[EventLog] Added permission checking and link in tools tree.

src/Controller/LogController.php

@@ -42,8 +42,10 @@ class LogController extends AbstractController
      *
      * @return JsonResponse|Response
      */
-    public function showCategory(Request $request, DataTableFactory $dataTable)
+    public function showLogs(Request $request, DataTableFactory $dataTable)
     {
+        $this->denyAccessUnlessGranted('@system.show_logs');
+
         $table = $dataTable->createFromType(LogDataTable::class)
             ->handleRequest($request);
 

src/Security/Voter/LogEntryVoter.php

@@ -0,0 +1,70 @@
+<?php
+/**
+ * This file is part of Part-DB (https://github.com/Part-DB/Part-DB-symfony).
+ *
+ * Copyright (C) 2019 - 2020 Jan Böhmer (https://github.com/jbtronics)
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301, USA
+ */
+
+namespace App\Security\Voter;
+
+
+use App\Entity\LogSystem\AbstractLogEntry;
+use App\Entity\UserSystem\User;
+
+class LogEntryVoter extends ExtendedVoter
+{
+
+    public const ALLOWED_OPS = ['read', 'delete'];
+
+    /**
+     * @inheritDoc
+     */
+    protected function voteOnUser($attribute, $subject, User $user): bool
+    {
+        if ($subject instanceof AbstractLogEntry) {
+            if ($attribute === 'delete') {
+                return $this->resolver->inherit($user, 'system', 'delete_logs') ?? false;
+            }
+
+            if ($attribute === 'read') {
+                //Allow read of the users own log entries
+                if (
+                    $subject->getUser() === $user
+                    && $this->resolver->inherit($user, 'self', 'show_logs')
+                ) {
+                    return true;
+                }
+
+                return $this->resolver->inherit($user, 'system','show_logs') ?? false;
+            }
+        }
+
+        return false;
+    }
+
+    /**
+     * @inheritDoc
+     */
+    protected function supports($attribute, $subject)
+    {
+        if ($subject instanceof AbstractLogEntry) {
+            return in_array($subject, static::ALLOWED_OPS);
+        }
+
+        return false;
+    }
+}

src/Security/Voter/PermissionVoter.php

@@ -28,6 +28,7 @@ use App\Entity\UserSystem\User;
 
 /**
  * This voter allows you to directly check permissions from the permission structure, without passing an object.
+ * This use the syntax like "@permission.op"
  * However you should use the "normal" object based voters if possible, because they are needed for a future ACL system.
  */
 class PermissionVoter extends ExtendedVoter
@@ -44,7 +45,7 @@ class PermissionVoter extends ExtendedVoter
         $attribute = ltrim($attribute, '@');
         [$perm, $op] = explode('.', $attribute);
 
-        return $this->resolver->inherit($user, $perm, $op);
+        return $this->resolver->inherit($user, $perm, $op) ?? false;
     }
 
     /**

src/Services/Trees/ToolsTreeBuilder.php

@@ -212,6 +212,13 @@ class ToolsTreeBuilder
             );
         }
 
+        if ($this->security->isGranted('@system.show_logs')) {
+            $nodes[] = new TreeViewNode(
+                $this->translator->trans('tree.tools.system.event_log'),
+                $this->urlGenerator->generate('log_view')
+            );
+        }
+
         return $nodes;
     }
 }