mirror/Part-DB.Part-DB-server
1
0
Fork 1
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-06-22 09:53:35 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Make user info page public for all logged in user

Browse source
This commit is contained in:
Jan Böhmer 2023-04-08 01:04:10 +02:00
parent bcda71cb25
commit b0d2a22f62
2 changed files with 33 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

29
src/Controller/UserController.php
View file

@ -202,21 +202,24 @@ class UserController extends AdminPages\BaseAdminController
$user = $tmp; $user = $tmp;
} else { } else {
//Else we must check, if the current user is allowed to access $user //Else we must check, if the current user is allowed to access $user
$this->denyAccessUnlessGranted('read', $user); $this->denyAccessUnlessGranted('info', $user);
} }
$table = $this->dataTableFactory->createFromType( //Only show the history table, if the user is the current user
LogDataTable::class, if ($user === $this->getUser()) {
[ $table = $this->dataTableFactory->createFromType(
'filter_elements' => $user, LogDataTable::class,
'mode' => 'element_history', [
], 'filter_elements' => $user,
['pageLength' => 10] 'mode' => 'element_history',
) ],
->handleRequest($request); ['pageLength' => 10]
)
->handleRequest($request);
if ($table->isCallback()) { if ($table->isCallback()) {
return $table->getResponse(); return $table->getResponse();
}
} }
//Show permissions to user //Show permissions to user
@ -230,7 +233,7 @@ class UserController extends AdminPages\BaseAdminController
return $this->renderForm('users/user_info.html.twig', [ return $this->renderForm('users/user_info.html.twig', [
'user' => $user, 'user' => $user,
'form' => $builder->getForm(), 'form' => $builder->getForm(),
'datatable' => $table, 'datatable' => $table ?? null,
]); ]);
} }
} }

21
src/Security/Voter/UserVoter.php
View file

@ -38,10 +38,13 @@ class UserVoter extends ExtendedVoter
protected function supports(string $attribute, $subject): bool protected function supports(string $attribute, $subject): bool
{ {
if (is_a($subject, User::class, true)) { if (is_a($subject, User::class, true)) {
return in_array($attribute, array_merge( return in_array($attribute,
$this->resolver->listOperationsForPermission('users'), array_merge(
$this->resolver->listOperationsForPermission('self')), $this->resolver->listOperationsForPermission('users'),
false $this->resolver->listOperationsForPermission('self'),
['info']
),
false
); );
} }
@ -56,6 +59,16 @@ class UserVoter extends ExtendedVoter
*/ */
protected function voteOnUser(string $attribute, $subject, User $user): bool protected function voteOnUser(string $attribute, $subject, User $user): bool
{ {
if ($attribute === 'info') {
//Every logged-in user (non-anonymous) can see the info pages of other users
if (!$user->isAnonymousUser()) {
return true;
}
//For the anonymous user, use the user read permission
$attribute = 'read';
}
//Check if the checked user is the user itself //Check if the checked user is the user itself
if (($subject instanceof User) && $subject->getID() === $user->getID() && if (($subject instanceof User) && $subject->getID() === $user->getID() &&
$this->resolver->isValidOperation('self', $attribute)) { $this->resolver->isValidOperation('self', $attribute)) {