groove/Part-DB-server
1
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2026-02-12 12:39:35 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Do not automatically give existing users the right to manage updates, but include that for new databases

Browse source
This commit is contained in:
Jan Böhmer 2026-02-02 17:04:45 +01:00
parent 7e486a93c9
commit 1bfd36ccf5
3 changed files with 3 additions and 19 deletions
Download patch file Download diff file Expand all files Collapse all files

2
src/Entity/UserSystem/PermissionData.php
View file

@ -43,7 +43,7 @@ final class PermissionData implements \JsonSerializable
/** /**
* The current schema version of the permission data * The current schema version of the permission data
*/ */
public const CURRENT_SCHEMA_VERSION = 4; public const CURRENT_SCHEMA_VERSION = 3;
/** /**
* Creates a new Permission Data Instance using the given data. * Creates a new Permission Data Instance using the given data.

3
src/Services/UserSystem/PermissionPresetsHelper.php
View file

@ -111,8 +111,9 @@ class PermissionPresetsHelper
//Allow to manage Oauth tokens //Allow to manage Oauth tokens
$this->permissionResolver->setPermission($perm_holder, 'system', 'manage_oauth_tokens', PermissionData::ALLOW); $this->permissionResolver->setPermission($perm_holder, 'system', 'manage_oauth_tokens', PermissionData::ALLOW);
//Allow to show updates //Allow to show and manage updates
$this->permissionResolver->setPermission($perm_holder, 'system', 'show_updates', PermissionData::ALLOW); $this->permissionResolver->setPermission($perm_holder, 'system', 'show_updates', PermissionData::ALLOW);
$this->permissionResolver->setPermission($perm_holder, 'system', 'manage_updates', PermissionData::ALLOW);
} }

17
src/Services/UserSystem/PermissionSchemaUpdater.php
View file

@ -157,21 +157,4 @@ class PermissionSchemaUpdater
$permissions->setPermissionValue('system', 'show_updates', $new_value); $permissions->setPermissionValue('system', 'show_updates', $new_value);
} }
} }
private function upgradeSchemaToVersion4(HasPermissionsInterface $holder): void //@phpstan-ignore-line This is called via reflection
{
$permissions = $holder->getPermissions();
//If the system.manage_updates permission is not defined yet, set it to true if the user can show updates AND has server_infos permission
//This ensures that admins who can view updates and server info can also manage (execute) updates
if (!$permissions->isPermissionSet('system', 'manage_updates')) {
$new_value = TrinaryLogicHelper::and(
$permissions->getPermissionValue('system', 'show_updates'),
$permissions->getPermissionValue('system', 'server_infos')
);
$permissions->setPermissionValue('system', 'manage_updates', $new_value);
}
}
} }