From 46da1bb8a0f0a0b1796fd93bcb182e9dae040d1c Mon Sep 17 00:00:00 2001 From: Yuri Kuznetsov Date: Fri, 19 Apr 2024 11:42:37 +0300 Subject: [PATCH] permission string fix --- application/Espo/Classes/MassAction/User/MassDelete.php | 2 +- application/Espo/Classes/MassAction/User/MassUpdate.php | 2 +- .../Select/User/AccessControlFilters/Mandatory.php | 2 +- .../Classes/Select/User/AccessControlFilters/OnlyOwn.php | 2 +- .../Classes/Select/User/AccessControlFilters/OnlyTeam.php | 2 +- application/Espo/Controllers/DataPrivacy.php | 2 +- application/Espo/Core/Acl/DefaultAssignmentChecker.php | 8 ++++---- .../Espo/Core/Mail/Account/SendingAccountProvider.php | 2 +- application/Espo/Tools/App/AppService.php | 2 +- tests/unit/Espo/Core/AclManagerTest.php | 2 +- 10 files changed, 13 insertions(+), 13 deletions(-) diff --git a/application/Espo/Classes/MassAction/User/MassDelete.php b/application/Espo/Classes/MassAction/User/MassDelete.php index e5e4002d92..9bf931ba0c 100644 --- a/application/Espo/Classes/MassAction/User/MassDelete.php +++ b/application/Espo/Classes/MassAction/User/MassDelete.php @@ -70,7 +70,7 @@ class MassDelete implements MassAction if ( !$params->hasIds() && - $this->acl->getPermissionLevel('massUpdatePermission') !== Acl\Table::LEVEL_YES + $this->acl->getPermissionLevel('massUpdate') !== Acl\Table::LEVEL_YES ) { throw new Forbidden("No mass-update permission."); } diff --git a/application/Espo/Classes/MassAction/User/MassUpdate.php b/application/Espo/Classes/MassAction/User/MassUpdate.php index 74d66f794c..672f1d2ca0 100644 --- a/application/Espo/Classes/MassAction/User/MassUpdate.php +++ b/application/Espo/Classes/MassAction/User/MassUpdate.php @@ -51,7 +51,7 @@ use Espo\Tools\MassUpdate\Data as MassUpdateData; class MassUpdate implements MassAction { - private const PERMISSION = 'massUpdatePermission'; + private const PERMISSION = 'massUpdate'; /** @var string[] */ private array $notAllowedAttributeList = [ diff --git a/application/Espo/Classes/Select/User/AccessControlFilters/Mandatory.php b/application/Espo/Classes/Select/User/AccessControlFilters/Mandatory.php index 309135e8b5..faaebec618 100644 --- a/application/Espo/Classes/Select/User/AccessControlFilters/Mandatory.php +++ b/application/Espo/Classes/Select/User/AccessControlFilters/Mandatory.php @@ -51,7 +51,7 @@ class Mandatory implements Filter ]); } - if ($this->aclManager->getPermissionLevel($this->user, 'portalPermission') !== Table::LEVEL_YES) { + if ($this->aclManager->getPermissionLevel($this->user, 'portal') !== Table::LEVEL_YES) { $queryBuilder->where([ 'OR' => [ 'type!=' => User::TYPE_PORTAL, diff --git a/application/Espo/Classes/Select/User/AccessControlFilters/OnlyOwn.php b/application/Espo/Classes/Select/User/AccessControlFilters/OnlyOwn.php index 7115eccf32..ce25fae8e1 100644 --- a/application/Espo/Classes/Select/User/AccessControlFilters/OnlyOwn.php +++ b/application/Espo/Classes/Select/User/AccessControlFilters/OnlyOwn.php @@ -43,7 +43,7 @@ class OnlyOwn implements Filter public function apply(SelectBuilder $queryBuilder): void { - if ($this->aclManager->getPermissionLevel($this->user, 'portalPermission') === Table::LEVEL_YES) { + if ($this->aclManager->getPermissionLevel($this->user, 'portal') === Table::LEVEL_YES) { $queryBuilder->where([ 'OR' => [ 'id' => $this->user->getId(), diff --git a/application/Espo/Classes/Select/User/AccessControlFilters/OnlyTeam.php b/application/Espo/Classes/Select/User/AccessControlFilters/OnlyTeam.php index e6cd01b242..cfff4aba4a 100644 --- a/application/Espo/Classes/Select/User/AccessControlFilters/OnlyTeam.php +++ b/application/Espo/Classes/Select/User/AccessControlFilters/OnlyTeam.php @@ -51,7 +51,7 @@ class OnlyTeam implements Filter 'id' => $this->user->getId(), ]; - if ($this->aclManager->getPermissionLevel($this->user, 'portalPermission') === Table::LEVEL_YES) { + if ($this->aclManager->getPermissionLevel($this->user, 'portal') === Table::LEVEL_YES) { $orGroup['type'] = User::TYPE_PORTAL; } diff --git a/application/Espo/Controllers/DataPrivacy.php b/application/Espo/Controllers/DataPrivacy.php index f6f35ba25a..73753c399d 100644 --- a/application/Espo/Controllers/DataPrivacy.php +++ b/application/Espo/Controllers/DataPrivacy.php @@ -42,7 +42,7 @@ class DataPrivacy { public function __construct(private Erasor $erasor, private Acl $acl) { - if ($this->acl->getPermissionLevel('dataPrivacyPermission') === Acl\Table::LEVEL_NO) { + if ($this->acl->getPermissionLevel('dataPrivacy') === Acl\Table::LEVEL_NO) { throw new Forbidden(); } } diff --git a/application/Espo/Core/Acl/DefaultAssignmentChecker.php b/application/Espo/Core/Acl/DefaultAssignmentChecker.php index cb807226dc..963b6ca539 100644 --- a/application/Espo/Core/Acl/DefaultAssignmentChecker.php +++ b/application/Espo/Core/Acl/DefaultAssignmentChecker.php @@ -99,7 +99,7 @@ class DefaultAssignmentChecker implements AssignmentChecker return false; } - $assignmentPermission = $this->aclManager->getPermissionLevel($user, 'assignmentPermission'); + $assignmentPermission = $this->aclManager->getPermissionLevel($user, 'assignment'); if ( $assignmentPermission === Table::LEVEL_YES || @@ -157,7 +157,7 @@ class DefaultAssignmentChecker implements AssignmentChecker protected function isPermittedTeams(User $user, Entity $entity): bool { - $assignmentPermission = $this->aclManager->getPermissionLevel($user, 'assignmentPermission'); + $assignmentPermission = $this->aclManager->getPermissionLevel($user, 'assignment'); if (!in_array($assignmentPermission, [Table::LEVEL_TEAM, Table::LEVEL_NO])) { return true; @@ -219,7 +219,7 @@ class DefaultAssignmentChecker implements AssignmentChecker private function isPermittedTeamsEmpty(User $user, CoreEntity $entity): bool { - $assignmentPermission = $this->aclManager->getPermissionLevel($user, 'assignmentPermission'); + $assignmentPermission = $this->aclManager->getPermissionLevel($user, 'assignment'); if ($assignmentPermission !== Table::LEVEL_TEAM) { return true; @@ -259,7 +259,7 @@ class DefaultAssignmentChecker implements AssignmentChecker return false; } - $assignmentPermission = $this->aclManager->getPermissionLevel($user, 'assignmentPermission'); + $assignmentPermission = $this->aclManager->getPermissionLevel($user, 'assignment'); if ( $assignmentPermission === Table::LEVEL_YES || diff --git a/application/Espo/Core/Mail/Account/SendingAccountProvider.php b/application/Espo/Core/Mail/Account/SendingAccountProvider.php index 5729c82d6b..fe2eb2175f 100644 --- a/application/Espo/Core/Mail/Account/SendingAccountProvider.php +++ b/application/Espo/Core/Mail/Account/SendingAccountProvider.php @@ -59,7 +59,7 @@ class SendingAccountProvider public function getShared(User $user, string $emailAddress): ?Account { - $level = $this->aclManager->getPermissionLevel($user, 'groupEmailAccountPermission'); + $level = $this->aclManager->getPermissionLevel($user, 'groupEmailAccount'); $entity = null; diff --git a/application/Espo/Tools/App/AppService.php b/application/Espo/Tools/App/AppService.php index 906874f73c..72e13ee644 100644 --- a/application/Espo/Tools/App/AppService.php +++ b/application/Espo/Tools/App/AppService.php @@ -334,7 +334,7 @@ class AppService */ private function getUserGroupEmailAddressList(User $user): array { - $groupEmailAccountPermission = $this->acl->getPermissionLevel('groupEmailAccountPermission'); + $groupEmailAccountPermission = $this->acl->getPermissionLevel('groupEmailAccount'); if (!$groupEmailAccountPermission || $groupEmailAccountPermission === Acl\Table::LEVEL_NO) { return []; diff --git a/tests/unit/Espo/Core/AclManagerTest.php b/tests/unit/Espo/Core/AclManagerTest.php index fbabf81a43..9a45c845be 100644 --- a/tests/unit/Espo/Core/AclManagerTest.php +++ b/tests/unit/Espo/Core/AclManagerTest.php @@ -133,6 +133,6 @@ class AclManagerTest extends \PHPUnit\Framework\TestCase ->with('assignment') ->willReturn(Table::LEVEL_YES); - $this->aclManager->getPermissionLevel($this->user, 'assignmentPermission'); + $this->aclManager->getPermissionLevel($this->user, 'assignment'); } }