PES-2876: permissions update - Refactor permission checks to use UserPermissionHelper for improved clarity and maintainability

Author: J7F

packetery/controllers/admin/PacketeryCarrierGridController.php

@@ -6,7 +6,7 @@
 use Packetery\Carrier\CarrierTools;
 use Packetery\Module\VersionChecker;
 use Packetery\Tools\MessageManager;
-use Packetery\Tools\PermissionHelper;
+use Packetery\Tools\UserPermissionHelper;
 
 class PacketeryCarrierGridController extends ModuleAdminController
 {
@@ -45,8 +45,8 @@ public function __construct()
         // for $this->translator not being null, in PS 1.6
         parent::__construct();
 
-        if (!PermissionHelper::canViewCarriers()) {
-            $this->errors[] = 'You do not have permission to access Packeta carriers. Access denied.';
+        if (!UserPermissionHelper::hasPermission(UserPermissionHelper::SECTION_CARRIERS, UserPermissionHelper::PERMISSION_VIEW)) {
+            $this->errors[] = $this->l('You do not have permission to access Packeta carriers. Access denied.', 'packeterycarriergridcontroller');
             return;
         }
 
@@ -180,7 +180,7 @@ public function initToolbar()
         unset($this->toolbar_btn['new']);
 
         // Hide action buttons if user doesn't have edit permissions
-        if (!PermissionHelper::canEditCarriers()) {
+        if (!UserPermissionHelper::hasPermission(UserPermissionHelper::SECTION_CARRIERS, UserPermissionHelper::PERMISSION_EDIT)) {
             unset($this->toolbar_btn['bulk_action']);
         }
     }

packetery/controllers/admin/PacketeryLogGridController.php

@@ -1,7 +1,7 @@
 <?php
 
 use Packetery\Log\LogRepository;
-use Packetery\Tools\PermissionHelper;
+use Packetery\Tools\UserPermissionHelper;
 
 class PacketeryLogGridController extends ModuleAdminController
 {
@@ -39,8 +39,8 @@ public function __construct()
 
         parent::__construct();
 
-        if (!PermissionHelper::canViewLogs()) {
-            $this->errors[] = 'You do not have permission to access Packeta logs. Access denied.';
+        if (!UserPermissionHelper::hasPermission(UserPermissionHelper::SECTION_LOG, UserPermissionHelper::PERMISSION_VIEW)) {
+            $this->errors[] = $this->l('You do not have permission to access Packeta logs. Access denied.', 'packeteryloggridcontroller');
             return;
         }
 

packetery/controllers/admin/PacketeryOrderGridController.php

@@ -36,7 +36,7 @@
 use Packetery\Order\Tracking;
 use Packetery\PacketTracking\PacketStatusFactory;
 use Packetery\Tools\ConfigHelper;
-use Packetery\Tools\PermissionHelper;
+use Packetery\Tools\UserPermissionHelper;
 
 class PacketeryOrderGridController extends ModuleAdminController
 {
@@ -110,8 +110,8 @@ public function __construct()
         // for $this->translator not being null, in PS 1.6
         parent::__construct();
 
-        if (!PermissionHelper::canViewOrders()) {
-            $this->errors[] = 'You do not have permission to access Packeta orders. Access denied.';
+        if (!UserPermissionHelper::hasPermission(UserPermissionHelper::SECTION_ORDERS, UserPermissionHelper::PERMISSION_VIEW)) {
+            $this->errors[] = $this->l('You do not have permission to access Packeta orders. Access denied.', 'packeteryordergridcontroller');
             return;
         }
 
@@ -240,8 +240,8 @@ private function createPackets(array $ids)
 
     public function processBulkCreatePacket()
     {
-        if (!PermissionHelper::canEditOrders()) {
-            $this->errors[] = 'You do not have permission to submit shipment.';
+        if (!UserPermissionHelper::hasPermission(UserPermissionHelper::SECTION_ORDERS, UserPermissionHelper::PERMISSION_EDIT)) {
+            $this->errors[] = $this->l('You do not have permission to submit shipment.', 'packeteryordergridcontroller');
             return;
         }
 
@@ -255,8 +255,8 @@ public function processBulkCreatePacket()
 
     public function processSubmit()
     {
-        if (!PermissionHelper::canEditOrders()) {
-            $this->errors[] = 'You do not have permission to submit shipment.';
+        if (!UserPermissionHelper::hasPermission(UserPermissionHelper::SECTION_ORDERS, UserPermissionHelper::PERMISSION_EDIT)) {
+            $this->errors[] = $this->l('You do not have permission to submit shipment.', 'packeteryordergridcontroller');
             return;
         }
 
@@ -355,8 +355,8 @@ private function prepareLabels(array $packetNumbers, $type, $packetsEnhanced = n
      */
     public function processBulkLabelPdf()
     {
-        if (!PermissionHelper::canEditOrders()) {
-            $this->errors[] = 'You do not have permission to print labels.';
+        if (!UserPermissionHelper::hasPermission(UserPermissionHelper::SECTION_ORDERS, UserPermissionHelper::PERMISSION_EDIT)) {
+            $this->errors[] = $this->l('You do not have permission to print labels.', 'packeteryordergridcontroller');
             return;
         }
 
@@ -379,8 +379,8 @@ public function processBulkLabelPdf()
      */
     public function processBulkCarrierLabelPdf()
     {
-        if (!PermissionHelper::canEditOrders()) {
-            $this->errors[] = 'You do not have permission to print carrier labels.';
+        if (!UserPermissionHelper::hasPermission(UserPermissionHelper::SECTION_ORDERS, UserPermissionHelper::PERMISSION_EDIT)) {
+            $this->errors[] = $this->l('You do not have permission to print carrier labels.', 'packeteryordergridcontroller');
             return;
         }
 
@@ -410,8 +410,8 @@ public function processBulkCarrierLabelPdf()
      */
     public function processPrint()
     {
-        if (!PermissionHelper::canEditOrders()) {
-            $this->errors[] = 'You do not have permission to print label.';
+        if (!UserPermissionHelper::hasPermission(UserPermissionHelper::SECTION_ORDERS, UserPermissionHelper::PERMISSION_EDIT)) {
+            $this->errors[] = $this->l('You do not have permission to print label.', 'packeteryordergridcontroller');
             return;
         }
 
@@ -441,8 +441,8 @@ public function processPrint()
 
     public function processBulkCsvExport()
     {
-        if (!PermissionHelper::canViewOrders()) {
-            $this->errors[] = 'You do not have permission to access Packeta orders. Access denied.';
+        if (!UserPermissionHelper::hasPermission(UserPermissionHelper::SECTION_ORDERS, UserPermissionHelper::PERMISSION_VIEW)) {
+            $this->errors[] = $this->l('You do not have permission to access Packeta orders. Access denied.', 'packeteryordergridcontroller');
             return;
         }
 
@@ -538,6 +538,7 @@ public function initToolbar()
 
     public function postProcess()
     {
+
         // values are saved even before bulk actions
         if (
             $this->action !== self::ACTION_BULK_LABEL_PDF && $this->action !== self::ACTION_BULK_CARRIER_LABEL_PDF
@@ -547,11 +548,11 @@ public function postProcess()
             $orderRepo = $this->getModule()->diContainer->get(OrderRepository::class);
             foreach ($_POST as $key => $value) {
                 if (preg_match('/^weight_(\d+)$/', $key, $matches)) {
-                    if (!PermissionHelper::canEditOrders()) {
-                        $this->errors[] = 'You do not have permission to modify weight.';
+                    if (!UserPermissionHelper::hasPermission(UserPermissionHelper::SECTION_ORDERS, UserPermissionHelper::PERMISSION_EDIT)) {
+                        $this->errors[] = $this->l('You do not have permission to modify order weights.', 'packeteryordergridcontroller');
                         continue;
                     }
-
+                    
                     $orderId = (int)$matches[1];
                     if ($value === '') {
                         $value = null;
@@ -665,9 +666,8 @@ public function getWeightEditable($weight, array $row)
         $smarty->assign('weight', $weight);
         $smarty->assign('orderId', $row['id_order']);
 
-        // Disable weight editing if user doesn't have edit permissions or if order has tracking number
-        $disabled = !PermissionHelper::canEditOrders() || $row['tracking_number'];
-        $smarty->assign('disabled', $disabled);
+        $isDisabled = !UserPermissionHelper::hasPermission(UserPermissionHelper::SECTION_ORDERS, UserPermissionHelper::PERMISSION_EDIT) || !empty($row['tracking_number']);
+        $smarty->assign('disabled', $isDisabled);
 
         return $smarty->fetch(__DIR__ . '/../../views/templates/admin/grid/weightEditable.tpl');
     }

packetery/controllers/admin/PacketerySettingController.php

@@ -1,6 +1,6 @@
 <?php
 
-use Packetery\Tools\PermissionHelper;
+use Packetery\Tools\UserPermissionHelper;
 
 class PacketerySettingController extends ModuleAdminController
 {
@@ -14,8 +14,8 @@ public function __construct()
 
     public function initContent()
     {
-        if (!PermissionHelper::canViewConfig()) {
-            $this->errors[] = 'You do not have permission to configure the Packeta module. Access denied.';
+        if (!UserPermissionHelper::hasPermission(UserPermissionHelper::SECTION_CONFIG, UserPermissionHelper::PERMISSION_VIEW)) {
+            $this->errors[] = $this->l('You do not have permission to configure the Packeta module. Access denied.', 'packeterysettingcontroller');
             return;
         }
 

packetery/libs/AbstractFormService.php

@@ -11,8 +11,8 @@
 use Packetery\Exceptions\FormDataPersistException;
 use Packetery\Module\Options;
 use Packetery\Tools\ConfigHelper;
-use Packetery\Tools\PermissionHelper;
 use Packetery\Tools\Tools;
+use Packetery\Tools\UserPermissionHelper;
 
 abstract class AbstractFormService
 {
@@ -29,7 +29,7 @@ public function __construct(Options $options)
      */
     public function handleSubmit()
     {
-        if (!PermissionHelper::canEditConfig()) {
+        if (!UserPermissionHelper::hasPermission(UserPermissionHelper::SECTION_CONFIG, UserPermissionHelper::PERMISSION_EDIT)) {
             throw new FormDataPersistException('You do not have permission to save configuration.');
         }
 

packetery/libs/Carrier/CarrierAdminForm.php

@@ -8,7 +8,7 @@
 use Packetery\ApiCarrier\ApiCarrierRepository;
 use Packetery\Exceptions\DatabaseException;
 use Packetery\Tools\MessageManager;
-use Packetery\Tools\PermissionHelper;
+use Packetery\Tools\UserPermissionHelper;
 use Tools;
 
 class CarrierAdminForm
@@ -89,7 +89,7 @@ public function buildCarrierForm()
         }
 
         if (Tools::isSubmit('submitCarrierForm')) {
-            if (!PermissionHelper::canEditCarriers()) {
+            if (!UserPermissionHelper::hasPermission(UserPermissionHelper::SECTION_CARRIERS, UserPermissionHelper::PERMISSION_EDIT)) {
                 $this->error = $this->module->l('You do not have permission to edit carrier settings.', 'carrieradminform');
             } else {
                 $carrierData['id_branch'] = Tools::getValue('id_branch');
@@ -163,7 +163,7 @@ public function buildCarrierOptionsForm()
         }
 
         if (Tools::isSubmit('submitCarrierOptionsForm')) {
-            if (!PermissionHelper::canEditCarriers()) {
+            if (!UserPermissionHelper::hasPermission(UserPermissionHelper::SECTION_CARRIERS, UserPermissionHelper::PERMISSION_EDIT)) {
                 $this->error = $this->module->l('You do not have permission to edit carrier options.', 'carrieradminform');
             } else {
                 $this->saveCarrierOptions($carrierData, $apiCarrier);
@@ -289,7 +289,7 @@ public function buildCarrierOptionsForm()
      */
     public function saveCarrier(array $carrierData)
     {
-        if (!PermissionHelper::canEditCarriers()) {
+        if (!UserPermissionHelper::hasPermission(UserPermissionHelper::SECTION_CARRIERS, UserPermissionHelper::PERMISSION_EDIT)) {
             $this->error = $this->module->l('You do not have permission to save carrier settings.', 'carrieradminform');
             return;
         }
@@ -341,7 +341,7 @@ public function saveCarrier(array $carrierData)
      */
     public function saveCarrierOptions(array $carrierData, array $apiCarrier)
     {
-        if (!PermissionHelper::canEditCarriers()) {
+        if (!UserPermissionHelper::hasPermission(UserPermissionHelper::SECTION_CARRIERS, UserPermissionHelper::PERMISSION_EDIT)) {
             $this->error = $this->module->l('You do not have permission to save carrier options.', 'carrieradminform');
             return;
         }

packetery/libs/Order/OrderDetailsUpdater.php

@@ -5,6 +5,7 @@
 use Packetery;
 use Packetery\Carrier\CarrierTools;
 use Packetery\Tools\Tools;
+use Packetery\Tools\UserPermissionHelper;
 
 class OrderDetailsUpdater
 {
@@ -39,6 +40,14 @@ public function orderUpdate(&$messages, $packeteryOrder, $orderId)
             return $packeteryOrder;
         }
 
+        if (!UserPermissionHelper::hasPermission(UserPermissionHelper::SECTION_ORDERS, UserPermissionHelper::PERMISSION_EDIT)) {
+            $messages[] = [
+                'text' => $this->module->l('You do not have permission to update order details.', 'orderdetailsupdater'),
+                'class' => 'danger',
+            ];
+            return $packeteryOrder;
+        }
+
         if ($packeteryOrder['exported']) {
             return $packeteryOrder;
         }