mirror of
https://github.com/Part-DB/Part-DB-server.git
synced 2025-06-30 13:34:28 +02:00
Added permissions for importing data
This commit is contained in:
Jan Böhmer
parent
4be6cb2459
commit
bd5ee837f4
5 changed files with 95 additions and 10 deletions
|
|
@ -43,6 +43,9 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
|
||||||
revert_element:
|
revert_element:
|
||||||
label: "perm.revert_elements"
|
label: "perm.revert_elements"
|
||||||
alsoSet: ["read", "edit", "create", "delete", "show_history"]
|
alsoSet: ["read", "edit", "create", "delete", "show_history"]
|
||||||
|
import:
|
||||||
|
label: "perm.import"
|
||||||
|
alsoSet: ["read", "edit", "create"]
|
||||||
|
|
||||||
parts_stock:
|
parts_stock:
|
||||||
group: "data"
|
group: "data"
|
||||||
|
|
@ -76,6 +79,9 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
|
||||||
revert_element:
|
revert_element:
|
||||||
label: "perm.revert_elements"
|
label: "perm.revert_elements"
|
||||||
alsoSet: ["read", "edit", "create", "delete", "show_history"]
|
alsoSet: ["read", "edit", "create", "delete", "show_history"]
|
||||||
|
import:
|
||||||
|
label: "perm.import"
|
||||||
|
alsoSet: [ "read", "edit", "create" ]
|
||||||
|
|
||||||
footprints:
|
footprints:
|
||||||
<<: *PART_CONTAINING
|
<<: *PART_CONTAINING
|
||||||
|
|
@ -156,6 +162,9 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
|
||||||
revert_element:
|
revert_element:
|
||||||
label: "perm.revert_elements"
|
label: "perm.revert_elements"
|
||||||
alsoSet: ["read", "edit", "create", "delete", "edit_permissions", "show_history"]
|
alsoSet: ["read", "edit", "create", "delete", "edit_permissions", "show_history"]
|
||||||
|
import:
|
||||||
|
label: "perm.import"
|
||||||
|
alsoSet: [ "read", "edit", "create" ]
|
||||||
|
|
||||||
users:
|
users:
|
||||||
label: "perm.users"
|
label: "perm.users"
|
||||||
|
|
@ -188,6 +197,9 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
|
||||||
revert_element:
|
revert_element:
|
||||||
label: "perm.revert_elements"
|
label: "perm.revert_elements"
|
||||||
alsoSet: ["read", "create", "delete", "edit_permissions", "show_history", "edit_infos", "edit_username"]
|
alsoSet: ["read", "create", "delete", "edit_permissions", "show_history", "edit_infos", "edit_username"]
|
||||||
|
import:
|
||||||
|
label: "perm.import"
|
||||||
|
alsoSet: [ "read", "create" ]
|
||||||
|
|
||||||
#database:
|
#database:
|
||||||
# label: "perm.database"
|
# label: "perm.database"
|
||||||
|
|
|
||||||
|
|
@ -271,6 +271,28 @@ class PermissionManager
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* This function sets all operations of the given permission to the given value, except the ones listed in the except array.
|
||||||
|
* @param HasPermissionsInterface $perm_holder
|
||||||
|
* @param string $permission
|
||||||
|
* @param bool|null $new_value
|
||||||
|
* @param array $except
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
public function setAllOperationsOfPermissionExcept(HasPermissionsInterface $perm_holder, string $permission, ?bool $new_value, array $except): void
|
||||||
|
{
|
||||||
|
if (!$this->isValidPermission($permission)) {
|
||||||
|
throw new InvalidArgumentException(sprintf('A permission with that name is not existing! Got %s.', $permission));
|
||||||
|
}
|
||||||
|
|
||||||
|
foreach ($this->permission_structure['perms'][$permission]['operations'] as $op_key => $op) {
|
||||||
|
if (in_array($op_key, $except, true)) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
$this->setPermission($perm_holder, $permission, $op_key, $new_value);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
protected function generatePermissionStructure()
|
protected function generatePermissionStructure()
|
||||||
{
|
{
|
||||||
$cache = new ConfigCache($this->cache_file, $this->is_debug);
|
$cache = new ConfigCache($this->cache_file, $this->is_debug);
|
||||||
|
|
|
||||||
|
|
@ -93,6 +93,20 @@ class PermissionPresetsHelper
|
||||||
//Allow access to system log and server infos
|
//Allow access to system log and server infos
|
||||||
$this->permissionResolver->setPermission($perm_holder, 'system', 'show_logs', PermissionData::ALLOW);
|
$this->permissionResolver->setPermission($perm_holder, 'system', 'show_logs', PermissionData::ALLOW);
|
||||||
$this->permissionResolver->setPermission($perm_holder, 'system', 'server_infos', PermissionData::ALLOW);
|
$this->permissionResolver->setPermission($perm_holder, 'system', 'server_infos', PermissionData::ALLOW);
|
||||||
|
|
||||||
|
//Allow import for all datastructures
|
||||||
|
$this->permissionResolver->setAllOperationsOfPermission($perm_holder, 'parts', PermissionData::ALLOW);
|
||||||
|
$this->permissionResolver->setAllOperationsOfPermission($perm_holder, 'parts_stock', PermissionData::ALLOW);
|
||||||
|
$this->permissionResolver->setAllOperationsOfPermission($perm_holder, 'categories', PermissionData::ALLOW);
|
||||||
|
$this->permissionResolver->setAllOperationsOfPermission($perm_holder, 'storelocations', PermissionData::ALLOW);
|
||||||
|
$this->permissionResolver->setAllOperationsOfPermission($perm_holder, 'footprints', PermissionData::ALLOW);
|
||||||
|
$this->permissionResolver->setAllOperationsOfPermission($perm_holder, 'manufacturers', PermissionData::ALLOW);
|
||||||
|
$this->permissionResolver->setAllOperationsOfPermission($perm_holder, 'attachment_types', PermissionData::ALLOW);
|
||||||
|
$this->permissionResolver->setAllOperationsOfPermission($perm_holder, 'currencies', PermissionData::ALLOW);
|
||||||
|
$this->permissionResolver->setAllOperationsOfPermission($perm_holder, 'measurement_units', PermissionData::ALLOW);
|
||||||
|
$this->permissionResolver->setAllOperationsOfPermission($perm_holder, 'suppliers', PermissionData::ALLOW);
|
||||||
|
$this->permissionResolver->setAllOperationsOfPermission($perm_holder, 'projects', PermissionData::ALLOW);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private function editor(HasPermissionsInterface $permHolder): HasPermissionsInterface
|
private function editor(HasPermissionsInterface $permHolder): HasPermissionsInterface
|
||||||
|
|
@ -101,17 +115,18 @@ class PermissionPresetsHelper
|
||||||
$this->readOnly($permHolder);
|
$this->readOnly($permHolder);
|
||||||
|
|
||||||
//Set datastructures
|
//Set datastructures
|
||||||
$this->permissionResolver->setAllOperationsOfPermission($permHolder, 'parts', PermissionData::ALLOW);
|
//By default import is restricted to administrators, as it allows to fill up the database very fast
|
||||||
|
$this->permissionResolver->setAllOperationsOfPermissionExcept($permHolder, 'parts', PermissionData::ALLOW, ['import']);
|
||||||
$this->permissionResolver->setAllOperationsOfPermission($permHolder, 'parts_stock', PermissionData::ALLOW);
|
$this->permissionResolver->setAllOperationsOfPermission($permHolder, 'parts_stock', PermissionData::ALLOW);
|
||||||
$this->permissionResolver->setAllOperationsOfPermission($permHolder, 'categories', PermissionData::ALLOW);
|
$this->permissionResolver->setAllOperationsOfPermissionExcept($permHolder, 'categories', PermissionData::ALLOW, ['import']);
|
||||||
$this->permissionResolver->setAllOperationsOfPermission($permHolder, 'storelocations', PermissionData::ALLOW);
|
$this->permissionResolver->setAllOperationsOfPermissionExcept($permHolder, 'storelocations', PermissionData::ALLOW, ['import']);
|
||||||
$this->permissionResolver->setAllOperationsOfPermission($permHolder, 'footprints', PermissionData::ALLOW);
|
$this->permissionResolver->setAllOperationsOfPermissionExcept($permHolder, 'footprints', PermissionData::ALLOW, ['import']);
|
||||||
$this->permissionResolver->setAllOperationsOfPermission($permHolder, 'manufacturers', PermissionData::ALLOW);
|
$this->permissionResolver->setAllOperationsOfPermissionExcept($permHolder, 'manufacturers', PermissionData::ALLOW, ['import']);
|
||||||
$this->permissionResolver->setAllOperationsOfPermission($permHolder, 'attachment_types', PermissionData::ALLOW);
|
$this->permissionResolver->setAllOperationsOfPermissionExcept($permHolder, 'attachment_types', PermissionData::ALLOW, ['import']);
|
||||||
$this->permissionResolver->setAllOperationsOfPermission($permHolder, 'currencies', PermissionData::ALLOW);
|
$this->permissionResolver->setAllOperationsOfPermissionExcept($permHolder, 'currencies', PermissionData::ALLOW, ['import']);
|
||||||
$this->permissionResolver->setAllOperationsOfPermission($permHolder, 'measurement_units', PermissionData::ALLOW);
|
$this->permissionResolver->setAllOperationsOfPermissionExcept($permHolder, 'measurement_units', PermissionData::ALLOW, ['import']);
|
||||||
$this->permissionResolver->setAllOperationsOfPermission($permHolder, 'suppliers', PermissionData::ALLOW);
|
$this->permissionResolver->setAllOperationsOfPermissionExcept($permHolder, 'suppliers', PermissionData::ALLOW, ['import']);
|
||||||
$this->permissionResolver->setAllOperationsOfPermission($permHolder, 'projects', PermissionData::ALLOW);
|
$this->permissionResolver->setAllOperationsOfPermissionExcept($permHolder, 'projects', PermissionData::ALLOW, ['import']);
|
||||||
|
|
||||||
//Attachments permissions
|
//Attachments permissions
|
||||||
$this->permissionResolver->setPermission($permHolder, 'attachments', 'show_private', PermissionData::ALLOW);
|
$this->permissionResolver->setPermission($permHolder, 'attachments', 'show_private', PermissionData::ALLOW);
|
||||||
|
|
|
||||||
|
|
@ -240,6 +240,36 @@ class PermissionManagerTest extends WebTestCase
|
||||||
$this->assertNull($this->service->dontInherit($user, 'parts', 'edit'));
|
$this->assertNull($this->service->dontInherit($user, 'parts', 'edit'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testSetAllOperationsOfPermissionExcept(): void
|
||||||
|
{
|
||||||
|
$user = new User();
|
||||||
|
|
||||||
|
//Set all operations of permission to true (except import and delete)
|
||||||
|
$this->service->setAllOperationsOfPermissionExcept($user, 'parts', true, ['import', 'delete']);
|
||||||
|
$this->assertTrue($this->service->dontInherit($user, 'parts', 'read'));
|
||||||
|
$this->assertTrue($this->service->dontInherit($user, 'parts', 'create'));
|
||||||
|
$this->assertTrue($this->service->dontInherit($user, 'parts', 'edit'));
|
||||||
|
$this->assertNull($this->service->dontInherit($user, 'parts', 'import'));
|
||||||
|
$this->assertNull($this->service->dontInherit($user, 'parts', 'delete'));
|
||||||
|
|
||||||
|
//Set all operations of permission to false
|
||||||
|
$this->service->setAllOperationsOfPermissionExcept($user, 'parts', false, ['import', 'delete']);
|
||||||
|
$this->assertFalse($this->service->dontInherit($user, 'parts', 'read'));
|
||||||
|
$this->assertFalse($this->service->dontInherit($user, 'parts', 'create'));
|
||||||
|
$this->assertFalse($this->service->dontInherit($user, 'parts', 'edit'));
|
||||||
|
$this->assertNull($this->service->dontInherit($user, 'parts', 'import'));
|
||||||
|
$this->assertNull($this->service->dontInherit($user, 'parts', 'delete'));
|
||||||
|
|
||||||
|
|
||||||
|
//Set all operations of permission to null
|
||||||
|
$this->service->setAllOperationsOfPermissionExcept($user, 'parts', null, ['import', 'delete']);
|
||||||
|
$this->assertNull($this->service->dontInherit($user, 'parts', 'read'));
|
||||||
|
$this->assertNull($this->service->dontInherit($user, 'parts', 'create'));
|
||||||
|
$this->assertNull($this->service->dontInherit($user, 'parts', 'edit'));
|
||||||
|
$this->assertNull($this->service->dontInherit($user, 'parts', 'import'));
|
||||||
|
$this->assertNull($this->service->dontInherit($user, 'parts', 'delete'));
|
||||||
|
}
|
||||||
|
|
||||||
public function testEnsureCorrectSetOperations(): void
|
public function testEnsureCorrectSetOperations(): void
|
||||||
{
|
{
|
||||||
//Create an empty user (all permissions are inherit)
|
//Create an empty user (all permissions are inherit)
|
||||||
|
|
|
||||||
|
|
@ -11115,5 +11115,11 @@ Element 3</target>
|
||||||
<target>Imported parts</target>
|
<target>Imported parts</target>
|
||||||
</segment>
|
</segment>
|
||||||
</unit>
|
</unit>
|
||||||
|
<unit id="W7NWPFx" name="perm.import">
|
||||||
|
<segment>
|
||||||
|
<source>perm.import</source>
|
||||||
|
<target>Import data</target>
|
||||||
|
</segment>
|
||||||
|
</unit>
|
||||||
</file>
|
</file>
|
||||||
</xliff>
|
</xliff>
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue