Check for permissions to access settings menu and added settings menu to sidebar menu

Author: jbtronics

config/permissions.yaml

@@ -265,17 +265,13 @@ perms: # Here comes a list with all Permission names (they have a perm_[name] co
   #      label: "perm.database.write_db_settings"
   #      alsoSet: ['read_db_settings', 'see_status']
 
-  #config:
-  #  label: "perm.config"
-  #  group: "system"
-  #  operations:
-  #    read_config:
-  #      label: "perm.config.read_config"
-  #    edit_config:
-  #      label: "perm.config.edit_config"
-  #      alsoSet: 'read_config'
-  #    server_info:
-  #      label: "perm.config.server_info"
+  config:
+    label: "perm.config"
+    group: "system"
+    operations:
+      change_system_settings:
+        label: "perm.config.change_system_settings"
+        apiTokenRole: ROLE_API_ADMIN
 
   system:
     label: "perm.system"

src/Controller/SettingsController.php

@@ -40,6 +40,8 @@ public function __construct(private readonly SettingsManagerInterface $settingsM
     #[Route("/settings", name: "system_settings")]
     public function systemSettings(Request $request, TagAwareCacheInterface $cache): Response
     {
+        $this->denyAccessUnlessGranted('@config.change_system_settings');
+
         //Create a clone of the settings object
         $settings = $this->settingsManager->createTemporaryCopy(AppSettings::class);
 
@@ -62,9 +64,6 @@ public function systemSettings(Request $request, TagAwareCacheInterface $cache):
             $cache->invalidateTags(['tree_treeview', 'sidebar_tree_update']);
         }
 
-
-
-
         //Render the form
         return $this->render('settings/settings.html.twig', [
             'form' => $form

src/Services/Trees/ToolsTreeBuilder.php

@@ -289,6 +289,13 @@ protected function getSystemNodes(): array
             ))->setIcon('fa-fw fa-treeview fa-solid fa-database');
         }
 
+        if ($this->security->isGranted('@config.change_system_settings')) {
+            $nodes[] = (new TreeViewNode(
+                $this->translator->trans('tree.tools.system.settings'),
+                $this->urlGenerator->generate('system_settings')
+            ))->setIcon('fa fa-fw fa-gears fa-solid');
+        }
+
         return $nodes;
     }
 }

src/Services/UserSystem/PermissionPresetsHelper.php

@@ -105,6 +105,9 @@ private function admin(HasPermissionsInterface $perm_holder): void
         $this->permissionResolver->setAllOperationsOfPermission($perm_holder, 'suppliers', PermissionData::ALLOW);
         $this->permissionResolver->setAllOperationsOfPermission($perm_holder, 'projects', PermissionData::ALLOW);
 
+        //Allow to change system settings
+        $this->permissionResolver->setPermission($perm_holder, 'config', 'change_system_settings', PermissionData::ALLOW);
+
         //Allow to manage Oauth tokens
         $this->permissionResolver->setPermission($perm_holder, 'system', 'manage_oauth_tokens', PermissionData::ALLOW);
         //Allow to show updates

translations/messages.en.xlf

@@ -13012,5 +13012,17 @@ Please note, that you can not impersonate a disabled user. If you try you will g
         <target>Show the image overlay with attachment details on hovering over the part image gallery.</target>
       </segment>
     </unit>
+    <unit id="ALfPkeR" name="perm.config.change_system_settings">
+      <segment>
+        <source>perm.config.change_system_settings</source>
+        <target>Change system settings</target>
+      </segment>
+    </unit>
+    <unit id="TlHeIjk" name="tree.tools.system.settings">
+      <segment>
+        <source>tree.tools.system.settings</source>
+        <target>System settings</target>
+      </segment>
+    </unit>
   </file>
 </xliff>