mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-22 18:03:37 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Make user info page public for all logged in user

Browse source
This commit is contained in:
Jan Böhmer 2023-04-08 01:04:10 +02:00
parent bcda71cb25
commit b0d2a22f62
2 changed files with 33 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/Controller/UserController.php
View file

@ -202,9 +202,11 @@ class UserController extends AdminPages\BaseAdminController
$user = $tmp; $user = $tmp;
} else { } else {
//Else we must check, if the current user is allowed to access $user //Else we must check, if the current user is allowed to access $user
$this->denyAccessUnlessGranted('read', $user); $this->denyAccessUnlessGranted('info', $user);
} }
//Only show the history table, if the user is the current user
if ($user === $this->getUser()) {
$table = $this->dataTableFactory->createFromType( $table = $this->dataTableFactory->createFromType(
LogDataTable::class, LogDataTable::class,
[ [
@ -218,6 +220,7 @@ class UserController extends AdminPages\BaseAdminController
if ($table->isCallback()) { if ($table->isCallback()) {
return $table->getResponse(); return $table->getResponse();
} }
}
//Show permissions to user //Show permissions to user
$builder = $this->createFormBuilder()->add('permissions', PermissionsType::class, [ $builder = $this->createFormBuilder()->add('permissions', PermissionsType::class, [
@ -230,7 +233,7 @@ class UserController extends AdminPages\BaseAdminController
return $this->renderForm('users/user_info.html.twig', [ return $this->renderForm('users/user_info.html.twig', [
'user' => $user, 'user' => $user,
'form' => $builder->getForm(), 'form' => $builder->getForm(),
'datatable' => $table, 'datatable' => $table ?? null,
]); ]);
} }
} }

17
src/Security/Voter/UserVoter.php
View file

@ -38,9 +38,12 @@ class UserVoter extends ExtendedVoter
protected function supports(string $attribute, $subject): bool protected function supports(string $attribute, $subject): bool
{ {
if (is_a($subject, User::class, true)) { if (is_a($subject, User::class, true)) {
return in_array($attribute, array_merge( return in_array($attribute,
array_merge(
$this->resolver->listOperationsForPermission('users'), $this->resolver->listOperationsForPermission('users'),
$this->resolver->listOperationsForPermission('self')), $this->resolver->listOperationsForPermission('self'),
['info']
),
false false
); );
} }
@ -56,6 +59,16 @@ class UserVoter extends ExtendedVoter
*/ */
protected function voteOnUser(string $attribute, $subject, User $user): bool protected function voteOnUser(string $attribute, $subject, User $user): bool
{ {
if ($attribute === 'info') {
//Every logged-in user (non-anonymous) can see the info pages of other users
if (!$user->isAnonymousUser()) {
return true;
}
//For the anonymous user, use the user read permission
$attribute = 'read';
}
//Check if the checked user is the user itself //Check if the checked user is the user itself
if (($subject instanceof User) && $subject->getID() === $user->getID() && if (($subject instanceof User) && $subject->getID() === $user->getID() &&
$this->resolver->isValidOperation('self', $attribute)) { $this->resolver->isValidOperation('self', $attribute)) {