mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-21 09:35:49 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Allow to specify operations that also need to be set.

Browse source 
When the edit operation is set, the read permission is now set too.
This commit is contained in:
Jan Böhmer 2019-09-11 13:37:51 +02:00
parent 55983102ed
commit ac302ab16a
7 changed files with 163 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

26
config/permissions.yaml
View file

@ -24,15 +24,19 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
edit: edit:
label: "perm.edit" label: "perm.edit"
bit: 2 bit: 2
alsoSet: 'read'
create: create:
label: "perm.create" label: "perm.create"
bit: 4 bit: 4
alsoSet: ['read', 'edit']
move: move:
label: "perm.part.move" label: "perm.part.move"
bit: 6 bit: 6
alsoSet: 'read'
delete: delete:
label: "perm.delete" label: "perm.delete"
bit: 8 bit: 8
alsoSet: ['read', 'edit']
search: search:
label: "perm.part.search" label: "perm.part.search"
bit: 10 bit: 10
@ -74,6 +78,7 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
edit: edit:
label: "perm.edit" label: "perm.edit"
bit: 2 bit: 2
alsoSet: 'read'
parts_description: parts_description:
<<: *PART_ATTRIBUTE <<: *PART_ATTRIBUTE
@ -129,15 +134,18 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
edit: edit:
label: "perm.edit" label: "perm.edit"
bit: 2 bit: 2
alsoSet: 'read'
create: create:
label: "perm.create" label: "perm.create"
bit: 4 bit: 4
alsoSet: ['read', 'edit']
move: move:
label: "perm.move" label: "perm.move"
bit: 6 bit: 6
delete: delete:
label: "perm.delete" label: "perm.delete"
bit: 8 bit: 8
alsoSet: ['read', 'edit']
list_parts: list_parts:
label: "perm.list_parts" label: "perm.list_parts"
bit: 10 bit: 10
@ -201,17 +209,21 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
edit: edit:
label: "perm.edit" label: "perm.edit"
bit: 2 bit: 2
alsoSet: 'read'
create: create:
label: "perm.create" label: "perm.create"
bit: 4 bit: 4
alsoSet: ['read', 'edit']
move: move:
label: "perm.move" label: "perm.move"
bit: 6 bit: 6
delete: delete:
label: "perm.delete" label: "perm.delete"
bit: 8 bit: 8
alsoSet: ['read', 'delete']
edit_permissions: edit_permissions:
label: "perm.edit_permissions" label: "perm.edit_permissions"
alsoSet: ['read', 'edit']
bit: 10 bit: 10
users: users:
@ -223,24 +235,31 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
bit: 0 bit: 0
create: create:
label: "perm.create" label: "perm.create"
alsoSet: ['read', 'edit_username', 'edit_infos']
bit: 4 bit: 4
delete: delete:
label: "perm.delete" label: "perm.delete"
alsoSet: ['read', 'edit']
bit: 8 bit: 8
edit_username: edit_username:
label: "perm.users.edit_user_name" label: "perm.users.edit_user_name"
alsoSet: ['read']
bit: 2 bit: 2
change_group: change_group:
label: "perm.users.edit_change_group" label: "perm.users.edit_change_group"
alsoSet: 'read'
bit: 6 bit: 6
edit_infos: edit_infos:
label: "perm.users.edit_infos" label: "perm.users.edit_infos"
alsoSet: 'read'
bit: 10 bit: 10
edit_permissions: edit_permissions:
label: "perm.users.edit_permissions" label: "perm.users.edit_permissions"
alsoSet: 'read'
bit: 12 bit: 12
set_password: set_password:
label: "perm.users.set_password" label: "perm.users.set_password"
alsoSet: 'set_read'
bit: 14 bit: 14
change_user_settings: change_user_settings:
label: "perm.users.change_user_settings" label: "perm.users.change_user_settings"
@ -256,11 +275,13 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
update_db: update_db:
label: "perm.database.update_db" label: "perm.database.update_db"
bit: 2 bit: 2
alsoSet: 'see_status'
read_db_settings: read_db_settings:
label: "perm.database.read_db_settings" label: "perm.database.read_db_settings"
bit: 4 bit: 4
write_db_settings: write_db_settings:
label: "perm.database.write_db_settings" label: "perm.database.write_db_settings"
alsoSet: ['read_db_settings', 'see_status']
bit: 2 bit: 2
config: config:
@ -272,6 +293,7 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
bit: 0 bit: 0
edit_config: edit_config:
label: "perm.config.edit_config" label: "perm.config.edit_config"
alsoSet: 'read_config'
bit: 2 bit: 2
server_info: server_info:
label: "perm.config.server_info" label: "perm.config.server_info"
@ -289,6 +311,7 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
bit: 2 bit: 2
delete_logs: delete_logs:
label: "perm.delete_logs" label: "perm.delete_logs"
alsoSet: 'show_logs'
bit: 4 bit: 4
devices_parts: devices_parts:
@ -300,12 +323,15 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
bit: 0 bit: 0
edit: edit:
label: "perm.edit" label: "perm.edit"
alsoSet: 'read'
bit: 2 bit: 2
create: create:
label: "perm.create" label: "perm.create"
alsoSet: ['edit', 'read']
bit: 6 bit: 6
delete: delete:
label: "perm.delete" label: "perm.delete"
alsoSet: ['edit', 'read']
bit: 8 bit: 8
self: self:

4
src/Configuration/PermissionsConfiguration.php
View file

@ -61,7 +61,9 @@ class PermissionsConfiguration implements ConfigurationInterface
->children() ->children()
->scalarNode('name')->end() ->scalarNode('name')->end()
->scalarNode('label')->end() ->scalarNode('label')->end()
->scalarNode('bit')->end(); ->scalarNode('bit')->end()
->arrayNode('alsoSet')
->beforeNormalization()->castToArray()->end()->scalarPrototype()->end();
return $treeBuilder; return $treeBuilder;
} }

2
src/Entity/UserSystem/User.php
View file

@ -64,6 +64,7 @@ namespace App\Entity\UserSystem;
use App\Entity\Base\NamedDBElement; use App\Entity\Base\NamedDBElement;
use App\Security\Interfaces\HasPermissionsInterface; use App\Security\Interfaces\HasPermissionsInterface;
use App\Validator\Constraints\Selectable; use App\Validator\Constraints\Selectable;
use App\Validator\Constraints\ValidPermission;
use Doctrine\ORM\Mapping as ORM; use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Validator\Constraints as Assert; use Symfony\Component\Validator\Constraints as Assert;
@ -163,6 +164,7 @@ class User extends NamedDBElement implements UserInterface, HasPermissionsInterf
/** @var PermissionsEmbed /** @var PermissionsEmbed
* @ORM\Embedded(class="PermissionsEmbed", columnPrefix="perms_") * @ORM\Embedded(class="PermissionsEmbed", columnPrefix="perms_")
* @ValidPermission()
*/ */
protected $permissions; protected $permissions;

46
src/Validator/Constraints/ValidPermission.php Normal file
View file

@ -0,0 +1,46 @@
<?php
/**
*
* part-db version 0.1
* Copyright (C) 2005 Christoph Lechner
* http://www.cl-projects.de/
*
* part-db version 0.2+
* Copyright (C) 2009 K. Jacobs and others (see authors.php)
* http://code.google.com/p/part-db/
*
* Part-DB Version 0.4+
* Copyright (C) 2016 - 2019 Jan Böhmer
* https://github.com/jbtronics
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*
*/
namespace App\Validator\Constraints;
use Symfony\Component\Validator\Constraint;
/**
* A PermissionEmbed object with this annotation will be checked with ValidPermissionValidator.
* That means the alsoSet values of the permission operations are set.
* @Annotation
* @package App\Validator\Constraints
*/
class ValidPermission extends Constraint
{
}

83
src/Validator/Constraints/ValidPermissionValidator.php Normal file
View file

@ -0,0 +1,83 @@
<?php
/**
*
* part-db version 0.1
* Copyright (C) 2005 Christoph Lechner
* http://www.cl-projects.de/
*
* part-db version 0.2+
* Copyright (C) 2009 K. Jacobs and others (see authors.php)
* http://code.google.com/p/part-db/
*
* Part-DB Version 0.4+
* Copyright (C) 2016 - 2019 Jan Böhmer
* https://github.com/jbtronics
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
*
*/
namespace App\Validator\Constraints;
use App\Entity\Parts\PartLot;
use App\Entity\UserSystem\PermissionsEmbed;
use App\Security\Interfaces\HasPermissionsInterface;
use App\Services\PermissionResolver;
use Symfony\Component\Form\Exception\UnexpectedTypeException;
use Symfony\Component\Validator\Constraint;
use Symfony\Component\Validator\ConstraintValidator;
class ValidPermissionValidator extends ConstraintValidator
{
protected $resolver;
protected $perm_structure;
public function __construct(PermissionResolver $resolver)
{
$this->resolver = $resolver;
$this->perm_structure = $resolver->getPermissionStructure();
}
/**
* Checks if the passed value is valid.
*
* @param mixed $value The value that should be validated
* @param Constraint $constraint The constraint for the validation
*/
public function validate($value, Constraint $constraint)
{
if (!$constraint instanceof ValidPermission) {
throw new UnexpectedTypeException($constraint, ValidPermission::class);
}
/** @var HasPermissionsInterface $perm_holder */
$perm_holder = $this->context->getObject();
//Check for each permission and operation, for an alsoSet attribute
foreach ($this->perm_structure['perms'] as $perm_key => $permission) {
foreach ($permission['operations'] as $op_key => $op) {
if (!empty($op['alsoSet']) &&
$this->resolver->dontInherit($perm_holder, $perm_key, $op_key) === true) {
//Set every op listed in also Set
foreach ($op['alsoSet'] as $set_also) {
$this->resolver->setPermission($perm_holder, $perm_key, $set_also, true);
}
}
}
}
}
}

2
templates/AdminPages/EntityAdminBase.html.twig
View file

@ -38,6 +38,8 @@
{% endif %} {% endif %}
</legend> </legend>
{{ form_errors(form) }}
<ul class="nav nav-tabs mt-2"> <ul class="nav nav-tabs mt-2">
<li class="nav-item"><a class="link-anchor active nav-link" data-toggle="tab" href="#home">{% trans %}standard.label{% endtrans %}</a></li> <li class="nav-item"><a class="link-anchor active nav-link" data-toggle="tab" href="#home">{% trans %}standard.label{% endtrans %}</a></li>
<li class="nav-item"><a data-toggle="tab" class="link-anchor nav-link" href="#info">{% trans %}infos.label{% endtrans %}</a></li> <li class="nav-item"><a data-toggle="tab" class="link-anchor nav-link" href="#info">{% trans %}infos.label{% endtrans %}</a></li>

1
templates/Form/permissionLayout.html.twig
View file

@ -32,6 +32,7 @@
{% endblock %} {% endblock %}
{% block permissions_row %} {% block permissions_row %}
{{ form_errors(form) }}
<ul class="nav nav-tabs"> <ul class="nav nav-tabs">
{% for group in form %} {% for group in form %}
<li class="nav-item"> <li class="nav-item">