groove/Part-DB-server
1
0
Fork 0
mirror of https://github.com/Part-DB/Part-DB-server.git synced 2025-12-28 13:59:32 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge branch 'api'

Browse source
This commit is contained in:
Jan Böhmer 2023-10-06 12:29:53 +02:00
commit 8c9abce633
169 changed files with 8149 additions and 1887 deletions
Download patch file Download diff file Expand all files Collapse all files

2
config/bundles.php
View file

@ -31,4 +31,6 @@ return [
Symfony\UX\Translator\UxTranslatorBundle::class => ['all' => true],
Jbtronics\DompdfFontLoaderBundle\DompdfFontLoaderBundle::class => ['all' => true],
KnpU\OAuth2ClientBundle\KnpUOAuth2ClientBundle::class => ['all' => true],
Nelmio\CorsBundle\NelmioCorsBundle::class => ['all' => true],
ApiPlatform\Symfony\Bundle\ApiPlatformBundle::class => ['all' => true],
];

19
config/packages/api_platform.yaml Normal file
View file

@ -0,0 +1,19 @@
api_platform:
title: 'Part-DB API'
description: 'API of Part-DB'
version: '0.1.0'
# eager_loading:
# max_joins: 100
swagger:
api_keys:
# overridden in OpenApiFactoryDecorator
access_token:
name: Authorization
type: header
defaults:
pagination_client_items_per_page: true # Allow clients to override the default items per page

10
config/packages/nelmio_cors.yaml Normal file
View file

@ -0,0 +1,10 @@
nelmio_cors:
defaults:
origin_regex: true
allow_origin: ['%env(CORS_ALLOW_ORIGIN)%']
allow_methods: ['GET', 'OPTIONS', 'POST', 'PUT', 'PATCH', 'DELETE']
allow_headers: ['Content-Type', 'Authorization']
expose_headers: ['Link']
max_age: 3600
paths:
'^/': null

5
config/packages/security.yaml
View file

@ -24,6 +24,9 @@ security:
# Enable user impersonation
switch_user: { role: CAN_SWITCH_USER }
custom_authenticators:
- App\Security\ApiTokenAuthenticator
two_factor:
auth_form_path: 2fa_login
check_path: 2fa_login_check
@ -66,3 +69,5 @@ security:
# We get into trouble with the U2F authentication, if the calls to the trees trigger an 2FA login
# This settings should not do much harm, because a read only access to show available data structures is not really critical
- { path: "^/\\w{2}/tree", role: PUBLIC_ACCESS }
# Restrict access to API to users, which has the API access permission
- { path: "^/api", allow_if: 'is_granted("@api.access_api") and is_authenticated()' }

71
config/permissions.yaml
View file

@ -25,27 +25,35 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
# If a part can be read by a user, he can also see all the datastructures (except devices)
alsoSet: ['storelocations.read', 'footprints.read', 'categories.read', 'suppliers.read', 'manufacturers.read',
'currencies.read', 'attachment_types.read', 'measurement_units.read']
apiTokenRole: ROLE_API_READ_ONLY
edit:
label: "perm.edit"
alsoSet: ['read', 'parts_stock.withdraw', 'parts_stock.add', 'parts_stock.move']
apiTokenRole: ROLE_API_EDIT
create:
label: "perm.create"
alsoSet: ['read', 'edit']
apiTokenRole: ROLE_API_EDIT
delete:
label: "perm.delete"
alsoSet: ['read', 'edit']
apiTokenRole: ROLE_API_EDIT
change_favorite:
label: "perm.part.change_favorite"
alsoSet: ['edit']
apiTokenRole: ROLE_API_EDIT
show_history:
label: "perm.part.show_history"
alsoSet: ['read']
apiTokenRole: ROLE_API_READ_ONLY
revert_element:
label: "perm.revert_elements"
alsoSet: ["read", "edit", "create", "delete", "show_history"]
apiTokenRole: ROLE_API_EDIT
import:
label: "perm.import"
alsoSet: ["read", "edit", "create"]
apiTokenRole: ROLE_API_EDIT
parts_stock:
group: "data"
@ -53,10 +61,13 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
operations:
withdraw:
label: "perm.parts_stock.withdraw"
apiTokenRole: ROLE_API_EDIT
add:
label: "perm.parts_stock.add"
apiTokenRole: ROLE_API_EDIT
move:
label: "perm.parts_stock.move"
apiTokenRole: ROLE_API_EDIT
storelocations: &PART_CONTAINING
@ -65,23 +76,30 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
operations:
read:
label: "perm.read"
apiTokenRole: ROLE_API_READ_ONLY
edit:
label: "perm.edit"
alsoSet: 'read'
apiTokenRole: ROLE_API_EDIT
create:
label: "perm.create"
alsoSet: ['read', 'edit']
apiTokenRole: ROLE_API_EDIT
delete:
label: "perm.delete"
alsoSet: ['read', 'edit']
apiTokenRole: ROLE_API_EDIT
show_history:
label: "perm.show_history"
apiTokenRole: ROLE_API_READ_ONLY
revert_element:
label: "perm.revert_elements"
alsoSet: ["read", "edit", "create", "delete", "show_history"]
apiTokenRole: ROLE_API_EDIT
import:
label: "perm.import"
alsoSet: [ "read", "edit", "create" ]
apiTokenRole: ROLE_API_EDIT
footprints:
<<: *PART_CONTAINING
@ -145,6 +163,7 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
create_parts:
label: "perm.part.info_providers.create_parts"
alsoSet: ['parts.create']
apiTokenRole: ROLE_API_EDIT
groups:
label: "perm.groups"
@ -152,26 +171,34 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
operations:
read:
label: "perm.read"
apiTokenRole: ROLE_API_ADMIN
edit:
label: "perm.edit"
alsoSet: 'read'
apiTokenRole: ROLE_API_ADMIN
create:
label: "perm.create"
alsoSet: ['read', 'edit']
apiTokenRole: ROLE_API_ADMIN
delete:
label: "perm.delete"
alsoSet: ['read', 'delete']
apiTokenRole: ROLE_API_ADMIN
edit_permissions:
label: "perm.edit_permissions"
alsoSet: ['read', 'edit']
apiTokenRole: ROLE_API_ADMIN
show_history:
label: "perm.show_history"
apiTokenRole: ROLE_API_ADMIN
revert_element:
label: "perm.revert_elements"
alsoSet: ["read", "edit", "create", "delete", "edit_permissions", "show_history"]
apiTokenRole: ROLE_API_ADMIN
import:
label: "perm.import"
alsoSet: [ "read", "edit", "create" ]
apiTokenRole: ROLE_API_ADMIN
users:
label: "perm.users"
@ -179,37 +206,49 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
operations:
read:
label: "perm.read"
apiTokenRole: ROLE_API_ADMIN
create:
label: "perm.create"
alsoSet: ['read', 'edit_username', 'edit_infos']
apiTokenRole: ROLE_API_ADMIN
delete:
label: "perm.delete"
alsoSet: ['read', 'edit_username', 'edit_infos']
apiTokenRole: ROLE_API_ADMIN
edit_username:
label: "perm.users.edit_user_name"
alsoSet: ['read']
apiTokenRole: ROLE_API_ADMIN
edit_infos:
label: "perm.users.edit_infos"
alsoSet: 'read'
apiTokenRole: ROLE_API_ADMIN
edit_permissions:
label: "perm.users.edit_permissions"
alsoSet: 'read'
apiTokenRole: ROLE_API_ADMIN
set_password:
label: "perm.users.set_password"
alsoSet: 'read'
apiTokenRole: ROLE_API_FULL
impersonate:
label: "perm.users.impersonate"
alsoSet: ['set_password']
apiTokenRole: ROLE_API_FULL
change_user_settings:
label: "perm.users.change_user_settings"
apiTokenRole: ROLE_API_ADMIN
show_history:
label: "perm.show_history"
apiTokenRole: ROLE_API_ADMIN
revert_element:
label: "perm.revert_elements"
alsoSet: ["read", "create", "delete", "edit_permissions", "show_history", "edit_infos", "edit_username"]
apiTokenRole: ROLE_API_ADMIN
import:
label: "perm.import"
alsoSet: [ "read", "create" ]
apiTokenRole: ROLE_API_ADMIN
#database:
# label: "perm.database"
@ -244,64 +283,94 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
operations:
show_logs:
label: "perm.show_logs"
apiTokenRole: ROLE_API_ADMIN
delete_logs:
label: "perm.delete_logs"
alsoSet: 'show_logs'
apiTokenRole: ROLE_API_ADMIN
server_infos:
label: "perm.server_infos"
apiTokenRole: ROLE_API_ADMIN
manage_oauth_tokens:
label: "Manage OAuth tokens"
apiTokenRole: ROLE_API_ADMIN
show_updates:
label: "perm.system.show_available_updates"
apiTokenRole: ROLE_API_ADMIN
attachments:
label: "perm.part.attachments"
operations:
show_private:
label: "perm.attachments.show_private"
apiTokenRole: ROLE_API_READ_ONLY
list_attachments:
label: "perm.attachments.list_attachments"
alsoSet: ['attachment_types.read']
apiTokenRole: ROLE_API_READ_ONLY
self:
label: "perm.self"
operations:
edit_infos:
label: "perm.self.edit_infos"
apiTokenRole: ROLE_API_FULL
edit_username:
label: "perm.self.edit_username"
apiTokenRole: ROLE_API_FULL
show_permissions:
label: "perm.self.show_permissions"
apiTokenRole: ROLE_API_READ_ONLY
show_logs:
label: "perm.self.show_logs"
apiTokenRole: ROLE_API_FULL
labels:
label: "perm.labels"
operations:
create_labels:
label: "perm.self.create_labels"
apiTokenRole: ROLE_API_READ_ONLY
edit_options:
label: "perm.self.edit_options"
alsoSet: ['create_labels']
apiTokenRole: ROLE_API_READ_ONLY
read_profiles:
label: "perm.self.read_profiles"
apiTokenRole: ROLE_API_READ_ONLY
edit_profiles:
label: "perm.self.edit_profiles"
alsoSet: ['read_profiles']
apiTokenRole: ROLE_API_EDIT
create_profiles:
label: "perm.self.create_profiles"
alsoSet: ['read_profiles', 'edit_profiles']
apiTokenRole: ROLE_API_EDIT
delete_profiles:
label: "perm.self.delete_profiles"
alsoSet: ['read_profiles', 'edit_profiles', 'create_profiles']
apiTokenRole: ROLE_API_EDIT
use_twig:
label: "perm.labels.use_twig"
alsoSet: ['create_labels', 'edit_options']
apiTokenRole: ROLE_API_ADMIN
show_history:
label: "perm.show_history"
alsoSet: ['read_profiles']
apiTokenRole: ROLE_API_READ_ONLY
revert_element:
label: "perm.revert_elements"
alsoSet: ['read_profiles', 'edit_profiles', 'create_profiles', 'delete_profiles']
apiTokenRole: ROLE_API_EDIT
api:
label: "perm.api"
operations:
access_api:
label: "perm.api.access_api"
apiTokenRole: ROLE_API_READ_ONLY
manage_tokens:
label: "perm.api.manage_tokens"
alsoSet: ['access_api']
apiTokenRole: ROLE_API_FULL

4
config/routes.yaml
View file

@ -15,5 +15,5 @@ redirector:
requirements:
url: ".*"
controller: App\Controller\RedirectController::addLocalePart
# Dont match localized routes (no redirection loop, if no root with that name exists)
condition: "not (request.getPathInfo() matches '/^\\\\/[a-z]{2}(_[A-Z]{2})?\\\\//')"
# Dont match localized routes (no redirection loop, if no root with that name exists) or API prefixed routes
condition: "not (request.getPathInfo() matches '/^\\\\/([a-z]{2}(_[A-Z]{2})?|api)\\\\//')"

4
config/routes/api_platform.yaml Normal file
View file

@ -0,0 +1,4 @@
api_platform:
resource: .
type: api_platform
prefix: /api

15
config/services.yaml
View file

@ -277,6 +277,15 @@ services:
$search_limit: '%env(int:PROVIDER_OCTOPART_SEARCH_LIMIT)%'
$onlyAuthorizedSellers: '%env(bool:PROVIDER_OCTOPART_ONLY_AUTHORIZED_SELLERS)%'
####################################################################################################################
# API system
####################################################################################################################
App\State\PartDBInfoProvider:
arguments:
$default_uri: '%partdb.default_uri%'
$global_locale: '%partdb.locale%'
$global_timezone: '%partdb.timezone%'
####################################################################################################################
# Symfony overrides
####################################################################################################################
@ -319,6 +328,12 @@ services:
arguments:
$check_for_updates: '%partdb.check_for_updates%'
App\Services\System\BannerHelper:
arguments:
$partdb_banner: '%partdb.banner%'
$project_dir: '%kernel.project_dir%'
####################################################################################################################
# Monolog
####################################################################################################################