission_presets_helper = null;
+
+    private function getJSONPermDataFromPreset(string $preset): string
+    {
+        if ($this->permission_presets_helper === null) {
+            throw new \RuntimeException('PermissionPresetsHelper not set! There seems to be some issue with the dependency injection!');
+        }
+
+        //Create a virtual user on which we can apply the preset
+        $user = new class implements HasPermissionsInterface {
+
+            public PermissionData $perm_data;
+
+            public function __construct()
+            {
+                $this->perm_data = new PermissionData();
+            }
+
+            public function getPermissions(): PermissionData
+            {
+                return $this->perm_data;
+            }
+        };
+
+        //Apply the preset to the virtual user
+        $this->permission_presets_helper->applyPreset($user, $preset);
+
+        //And return the json data
+        return json_encode($user->getPermissions());
+    }
+
+    public function setContainer(ContainerInterface $container = null): void
+    {
+        if ($container) {
+            $this->container = $container;
+            $this->permission_presets_helper = $container->get(PermissionPresetsHelper::class);
+        }
+    }
+}
\ No newline at end of file