diff --git a/config/permissions.yaml b/config/permissions.yaml
index f9b4a1ee..bcd3d79c 100644
--- a/config/permissions.yaml
+++ b/config/permissions.yaml
@@ -43,6 +43,9 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
revert_element:
label: "perm.revert_elements"
alsoSet: ["read", "edit", "create", "delete", "show_history"]
+ import:
+ label: "perm.import"
+ alsoSet: ["read", "edit", "create"]
parts_stock:
group: "data"
@@ -76,6 +79,9 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
revert_element:
label: "perm.revert_elements"
alsoSet: ["read", "edit", "create", "delete", "show_history"]
+ import:
+ label: "perm.import"
+ alsoSet: [ "read", "edit", "create" ]
footprints:
<<: *PART_CONTAINING
@@ -156,6 +162,9 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
revert_element:
label: "perm.revert_elements"
alsoSet: ["read", "edit", "create", "delete", "edit_permissions", "show_history"]
+ import:
+ label: "perm.import"
+ alsoSet: [ "read", "edit", "create" ]
users:
label: "perm.users"
@@ -188,6 +197,9 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
revert_element:
label: "perm.revert_elements"
alsoSet: ["read", "create", "delete", "edit_permissions", "show_history", "edit_infos", "edit_username"]
+ import:
+ label: "perm.import"
+ alsoSet: [ "read", "create" ]
#database:
# label: "perm.database"
diff --git a/src/Services/UserSystem/PermissionManager.php b/src/Services/UserSystem/PermissionManager.php
index 717c0bac..618e473a 100644
--- a/src/Services/UserSystem/PermissionManager.php
+++ b/src/Services/UserSystem/PermissionManager.php
@@ -271,6 +271,28 @@ class PermissionManager
}
}
+ /**
+ * This function sets all operations of the given permission to the given value, except the ones listed in the except array.
+ * @param HasPermissionsInterface $perm_holder
+ * @param string $permission
+ * @param bool|null $new_value
+ * @param array $except
+ * @return void
+ */
+ public function setAllOperationsOfPermissionExcept(HasPermissionsInterface $perm_holder, string $permission, ?bool $new_value, array $except): void
+ {
+ if (!$this->isValidPermission($permission)) {
+ throw new InvalidArgumentException(sprintf('A permission with that name is not existing! Got %s.', $permission));
+ }
+
+ foreach ($this->permission_structure['perms'][$permission]['operations'] as $op_key => $op) {
+ if (in_array($op_key, $except, true)) {
+ continue;
+ }
+ $this->setPermission($perm_holder, $permission, $op_key, $new_value);
+ }
+ }
+
protected function generatePermissionStructure()
{
$cache = new ConfigCache($this->cache_file, $this->is_debug);
diff --git a/src/Services/UserSystem/PermissionPresetsHelper.php b/src/Services/UserSystem/PermissionPresetsHelper.php
index 732e29f5..3340f9bb 100644
--- a/src/Services/UserSystem/PermissionPresetsHelper.php
+++ b/src/Services/UserSystem/PermissionPresetsHelper.php
@@ -93,6 +93,20 @@ class PermissionPresetsHelper
//Allow access to system log and server infos
$this->permissionResolver->setPermission($perm_holder, 'system', 'show_logs', PermissionData::ALLOW);
$this->permissionResolver->setPermission($perm_holder, 'system', 'server_infos', PermissionData::ALLOW);
+
+ //Allow import for all datastructures
+ $this->permissionResolver->setAllOperationsOfPermission($perm_holder, 'parts', PermissionData::ALLOW);
+ $this->permissionResolver->setAllOperationsOfPermission($perm_holder, 'parts_stock', PermissionData::ALLOW);
+ $this->permissionResolver->setAllOperationsOfPermission($perm_holder, 'categories', PermissionData::ALLOW);
+ $this->permissionResolver->setAllOperationsOfPermission($perm_holder, 'storelocations', PermissionData::ALLOW);
+ $this->permissionResolver->setAllOperationsOfPermission($perm_holder, 'footprints', PermissionData::ALLOW);
+ $this->permissionResolver->setAllOperationsOfPermission($perm_holder, 'manufacturers', PermissionData::ALLOW);
+ $this->permissionResolver->setAllOperationsOfPermission($perm_holder, 'attachment_types', PermissionData::ALLOW);
+ $this->permissionResolver->setAllOperationsOfPermission($perm_holder, 'currencies', PermissionData::ALLOW);
+ $this->permissionResolver->setAllOperationsOfPermission($perm_holder, 'measurement_units', PermissionData::ALLOW);
+ $this->permissionResolver->setAllOperationsOfPermission($perm_holder, 'suppliers', PermissionData::ALLOW);
+ $this->permissionResolver->setAllOperationsOfPermission($perm_holder, 'projects', PermissionData::ALLOW);
+
}
private function editor(HasPermissionsInterface $permHolder): HasPermissionsInterface
@@ -101,17 +115,18 @@ class PermissionPresetsHelper
$this->readOnly($permHolder);
//Set datastructures
- $this->permissionResolver->setAllOperationsOfPermission($permHolder, 'parts', PermissionData::ALLOW);
+ //By default import is restricted to administrators, as it allows to fill up the database very fast
+ $this->permissionResolver->setAllOperationsOfPermissionExcept($permHolder, 'parts', PermissionData::ALLOW, ['import']);
$this->permissionResolver->setAllOperationsOfPermission($permHolder, 'parts_stock', PermissionData::ALLOW);
- $this->permissionResolver->setAllOperationsOfPermission($permHolder, 'categories', PermissionData::ALLOW);
- $this->permissionResolver->setAllOperationsOfPermission($permHolder, 'storelocations', PermissionData::ALLOW);
- $this->permissionResolver->setAllOperationsOfPermission($permHolder, 'footprints', PermissionData::ALLOW);
- $this->permissionResolver->setAllOperationsOfPermission($permHolder, 'manufacturers', PermissionData::ALLOW);
- $this->permissionResolver->setAllOperationsOfPermission($permHolder, 'attachment_types', PermissionData::ALLOW);
- $this->permissionResolver->setAllOperationsOfPermission($permHolder, 'currencies', PermissionData::ALLOW);
- $this->permissionResolver->setAllOperationsOfPermission($permHolder, 'measurement_units', PermissionData::ALLOW);
- $this->permissionResolver->setAllOperationsOfPermission($permHolder, 'suppliers', PermissionData::ALLOW);
- $this->permissionResolver->setAllOperationsOfPermission($permHolder, 'projects', PermissionData::ALLOW);
+ $this->permissionResolver->setAllOperationsOfPermissionExcept($permHolder, 'categories', PermissionData::ALLOW, ['import']);
+ $this->permissionResolver->setAllOperationsOfPermissionExcept($permHolder, 'storelocations', PermissionData::ALLOW, ['import']);
+ $this->permissionResolver->setAllOperationsOfPermissionExcept($permHolder, 'footprints', PermissionData::ALLOW, ['import']);
+ $this->permissionResolver->setAllOperationsOfPermissionExcept($permHolder, 'manufacturers', PermissionData::ALLOW, ['import']);
+ $this->permissionResolver->setAllOperationsOfPermissionExcept($permHolder, 'attachment_types', PermissionData::ALLOW, ['import']);
+ $this->permissionResolver->setAllOperationsOfPermissionExcept($permHolder, 'currencies', PermissionData::ALLOW, ['import']);
+ $this->permissionResolver->setAllOperationsOfPermissionExcept($permHolder, 'measurement_units', PermissionData::ALLOW, ['import']);
+ $this->permissionResolver->setAllOperationsOfPermissionExcept($permHolder, 'suppliers', PermissionData::ALLOW, ['import']);
+ $this->permissionResolver->setAllOperationsOfPermissionExcept($permHolder, 'projects', PermissionData::ALLOW, ['import']);
//Attachments permissions
$this->permissionResolver->setPermission($permHolder, 'attachments', 'show_private', PermissionData::ALLOW);
diff --git a/tests/Services/UserSystem/PermissionManagerTest.php b/tests/Services/UserSystem/PermissionManagerTest.php
index 78ce2850..57905253 100644
--- a/tests/Services/UserSystem/PermissionManagerTest.php
+++ b/tests/Services/UserSystem/PermissionManagerTest.php
@@ -240,6 +240,36 @@ class PermissionManagerTest extends WebTestCase
$this->assertNull($this->service->dontInherit($user, 'parts', 'edit'));
}
+ public function testSetAllOperationsOfPermissionExcept(): void
+ {
+ $user = new User();
+
+ //Set all operations of permission to true (except import and delete)
+ $this->service->setAllOperationsOfPermissionExcept($user, 'parts', true, ['import', 'delete']);
+ $this->assertTrue($this->service->dontInherit($user, 'parts', 'read'));
+ $this->assertTrue($this->service->dontInherit($user, 'parts', 'create'));
+ $this->assertTrue($this->service->dontInherit($user, 'parts', 'edit'));
+ $this->assertNull($this->service->dontInherit($user, 'parts', 'import'));
+ $this->assertNull($this->service->dontInherit($user, 'parts', 'delete'));
+
+ //Set all operations of permission to false
+ $this->service->setAllOperationsOfPermissionExcept($user, 'parts', false, ['import', 'delete']);
+ $this->assertFalse($this->service->dontInherit($user, 'parts', 'read'));
+ $this->assertFalse($this->service->dontInherit($user, 'parts', 'create'));
+ $this->assertFalse($this->service->dontInherit($user, 'parts', 'edit'));
+ $this->assertNull($this->service->dontInherit($user, 'parts', 'import'));
+ $this->assertNull($this->service->dontInherit($user, 'parts', 'delete'));
+
+
+ //Set all operations of permission to null
+ $this->service->setAllOperationsOfPermissionExcept($user, 'parts', null, ['import', 'delete']);
+ $this->assertNull($this->service->dontInherit($user, 'parts', 'read'));
+ $this->assertNull($this->service->dontInherit($user, 'parts', 'create'));
+ $this->assertNull($this->service->dontInherit($user, 'parts', 'edit'));
+ $this->assertNull($this->service->dontInherit($user, 'parts', 'import'));
+ $this->assertNull($this->service->dontInherit($user, 'parts', 'delete'));
+ }
+
public function testEnsureCorrectSetOperations(): void
{
//Create an empty user (all permissions are inherit)
diff --git a/translations/messages.en.xlf b/translations/messages.en.xlf
index 324ff192..e2ac1271 100644
--- a/translations/messages.en.xlf
+++ b/translations/messages.en.xlf
@@ -11115,5 +11115,11 @@ Element 3
Imported parts
+
+
+ perm.import
+ Import data
+
+