Add manage_updates permission schema migration

- Bump permission schema to version 4 - Add upgradeSchemaToVersion4 for manage_updates permission - Grants manage_updates to users who have both show_updates and server_infos - Fix ZIP_RELEASE installation type: set supportsAutoUpdate to false (ZIP update not yet implemented) - Improve update instructions for ZIP installations
2026-02-11 03:59:35 +00:00 · 2026-01-30 21:46:27 +01:00 · 2026-01-30 21:46:27 +01:00 · 87352ca6f7
commit 87352ca6f7
parent 42fe781ef8
3 changed files with 21 additions and 3 deletions
--- a/src/Entity/UserSystem/PermissionData.php
+++ b/src/Entity/UserSystem/PermissionData.php
@ -43,7 +43,7 @@ final class PermissionData implements \JsonSerializable
    /**
     * The current schema version of the permission data
     */
-    public const CURRENT_SCHEMA_VERSION = 3;
+    public const CURRENT_SCHEMA_VERSION = 4;

    /**
     * Creates a new Permission Data Instance using the given data.
--- a/src/Services/System/InstallationTypeDetector.php
+++ b/src/Services/System/InstallationTypeDetector.php
@ -51,7 +51,8 @@ enum InstallationType: string
        return match($this) {
            self::GIT => true,
            self::DOCKER => false,
-            self::ZIP_RELEASE => true,
+            // ZIP_RELEASE auto-update not yet implemented
+            self::ZIP_RELEASE => false,
            self::UNKNOWN => false,
        };
    }
@ -61,7 +62,7 @@ enum InstallationType: string
        return match($this) {
            self::GIT => 'Run: php bin/console partdb:update',
            self::DOCKER => 'Pull the new Docker image and recreate the container: docker-compose pull && docker-compose up -d',
-            self::ZIP_RELEASE => 'Download the new release, extract it, and run migrations.',
+            self::ZIP_RELEASE => 'Download the new release ZIP from GitHub, extract it over your installation, and run: php bin/console doctrine:migrations:migrate && php bin/console cache:clear',
            self::UNKNOWN => 'Unable to determine installation type. Please update manually.',
        };
    }
--- a/src/Services/UserSystem/PermissionSchemaUpdater.php
+++ b/src/Services/UserSystem/PermissionSchemaUpdater.php
@ -157,4 +157,21 @@ class PermissionSchemaUpdater
            $permissions->setPermissionValue('system', 'show_updates', $new_value);
        }
    }
+
+    private function upgradeSchemaToVersion4(HasPermissionsInterface $holder): void //@phpstan-ignore-line This is called via reflection
+    {
+        $permissions = $holder->getPermissions();
+
+        //If the system.manage_updates permission is not defined yet, set it to true if the user can show updates AND has server_infos permission
+        //This ensures that admins who can view updates and server info can also manage (execute) updates
+        if (!$permissions->isPermissionSet('system', 'manage_updates')) {
+
+            $new_value = TrinaryLogicHelper::and(
+                $permissions->getPermissionValue('system', 'show_updates'),
+                $permissions->getPermissionValue('system', 'server_infos')
+            );
+
+            $permissions->setPermissionValue('system', 'manage_updates', $new_value);
+        }
+    }
 }