groove/Part-DB-server
1
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-12-06 19:19:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4

Allow to show what permissions a user is lacking in case of access denied message

Browse source 
Should help with errors like 1026
This commit is contained in:
Jan Böhmer 2025-09-06 00:10:50 +02:00
parent ba7d139f8a
commit 117ff4484d
3 changed files with 35 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

10
src/Security/Voter/PermissionVoter.php
View file

@ -24,6 +24,7 @@ namespace App\Security\Voter;
use App\Services\UserSystem\VoterHelper;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Vote;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
/**
@ -39,12 +40,17 @@ final class PermissionVoter extends Voter
}
protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool
protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token, ?Vote $vote = null): bool
{
$attribute = ltrim($attribute, '@');
[$perm, $op] = explode('.', $attribute);
return $this->helper->isGranted($token, $perm, $op);
$result = $this->helper->isGranted($token, $perm, $op);
if ($result === false) {
$this->helper->addReason($vote, $perm, $op);
}
return $result;
}
public function supportsAttribute(string $attribute): bool

24
src/Services/UserSystem/VoterHelper.php
View file

@ -28,6 +28,9 @@ use App\Repository\UserRepository;
use App\Security\ApiTokenAuthenticatedToken;
use Doctrine\ORM\EntityManagerInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Vote;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
use Symfony\Contracts\Translation\TranslatorInterface;
/**
* @see \App\Tests\Services\UserSystem\VoterHelperTest
@ -35,10 +38,14 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
final class VoterHelper
{
private readonly UserRepository $userRepository;
private readonly array $permissionStructure;
public function __construct(private readonly PermissionManager $permissionManager, private readonly EntityManagerInterface $entityManager)
public function __construct(private readonly PermissionManager $permissionManager,
private readonly TranslatorInterface $translator,
private readonly EntityManagerInterface $entityManager)
{
$this->userRepository = $this->entityManager->getRepository(User::class);
$this->permissionStructure = $this->permissionManager->getPermissionStructure();
}
/**
@ -124,4 +131,17 @@ final class VoterHelper
{
return $this->permissionManager->isValidOperation($permission, $operation);
}
}
public function addReason(?Vote $voter, string $permission, $operation): void
{
if ($voter !== null) {
$voter->addReason(sprintf("User does not have permission %s -> %s -> %s (%s.%s).",
$this->translator->trans('perm.group.'.$this->permissionStructure['perms'][$permission]['group'] ?? 'default' ),
$this->translator->trans($this->permissionStructure['perms'][$permission]['label'] ?? $permission),
$this->translator->trans($this->permissionStructure['perms'][$permission]['operations'][$operation]['label'] ?? $operation),
$permission,
$operation
));
}
}
}