PES-2876, PES-2886: permissions update

packetery/controllers/admin/PacketeryCarrierGridController.php

@@ -6,6 +6,7 @@
 use Packetery\Carrier\CarrierTools;
 use Packetery\Module\VersionChecker;
 use Packetery\Tools\MessageManager;
+use Packetery\Tools\UserPermissionHelper;
 
 class PacketeryCarrierGridController extends ModuleAdminController
 {
@@ -44,6 +45,13 @@ public function __construct()
         // for $this->translator not being null, in PS 1.6
         parent::__construct();
 
+        /** @var UserPermissionHelper $userPermissionHelper */
+        $userPermissionHelper = $this->getModule()->diContainer->get(UserPermissionHelper::class);
+        if (!$userPermissionHelper->hasPermission(UserPermissionHelper::SECTION_CARRIERS, UserPermissionHelper::PERMISSION_VIEW)) {
+            $this->errors[] = $this->l('You do not have permission to access Packeta carriers. Access denied.', 'packeterycarriergridcontroller');
+            return;
+        }
+
         $module = $this->getModule();
 
         /** @var ApiCarrierRepository $apiCarrierRepository */
@@ -162,9 +170,8 @@ public function renderView()
             $carrierHelper->build();
             if ($carrierHelper->getError()) {
                 $this->errors[] = $carrierHelper->getError();
-            } else {
-                $this->tpl_view_vars['carrierHelper'] = $carrierHelper->getHtml();
             }
+            $this->tpl_view_vars['carrierHelper'] = $carrierHelper->getHtml();
         }
         return parent::renderView();
     }
@@ -173,6 +180,13 @@ public function initToolbar()
     {
         parent::initToolbar();
         unset($this->toolbar_btn['new']);
+
+        /** @var UserPermissionHelper $userPermissionHelper */
+        $userPermissionHelper = $this->getModule()->diContainer->get(UserPermissionHelper::class);
+
+        if (!$userPermissionHelper->hasPermission(UserPermissionHelper::SECTION_CARRIERS, UserPermissionHelper::PERMISSION_EDIT)) {
+            unset($this->toolbar_btn['bulk_action']);
+        }
     }
 
     /**

packetery/controllers/admin/PacketeryLogGridController.php

@@ -1,6 +1,7 @@
 <?php
 
 use Packetery\Log\LogRepository;
+use Packetery\Tools\UserPermissionHelper;
 
 class PacketeryLogGridController extends ModuleAdminController
 {
@@ -38,6 +39,12 @@ public function __construct()
 
         parent::__construct();
 
+        $userPermissionHelper = $this->getModule()->diContainer->get(UserPermissionHelper::class);
+        if (!$userPermissionHelper->hasPermission(UserPermissionHelper::SECTION_LOG, UserPermissionHelper::PERMISSION_VIEW)) {
+            $this->errors[] = $this->l('You do not have permission to access Packeta logs. Access denied.', 'packeteryloggridcontroller');
+            return;
+        }
+
         $this->logRepository = $this->getModule()->diContainer->get(LogRepository::class);
 
         $this->fields_list = [

packetery/controllers/admin/PacketeryOrderGridController.php

@@ -36,6 +36,7 @@
 use Packetery\Order\Tracking;
 use Packetery\PacketTracking\PacketStatusFactory;
 use Packetery\Tools\ConfigHelper;
+use Packetery\Tools\UserPermissionHelper;
 
 class PacketeryOrderGridController extends ModuleAdminController
 {
@@ -109,6 +110,12 @@ public function __construct()
         // for $this->translator not being null, in PS 1.6
         parent::__construct();
 
+        $userPermissionHelper = $this->getModule()->diContainer->get(UserPermissionHelper::class);
+        if (!$userPermissionHelper->hasPermission(UserPermissionHelper::SECTION_ORDERS, UserPermissionHelper::PERMISSION_VIEW)) {
+            $this->errors[] = $this->l('You do not have permission to access Packeta orders. Access denied.', 'packeteryordergridcontroller');
+            return;
+        }
+
         $this->fields_list = [
             'id_order' => [
                 'title' => $this->l('ID', 'packeteryordergridcontroller'),
@@ -234,6 +241,12 @@ private function createPackets(array $ids)
 
     public function processBulkCreatePacket()
     {
+        $userPermissionHelper = $this->getModule()->diContainer->get(UserPermissionHelper::class);
+        if (!$userPermissionHelper->hasPermission(UserPermissionHelper::SECTION_ORDERS, UserPermissionHelper::PERMISSION_EDIT)) {
+            $this->errors[] = $this->l('You do not have permission to submit shipment.', 'packeteryordergridcontroller');
+            return;
+        }
+
         $ids = $this->boxes;
         if (!$ids) {
             $this->informations = $this->l('No orders were selected.', 'packeteryordergridcontroller');
@@ -244,6 +257,12 @@ public function processBulkCreatePacket()
 
     public function processSubmit()
     {
+        $userPermissionHelper = $this->getModule()->diContainer->get(UserPermissionHelper::class);
+        if (!$userPermissionHelper->hasPermission(UserPermissionHelper::SECTION_ORDERS, UserPermissionHelper::PERMISSION_EDIT)) {
+            $this->errors[] = $this->l('You do not have permission to submit shipment.', 'packeteryordergridcontroller');
+            return;
+        }
+
         $this->createPackets([Tools::getValue('id_order')]);
     }
 
@@ -339,6 +358,12 @@ private function prepareLabels(array $packetNumbers, $type, $packetsEnhanced = n
      */
     public function processBulkLabelPdf()
     {
+        $userPermissionHelper = $this->getModule()->diContainer->get(UserPermissionHelper::class);
+        if (!$userPermissionHelper->hasPermission(UserPermissionHelper::SECTION_ORDERS, UserPermissionHelper::PERMISSION_EDIT)) {
+            $this->errors[] = $this->l('You do not have permission to print labels.', 'packeteryordergridcontroller');
+            return;
+        }
+
         if (Tools::isSubmit('submitPrepareLabels')) {
             $packetNumbers = $this->prepareOnlyInternalPacketNumbers($this->boxes);
             if ($packetNumbers) {
@@ -358,6 +383,12 @@ public function processBulkLabelPdf()
      */
     public function processBulkCarrierLabelPdf()
     {
+        $userPermissionHelper = $this->getModule()->diContainer->get(UserPermissionHelper::class);
+        if (!$userPermissionHelper->hasPermission(UserPermissionHelper::SECTION_ORDERS, UserPermissionHelper::PERMISSION_EDIT)) {
+            $this->errors[] = $this->l('You do not have permission to print carrier labels.', 'packeteryordergridcontroller');
+            return;
+        }
+
         if (Tools::isSubmit('submitPrepareLabels')) {
             $packetNumbers = $this->prepareOnlyCarrierPacketNumbers($this->boxes);
             if ($packetNumbers) {
@@ -384,6 +415,12 @@ public function processBulkCarrierLabelPdf()
      */
     public function processPrint()
     {
+        $userPermissionHelper = $this->getModule()->diContainer->get(UserPermissionHelper::class);
+        if (!$userPermissionHelper->hasPermission(UserPermissionHelper::SECTION_ORDERS, UserPermissionHelper::PERMISSION_EDIT)) {
+            $this->errors[] = $this->l('You do not have permission to print label.', 'packeteryordergridcontroller');
+            return;
+        }
+
         /** @var OrderRepository $orderRepo */
         $orderRepository = $this->getModule()->diContainer->get(OrderRepository::class);
         $orderData = $orderRepository->getById((int)Tools::getValue('id_order'));
@@ -410,6 +447,12 @@ public function processPrint()
 
     public function processBulkCsvExport()
     {
+        $userPermissionHelper = $this->getModule()->diContainer->get(UserPermissionHelper::class);
+        if (!$userPermissionHelper->hasPermission(UserPermissionHelper::SECTION_ORDERS, UserPermissionHelper::PERMISSION_VIEW)) {
+            $this->errors[] = $this->l('You do not have permission to access Packeta orders. Access denied.', 'packeteryordergridcontroller');
+            return;
+        }
+
         if ((int)Tools::getValue('submitFilterorders') === 1) {
             return;
         }
@@ -511,6 +554,12 @@ public function postProcess()
             $orderRepo = $this->getModule()->diContainer->get(OrderRepository::class);
             foreach ($_POST as $key => $value) {
                 if (preg_match('/^weight_(\d+)$/', $key, $matches)) {
+                    $userPermissionHelper = $this->getModule()->diContainer->get(UserPermissionHelper::class);
+                    if (!$userPermissionHelper->hasPermission(UserPermissionHelper::SECTION_ORDERS, UserPermissionHelper::PERMISSION_EDIT)) {
+                        $this->errors[] = $this->l('You do not have permission to modify order weights.', 'packeteryordergridcontroller');
+                        continue;
+                    }
+
                     $orderId = (int)$matches[1];
                     if ($value === '') {
                         $value = null;
@@ -623,7 +672,10 @@ public function getWeightEditable($weight, array $row)
         $smarty = new Smarty();
         $smarty->assign('weight', $weight);
         $smarty->assign('orderId', $row['id_order']);
-        $smarty->assign('disabled', $row['tracking_number']);
+
+        $userPermissionHelper = $this->getModule()->diContainer->get(UserPermissionHelper::class);
+        $isDisabled = !$userPermissionHelper->hasPermission(UserPermissionHelper::SECTION_ORDERS, UserPermissionHelper::PERMISSION_EDIT) || (isset($row['tracking_number']) && $row['tracking_number'] !== '');
+        $smarty->assign('disabled', $isDisabled);
 
         return $smarty->fetch(__DIR__ . '/../../views/templates/admin/grid/weightEditable.tpl');
     }

packetery/controllers/admin/PacketerySettingController.php

@@ -1,11 +1,42 @@
 <?php
 
+use Packetery\Tools\UserPermissionHelper;
+
 class PacketerySettingController extends ModuleAdminController
 {
+    /** @var Packetery */
+    private $packetery;
+
+    public function __construct()
+    {
+        $this->bootstrap = true;
+        $this->context = Context::getContext();
+
+        parent::__construct();
+    }
+
     public function initContent()
     {
+        $userPermissionHelper = $this->getModule()->diContainer->get(UserPermissionHelper::class);
+        if (!$userPermissionHelper->hasPermission(UserPermissionHelper::SECTION_CONFIG, UserPermissionHelper::PERMISSION_VIEW)) {
+            $this->errors[] = $this->l('You do not have permission to configure the Packeta module. Access denied.', 'packeterysettingcontroller');
+            return;
+        }
+
         Tools::redirectAdmin(
             $this->module->getAdminLink('AdminModules', ['configure' => $this->module->name, 'tab_module' => $this->module->tab, 'module_name' => $this->module->name])
         );
     }
+
+    /**
+     * @return Packetery
+     */
+    private function getModule()
+    {
+        if ($this->packetery === null) {
+            $this->packetery = new Packetery();
+        }
+
+        return $this->packetery;
+    }
 }

packetery/libs/AbstractFormService.php

@@ -12,22 +12,31 @@
 use Packetery\Module\Options;
 use Packetery\Tools\ConfigHelper;
 use Packetery\Tools\Tools;
+use Packetery\Tools\UserPermissionHelper;
 
 abstract class AbstractFormService
 {
     /** @var Options */
     private $options;
 
-    public function __construct(Options $options)
+    /** @var UserPermissionHelper */
+    private $userPermissionHelper;
+
+    public function __construct(Options $options, UserPermissionHelper $userPermissionHelper)
     {
         $this->options = $options;
+        $this->userPermissionHelper = $userPermissionHelper;
     }
 
     /**
      * @throws FormDataPersistException
      */
     public function handleSubmit()
     {
+        if (!$this->userPermissionHelper->hasPermission(UserPermissionHelper::SECTION_CONFIG, UserPermissionHelper::PERMISSION_EDIT)) {
+            throw new FormDataPersistException('You do not have permission to save configuration.');
+        }
+
         $formFields = $this->getConfigurationFormFields();
         foreach ($formFields as $fieldName => $fieldConfig) {
             $this->handleConfigOption($fieldName, $fieldConfig);

packetery/libs/Carrier/CarrierAdminForm.php

@@ -8,6 +8,7 @@
 use Packetery\ApiCarrier\ApiCarrierRepository;
 use Packetery\Exceptions\DatabaseException;
 use Packetery\Tools\MessageManager;
+use Packetery\Tools\UserPermissionHelper;
 use Tools;
 
 class CarrierAdminForm
@@ -88,8 +89,13 @@ public function buildCarrierForm()
         }
 
         if (Tools::isSubmit('submitCarrierForm')) {
-            $carrierData['id_branch'] = Tools::getValue('id_branch');
-            $this->saveCarrier($carrierData);
+            $userPermissionHelper = $this->module->diContainer->get(UserPermissionHelper::class);
+            if (!$userPermissionHelper->hasPermission(UserPermissionHelper::SECTION_CARRIERS, UserPermissionHelper::PERMISSION_EDIT)) {
+                $this->error = $this->module->l('You do not have permission to edit carrier settings.', 'carrieradminform');
+            } else {
+                $carrierData['id_branch'] = Tools::getValue('id_branch');
+                $this->saveCarrier($carrierData);
+            }
         }
 
         if ($carrierData['name'] === '0') {
@@ -158,7 +164,12 @@ public function buildCarrierOptionsForm()
         }
 
         if (Tools::isSubmit('submitCarrierOptionsForm')) {
-            $this->saveCarrierOptions($carrierData, $apiCarrier);
+            $userPermissionHelper = $this->module->diContainer->get(UserPermissionHelper::class);
+            if (!$userPermissionHelper->hasPermission(UserPermissionHelper::SECTION_CARRIERS, UserPermissionHelper::PERMISSION_EDIT)) {
+                $this->error = $this->module->l('You do not have permission to edit carrier options.', 'carrieradminform');
+            } else {
+                $this->saveCarrierOptions($carrierData, $apiCarrier);
+            }
         }
 
         $possibleVendors = $this->getPossibleVendors($carrierData);
@@ -280,6 +291,12 @@ public function buildCarrierOptionsForm()
      */
     public function saveCarrier(array $carrierData)
     {
+        $userPermissionHelper = $this->module->diContainer->get(UserPermissionHelper::class);
+        if (!$userPermissionHelper->hasPermission(UserPermissionHelper::SECTION_CARRIERS, UserPermissionHelper::PERMISSION_EDIT)) {
+            $this->error = $this->module->l('You do not have permission to save carrier settings.', 'carrieradminform');
+            return;
+        }
+
         $apiCarrier = $this->apiRepository->getById($carrierData['id_branch']);
         if (!$apiCarrier) {
             $this->repository->deleteById($this->carrierId);
@@ -327,6 +344,12 @@ public function saveCarrier(array $carrierData)
      */
     public function saveCarrierOptions(array $carrierData, array $apiCarrier)
     {
+        $userPermissionHelper = $this->module->diContainer->get(UserPermissionHelper::class);
+        if (!$userPermissionHelper->hasPermission(UserPermissionHelper::SECTION_CARRIERS, UserPermissionHelper::PERMISSION_EDIT)) {
+            $this->error = $this->module->l('You do not have permission to save carrier options.', 'carrieradminform');
+            return;
+        }
+
         $formData = Tools::getAllValues();
         $pickupPointType = $this->getPickupPointType($apiCarrier, $carrierData['id_branch']);