PES-2876: permissions update

Author: J7F

packetery/controllers/admin/PacketeryCarrierGridController.php

@@ -6,6 +6,7 @@
 use Packetery\Carrier\CarrierTools;
 use Packetery\Module\VersionChecker;
 use Packetery\Tools\MessageManager;
+use Packetery\Tools\PermissionHelper;
 
 class PacketeryCarrierGridController extends ModuleAdminController
 {
@@ -44,6 +45,11 @@ public function __construct()
         // for $this->translator not being null, in PS 1.6
         parent::__construct();
 
+        if (!PermissionHelper::canViewCarriers()) {
+            $this->errors[] = 'You do not have permission to access Packeta carriers. Access denied.';
+            return;
+        }
+
         $module = $this->getModule();
 
         /** @var ApiCarrierRepository $apiCarrierRepository */
@@ -173,6 +179,11 @@ public function initToolbar()
     {
         parent::initToolbar();
         unset($this->toolbar_btn['new']);
+        
+        // Hide action buttons if user doesn't have edit permissions
+        if (!PermissionHelper::canEditCarriers()) {
+            unset($this->toolbar_btn['bulk_action']);
+        }
     }
 
     /**

packetery/controllers/admin/PacketeryLogGridController.php

@@ -1,6 +1,7 @@
 <?php
 
 use Packetery\Log\LogRepository;
+use Packetery\Tools\PermissionHelper;
 
 class PacketeryLogGridController extends ModuleAdminController
 {
@@ -38,6 +39,11 @@ public function __construct()
 
         parent::__construct();
 
+        if (!PermissionHelper::canViewLogs()) {
+            $this->errors[] = 'You do not have permission to access Packeta logs. Access denied.';
+            return;
+        }
+
         $this->logRepository = $this->getModule()->diContainer->get(LogRepository::class);
 
         $this->fields_list = [

packetery/controllers/admin/PacketeryOrderGridController.php

@@ -36,6 +36,7 @@
 use Packetery\Order\Tracking;
 use Packetery\PacketTracking\PacketStatusFactory;
 use Packetery\Tools\ConfigHelper;
+use Packetery\Tools\PermissionHelper;
 
 class PacketeryOrderGridController extends ModuleAdminController
 {
@@ -109,6 +110,11 @@ public function __construct()
         // for $this->translator not being null, in PS 1.6
         parent::__construct();
 
+        if (!PermissionHelper::canViewOrders()) {
+            $this->errors[] = 'You do not have permission to access Packeta orders. Access denied.';
+            return;
+        }
+
         $this->fields_list = [
             'id_order' => [
                 'title' => $this->l('ID', 'packeteryordergridcontroller'),
@@ -234,6 +240,11 @@ private function createPackets(array $ids)
 
     public function processBulkCreatePacket()
     {
+        if (!PermissionHelper::canEditOrders()) {
+            $this->errors[] = 'You do not have permission to submit shipment.';
+            return;
+        }
+        
         $ids = $this->boxes;
         if (!$ids) {
             $this->informations = $this->l('No orders were selected.', 'packeteryordergridcontroller');
@@ -244,6 +255,11 @@ public function processBulkCreatePacket()
 
     public function processSubmit()
     {
+        if (!PermissionHelper::canEditOrders()) {
+            $this->errors[] = 'You do not have permission to submit shipment.';
+            return;
+        }
+        
         $this->createPackets([Tools::getValue('id_order')]);
     }
 
@@ -339,6 +355,11 @@ private function prepareLabels(array $packetNumbers, $type, $packetsEnhanced = n
      */
     public function processBulkLabelPdf()
     {
+        if (!PermissionHelper::canEditOrders()) {
+            $this->errors[] = 'You do not have permission to print labels.';
+            return;
+        }
+        
         if (Tools::isSubmit('submitPrepareLabels')) {
             $packetNumbers = $this->prepareOnlyInternalPacketNumbers($this->boxes);
             if ($packetNumbers) {
@@ -358,6 +379,11 @@ public function processBulkLabelPdf()
      */
     public function processBulkCarrierLabelPdf()
     {
+        if (!PermissionHelper::canEditOrders()) {
+            $this->errors[] = 'You do not have permission to print carrier labels.';
+            return;
+        }
+        
         if (Tools::isSubmit('submitPrepareLabels')) {
             $packetNumbers = $this->prepareOnlyCarrierPacketNumbers($this->boxes);
             if ($packetNumbers) {
@@ -384,6 +410,11 @@ public function processBulkCarrierLabelPdf()
      */
     public function processPrint()
     {
+        if (!PermissionHelper::canEditOrders()) {
+            $this->errors[] = 'You do not have permission to print label.';
+            return;
+        }
+        
         /** @var OrderRepository $orderRepo */
         $orderRepository = $this->getModule()->diContainer->get(OrderRepository::class);
         $orderData = $orderRepository->getById((int)Tools::getValue('id_order'));
@@ -410,6 +441,11 @@ public function processPrint()
 
     public function processBulkCsvExport()
     {
+        if (!PermissionHelper::canViewOrders()) {
+            $this->errors[] = 'You do not have permission to access Packeta orders. Access denied.';
+            return;
+        }
+        
         if ((int)Tools::getValue('submitFilterorders') === 1) {
             return;
         }
@@ -511,6 +547,11 @@ public function postProcess()
             $orderRepo = $this->getModule()->diContainer->get(OrderRepository::class);
             foreach ($_POST as $key => $value) {
                 if (preg_match('/^weight_(\d+)$/', $key, $matches)) {
+                    if (!PermissionHelper::canEditOrders()) {
+                        $this->errors[] = 'You do not have permission to modify weight.';
+                        continue;
+                    }
+                    
                     $orderId = (int)$matches[1];
                     if ($value === '') {
                         $value = null;
@@ -623,7 +664,10 @@ public function getWeightEditable($weight, array $row)
         $smarty = new Smarty();
         $smarty->assign('weight', $weight);
         $smarty->assign('orderId', $row['id_order']);
-        $smarty->assign('disabled', $row['tracking_number']);
+        
+        // Disable weight editing if user doesn't have edit permissions or if order has tracking number
+        $disabled = !PermissionHelper::canEditOrders() || $row['tracking_number'];
+        $smarty->assign('disabled', $disabled);
 
         return $smarty->fetch(__DIR__ . '/../../views/templates/admin/grid/weightEditable.tpl');
     }

packetery/controllers/admin/PacketerySettingController.php

@@ -1,9 +1,24 @@
 <?php
 
+use Packetery\Tools\PermissionHelper;
+
 class PacketerySettingController extends ModuleAdminController
 {
+    public function __construct()
+    {
+        $this->bootstrap = true;
+        $this->context = Context::getContext();
+        
+        parent::__construct();
+    }
+
     public function initContent()
     {
+        if (!PermissionHelper::canViewConfig()) {
+            $this->errors[] = 'You do not have permission to configure the Packeta module. Access denied.';
+            return;
+        }
+
         Tools::redirectAdmin(
             $this->module->getAdminLink('AdminModules', ['configure' => $this->module->name, 'tab_module' => $this->module->tab, 'module_name' => $this->module->name])
         );

packetery/libs/AbstractFormService.php

@@ -11,6 +11,7 @@
 use Packetery\Exceptions\FormDataPersistException;
 use Packetery\Module\Options;
 use Packetery\Tools\ConfigHelper;
+use Packetery\Tools\PermissionHelper;
 use Packetery\Tools\Tools;
 
 abstract class AbstractFormService
@@ -28,6 +29,10 @@ public function __construct(Options $options)
      */
     public function handleSubmit()
     {
+        if (!PermissionHelper::canEditConfig()) {
+            throw new FormDataPersistException('You do not have permission to save configuration.');
+        }
+
         $formFields = $this->getConfigurationFormFields();
         foreach ($formFields as $fieldName => $fieldConfig) {
             $this->handleConfigOption($fieldName, $fieldConfig);