From 9aa222a629d0380dda9e06310aba6c354b4d4cbd Mon Sep 17 00:00:00 2001 From: Yurii Myronchuk Date: Mon, 7 Oct 2024 06:37:57 +0000 Subject: [PATCH 01/16] HP-2069: add staff role admin --- src/files/items.php | 71 +++++++++++++++++++-------------- src/files/source/tree.php | 16 ++++++-- tests/unit/CheckAccessTrait.php | 14 +++++-- 3 files changed, 66 insertions(+), 35 deletions(-) diff --git a/src/files/items.php b/src/files/items.php index ad8860b..1dba25b 100644 --- a/src/files/items.php +++ b/src/files/items.php @@ -96,9 +96,6 @@ 'description' => 'The role is generally assigned to staff who are in charge of client\'s servers administration', 'children' => [ 'role:server.user', - 'server.create', - 'server.update', - 'server.delete', 'server.wizzard', 'server.set-label', 'consumption.read', @@ -120,11 +117,20 @@ 'server.see-label', ], ], + 'role:staff-server.admin' => [ + 'type' => 1, + 'children' => [ + 'role:server.admin', + 'server.create', + 'server.delete', + 'server.update', + ], + ], 'role:server.master' => [ 'type' => 1, 'description' => 'The role is generally assigned to staff who have exceptionally high permissions on servers management', 'children' => [ - 'role:server.admin', + 'role:staff-server.admin', 'role:server.manager', ], ], @@ -844,6 +850,13 @@ 'role:hosting.admin', ], ], + 'role:staff-admin' => [ + 'type' => 1, + 'children' => [ + 'role:admin', + 'role:staff-server.admin', + ], + ], 'role:accounter' => [ 'type' => 1, 'description' => 'The role is generally assigned to staff who are in charge of accounting', @@ -1096,7 +1109,7 @@ 'type' => 1, 'description' => 'The role is for testing only', 'children' => [ - 'role:admin', + 'role:staff-admin', 'role:manager', 'role:document.master', 'role:finance.master', @@ -1369,30 +1382,6 @@ 'type' => 2, 'description' => 'Prohibits set-note operation on the server', ], - 'server.create' => [ - 'type' => 2, - 'description' => 'Allows creating of the server', - ], - 'deny:server.create' => [ - 'type' => 2, - 'description' => 'Prohibits creating of the server', - ], - 'server.update' => [ - 'type' => 2, - 'description' => 'Allows updating of the server', - ], - 'deny:server.update' => [ - 'type' => 2, - 'description' => 'Prohibits updating of the server', - ], - 'server.delete' => [ - 'type' => 2, - 'description' => 'Allows deleting of the server', - ], - 'deny:server.delete' => [ - 'type' => 2, - 'description' => 'Prohibits deleting of the server', - ], 'server.wizzard' => [ 'type' => 2, 'description' => 'Allows wizzarding of the server', @@ -1465,6 +1454,30 @@ 'type' => 2, 'description' => 'Prohibits selling of the server', ], + 'server.create' => [ + 'type' => 2, + 'description' => 'Allows creating of the server', + ], + 'deny:server.create' => [ + 'type' => 2, + 'description' => 'Prohibits creating of the server', + ], + 'server.delete' => [ + 'type' => 2, + 'description' => 'Allows deleting of the server', + ], + 'deny:server.delete' => [ + 'type' => 2, + 'description' => 'Prohibits deleting of the server', + ], + 'server.update' => [ + 'type' => 2, + 'description' => 'Allows updating of the server', + ], + 'deny:server.update' => [ + 'type' => 2, + 'description' => 'Prohibits updating of the server', + ], 'hub.read' => [ 'type' => 2, 'description' => 'Allows reading of the hub', diff --git a/src/files/source/tree.php b/src/files/source/tree.php index 808e269..7ce8b3d 100644 --- a/src/files/source/tree.php +++ b/src/files/source/tree.php @@ -35,7 +35,7 @@ 'server.read', 'server.control-power', 'server.control-system', 'server.set-note', ], 'role:server.admin' => [ - 'role:server.user', 'server.create', 'server.update', 'server.delete', + 'role:server.user', 'server.wizzard', 'server.set-label', 'consumption.read', 'server.manage-settings', 'server.see-label', 'server.move-disks', ], @@ -43,8 +43,14 @@ 'role:server.user', 'server.enable-block', 'server.disable-block', 'server.pay', 'server.sell', 'server.set-label', 'server.see-label', ], + 'role:staff-server.admin' => [ + 'role:server.admin', + 'server.create', + 'server.delete', + 'server.update', + ], 'role:server.master' => [ - 'role:server.admin', 'role:server.manager', + 'role:staff-server.admin', 'role:server.manager', ], 'role:hub.user' => [ 'hub.read', @@ -354,6 +360,10 @@ 'role:server.admin', 'role:hosting.admin', ], + 'role:staff-admin' => [ + 'role:admin', + 'role:staff-server.admin', + ], 'role:accounter' => [ 'role:manager', 'role:hub.manager', @@ -479,7 +489,7 @@ 'role:blacklist.manager', ], 'role:almighty' => [ - 'role:admin', + 'role:staff-admin', 'role:manager', 'role:document.master', 'role:finance.master', diff --git a/tests/unit/CheckAccessTrait.php b/tests/unit/CheckAccessTrait.php index deff96e..4ae8015 100644 --- a/tests/unit/CheckAccessTrait.php +++ b/tests/unit/CheckAccessTrait.php @@ -66,7 +66,7 @@ public function testAccessSubclients() $this->assertEqualsCanonicalizing($result, [ 'role:almighty', 'access-subclients', 'role:support', 'role:admin', 'role:accounter', 'role:manager', - 'role:reseller', 'role:owner', 'role:junior-manager', + 'role:reseller', 'role:owner', 'role:junior-manager', 'role:staff-admin', ]); } @@ -145,7 +145,7 @@ public function testAdmin() 'certificate.read', 'certificate.create', 'certificate.update', 'contact.read', 'contact.create', 'contact.update', 'contact.delete', - 'server.read', 'server.create', 'server.update', 'server.delete', 'server.control-power', + 'server.read', 'server.control-power', 'server.control-system', 'server.wizzard', 'server.set-label', 'server.set-note', 'server.manage-settings', 'server.see-label', 'server.move-disks', @@ -172,6 +172,14 @@ public function testAdmin() ]); } + public function testStaffAdmin() + { + $this->assertAccesses('role:staff-admin', [ + 'access-subclients', 'support', 'admin', + 'server.create', 'server.update', 'server.delete', + ]); + } + public function testAccounter() { $this->assertAccesses('role:accounter', [ @@ -308,7 +316,7 @@ public function testEmployee() public function testMighty() { - $this->auth->setAssignments('role:admin,role:manager,role:document.master,role:finance.master,role:stock.master,role:config.manager,domain.freeze,domain.force-push,domain.delete,employee.read,domain.force-send-foa,deny:deposit', 'user:mighty'); + $this->auth->setAssignments('role:staff-admin,role:manager,role:document.master,role:finance.master,role:stock.master,role:config.manager,domain.freeze,domain.force-push,domain.delete,employee.read,domain.force-send-foa,deny:deposit', 'user:mighty'); $this->assertAccesses('user:mighty', [ 'access-subclients', 'access-reseller', From a867b1960d73648ba6535e8c88805d73e13a63b6 Mon Sep 17 00:00:00 2001 From: Yurii Myronchuk Date: Tue, 8 Oct 2024 07:33:41 +0000 Subject: [PATCH 02/16] changes --- src/files/items.php | 6 ++++-- src/files/source/metadata.php | 6 ++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/files/items.php b/src/files/items.php index 1dba25b..3ac95ea 100644 --- a/src/files/items.php +++ b/src/files/items.php @@ -93,7 +93,7 @@ ], 'role:server.admin' => [ 'type' => 1, - 'description' => 'The role is generally assigned to staff who are in charge of client\'s servers administration', + 'description' => 'The role is generally assigned to reseller client who are in charge of client\'s servers administration', 'children' => [ 'role:server.user', 'server.wizzard', @@ -119,6 +119,7 @@ ], 'role:staff-server.admin' => [ 'type' => 1, + 'description' => 'The role is generally assigned to staff who are in charge of client\'s servers administration', 'children' => [ 'role:server.admin', 'server.create', @@ -840,7 +841,7 @@ ], 'role:admin' => [ 'type' => 1, - 'description' => 'The role is generally assigned to staff who are in charge for the technical management of the resources', + 'description' => 'The role is generally assigned to reseller\'s client who are in charge for the technical management of the resources', 'children' => [ 'admin', 'role:support', @@ -852,6 +853,7 @@ ], 'role:staff-admin' => [ 'type' => 1, + 'description' => 'The role is generally assigned to staff who are in charge for the technical management of the resources', 'children' => [ 'role:admin', 'role:staff-server.admin', diff --git a/src/files/source/metadata.php b/src/files/source/metadata.php index 8ea0167..a301c7f 100644 --- a/src/files/source/metadata.php +++ b/src/files/source/metadata.php @@ -32,6 +32,9 @@ 'description' => 'The role is generally assigned to users who are allowed to use servers', ], 'role:server.admin' => [ + 'description' => 'The role is generally assigned to reseller client who are in charge of client\'s servers administration', + ], + 'role:staff-server.admin' => [ 'description' => 'The role is generally assigned to staff who are in charge of client\'s servers administration', ], 'role:server.manager' => [ @@ -227,6 +230,9 @@ 'description' => 'The role is generally assigned to staff who are in charge of customer support', ], 'role:admin' => [ + 'description' => 'The role is generally assigned to reseller\'s client who are in charge for the technical management of the resources', + ], + 'role:staff-admin' => [ 'description' => 'The role is generally assigned to staff who are in charge for the technical management of the resources', ], 'role:accounter' => [ From 8d01bca289308c71748dc19b3e3583fb0b8846a8 Mon Sep 17 00:00:00 2001 From: Yurii Myronchuk Date: Mon, 7 Oct 2024 06:37:57 +0000 Subject: [PATCH 03/16] HP-2069: add staff role admin --- src/files/items.php | 71 +++++++++++++++++++-------------- src/files/source/tree.php | 16 ++++++-- tests/unit/CheckAccessTrait.php | 14 +++++-- 3 files changed, 66 insertions(+), 35 deletions(-) diff --git a/src/files/items.php b/src/files/items.php index ad8860b..1dba25b 100644 --- a/src/files/items.php +++ b/src/files/items.php @@ -96,9 +96,6 @@ 'description' => 'The role is generally assigned to staff who are in charge of client\'s servers administration', 'children' => [ 'role:server.user', - 'server.create', - 'server.update', - 'server.delete', 'server.wizzard', 'server.set-label', 'consumption.read', @@ -120,11 +117,20 @@ 'server.see-label', ], ], + 'role:staff-server.admin' => [ + 'type' => 1, + 'children' => [ + 'role:server.admin', + 'server.create', + 'server.delete', + 'server.update', + ], + ], 'role:server.master' => [ 'type' => 1, 'description' => 'The role is generally assigned to staff who have exceptionally high permissions on servers management', 'children' => [ - 'role:server.admin', + 'role:staff-server.admin', 'role:server.manager', ], ], @@ -844,6 +850,13 @@ 'role:hosting.admin', ], ], + 'role:staff-admin' => [ + 'type' => 1, + 'children' => [ + 'role:admin', + 'role:staff-server.admin', + ], + ], 'role:accounter' => [ 'type' => 1, 'description' => 'The role is generally assigned to staff who are in charge of accounting', @@ -1096,7 +1109,7 @@ 'type' => 1, 'description' => 'The role is for testing only', 'children' => [ - 'role:admin', + 'role:staff-admin', 'role:manager', 'role:document.master', 'role:finance.master', @@ -1369,30 +1382,6 @@ 'type' => 2, 'description' => 'Prohibits set-note operation on the server', ], - 'server.create' => [ - 'type' => 2, - 'description' => 'Allows creating of the server', - ], - 'deny:server.create' => [ - 'type' => 2, - 'description' => 'Prohibits creating of the server', - ], - 'server.update' => [ - 'type' => 2, - 'description' => 'Allows updating of the server', - ], - 'deny:server.update' => [ - 'type' => 2, - 'description' => 'Prohibits updating of the server', - ], - 'server.delete' => [ - 'type' => 2, - 'description' => 'Allows deleting of the server', - ], - 'deny:server.delete' => [ - 'type' => 2, - 'description' => 'Prohibits deleting of the server', - ], 'server.wizzard' => [ 'type' => 2, 'description' => 'Allows wizzarding of the server', @@ -1465,6 +1454,30 @@ 'type' => 2, 'description' => 'Prohibits selling of the server', ], + 'server.create' => [ + 'type' => 2, + 'description' => 'Allows creating of the server', + ], + 'deny:server.create' => [ + 'type' => 2, + 'description' => 'Prohibits creating of the server', + ], + 'server.delete' => [ + 'type' => 2, + 'description' => 'Allows deleting of the server', + ], + 'deny:server.delete' => [ + 'type' => 2, + 'description' => 'Prohibits deleting of the server', + ], + 'server.update' => [ + 'type' => 2, + 'description' => 'Allows updating of the server', + ], + 'deny:server.update' => [ + 'type' => 2, + 'description' => 'Prohibits updating of the server', + ], 'hub.read' => [ 'type' => 2, 'description' => 'Allows reading of the hub', diff --git a/src/files/source/tree.php b/src/files/source/tree.php index 808e269..7ce8b3d 100644 --- a/src/files/source/tree.php +++ b/src/files/source/tree.php @@ -35,7 +35,7 @@ 'server.read', 'server.control-power', 'server.control-system', 'server.set-note', ], 'role:server.admin' => [ - 'role:server.user', 'server.create', 'server.update', 'server.delete', + 'role:server.user', 'server.wizzard', 'server.set-label', 'consumption.read', 'server.manage-settings', 'server.see-label', 'server.move-disks', ], @@ -43,8 +43,14 @@ 'role:server.user', 'server.enable-block', 'server.disable-block', 'server.pay', 'server.sell', 'server.set-label', 'server.see-label', ], + 'role:staff-server.admin' => [ + 'role:server.admin', + 'server.create', + 'server.delete', + 'server.update', + ], 'role:server.master' => [ - 'role:server.admin', 'role:server.manager', + 'role:staff-server.admin', 'role:server.manager', ], 'role:hub.user' => [ 'hub.read', @@ -354,6 +360,10 @@ 'role:server.admin', 'role:hosting.admin', ], + 'role:staff-admin' => [ + 'role:admin', + 'role:staff-server.admin', + ], 'role:accounter' => [ 'role:manager', 'role:hub.manager', @@ -479,7 +489,7 @@ 'role:blacklist.manager', ], 'role:almighty' => [ - 'role:admin', + 'role:staff-admin', 'role:manager', 'role:document.master', 'role:finance.master', diff --git a/tests/unit/CheckAccessTrait.php b/tests/unit/CheckAccessTrait.php index b99007a..ccf463e 100644 --- a/tests/unit/CheckAccessTrait.php +++ b/tests/unit/CheckAccessTrait.php @@ -87,7 +87,7 @@ public function testAccessSubclients() $this->assertEqualsCanonicalizing($result, [ 'role:almighty', 'access-subclients', 'role:support', 'role:admin', 'role:accounter', 'role:manager', - 'role:reseller', 'role:owner', 'role:junior-manager', + 'role:reseller', 'role:owner', 'role:junior-manager', 'role:staff-admin', ]); } @@ -166,7 +166,7 @@ public function testAdmin() 'certificate.read', 'certificate.create', 'certificate.update', 'contact.read', 'contact.create', 'contact.update', 'contact.delete', - 'server.read', 'server.create', 'server.update', 'server.delete', 'server.control-power', + 'server.read', 'server.control-power', 'server.control-system', 'server.wizzard', 'server.set-label', 'server.set-note', 'server.manage-settings', 'server.see-label', 'server.move-disks', @@ -193,6 +193,14 @@ public function testAdmin() ]); } + public function testStaffAdmin() + { + $this->assertAccesses('role:staff-admin', [ + 'access-subclients', 'support', 'admin', + 'server.create', 'server.update', 'server.delete', + ]); + } + public function testAccounter() { $this->assertAccesses('role:accounter', [ @@ -329,7 +337,7 @@ public function testEmployee() public function testMighty() { - $this->auth->setAssignments('role:admin,role:manager,role:document.master,role:finance.master,role:stock.master,role:config.manager,domain.freeze,domain.force-push,domain.delete,employee.read,domain.force-send-foa,deny:deposit', 'user:mighty'); + $this->auth->setAssignments('role:staff-admin,role:manager,role:document.master,role:finance.master,role:stock.master,role:config.manager,domain.freeze,domain.force-push,domain.delete,employee.read,domain.force-send-foa,deny:deposit', 'user:mighty'); $this->assertAccesses('user:mighty', [ 'access-subclients', 'access-reseller', From ea5e649e0ef70cb0513811e14c096581601c83cd Mon Sep 17 00:00:00 2001 From: Yurii Myronchuk Date: Tue, 8 Oct 2024 07:33:41 +0000 Subject: [PATCH 04/16] changes --- src/files/items.php | 6 ++++-- src/files/source/metadata.php | 6 ++++++ 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/files/items.php b/src/files/items.php index 1dba25b..3ac95ea 100644 --- a/src/files/items.php +++ b/src/files/items.php @@ -93,7 +93,7 @@ ], 'role:server.admin' => [ 'type' => 1, - 'description' => 'The role is generally assigned to staff who are in charge of client\'s servers administration', + 'description' => 'The role is generally assigned to reseller client who are in charge of client\'s servers administration', 'children' => [ 'role:server.user', 'server.wizzard', @@ -119,6 +119,7 @@ ], 'role:staff-server.admin' => [ 'type' => 1, + 'description' => 'The role is generally assigned to staff who are in charge of client\'s servers administration', 'children' => [ 'role:server.admin', 'server.create', @@ -840,7 +841,7 @@ ], 'role:admin' => [ 'type' => 1, - 'description' => 'The role is generally assigned to staff who are in charge for the technical management of the resources', + 'description' => 'The role is generally assigned to reseller\'s client who are in charge for the technical management of the resources', 'children' => [ 'admin', 'role:support', @@ -852,6 +853,7 @@ ], 'role:staff-admin' => [ 'type' => 1, + 'description' => 'The role is generally assigned to staff who are in charge for the technical management of the resources', 'children' => [ 'role:admin', 'role:staff-server.admin', diff --git a/src/files/source/metadata.php b/src/files/source/metadata.php index 8ea0167..a301c7f 100644 --- a/src/files/source/metadata.php +++ b/src/files/source/metadata.php @@ -32,6 +32,9 @@ 'description' => 'The role is generally assigned to users who are allowed to use servers', ], 'role:server.admin' => [ + 'description' => 'The role is generally assigned to reseller client who are in charge of client\'s servers administration', + ], + 'role:staff-server.admin' => [ 'description' => 'The role is generally assigned to staff who are in charge of client\'s servers administration', ], 'role:server.manager' => [ @@ -227,6 +230,9 @@ 'description' => 'The role is generally assigned to staff who are in charge of customer support', ], 'role:admin' => [ + 'description' => 'The role is generally assigned to reseller\'s client who are in charge for the technical management of the resources', + ], + 'role:staff-admin' => [ 'description' => 'The role is generally assigned to staff who are in charge for the technical management of the resources', ], 'role:accounter' => [ From a24eb2bf2a248fe99f51789487eb0df7ddca63e8 Mon Sep 17 00:00:00 2001 From: Yurii Myronchuk Date: Mon, 14 Oct 2024 05:30:54 +0000 Subject: [PATCH 05/16] fix tests --- tests/unit/CheckAccessTrait.php | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/tests/unit/CheckAccessTrait.php b/tests/unit/CheckAccessTrait.php index ccf463e..9f66730 100644 --- a/tests/unit/CheckAccessTrait.php +++ b/tests/unit/CheckAccessTrait.php @@ -198,6 +198,38 @@ public function testStaffAdmin() $this->assertAccesses('role:staff-admin', [ 'access-subclients', 'support', 'admin', 'server.create', 'server.update', 'server.delete', + 'access-subclients', 'support', 'admin', + 'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete', + 'client.read', 'client.list', + 'domain.read', 'domain.update', 'domain.delete-agp', 'domain.set-nss', + 'dns.create', 'dns.read', 'dns.update', 'dns.delete', + 'certificate.read', 'certificate.create', 'certificate.update', + 'contact.read', 'contact.create', 'contact.update', 'contact.delete', + + 'server.read', 'server.control-power', + 'server.control-system', 'server.wizzard', 'server.set-label', 'server.set-note', 'server.manage-settings', + 'server.see-label', 'server.move-disks', + + 'hub.read', 'hub.create', 'hub.update', 'hub.delete', + 'consumption.read', + 'stock.read', + 'part.read', // 'part.create', 'part.update', 'part.delete', + 'move.read', 'move.create', 'move.update', 'move.delete', + 'move.get-directions', + 'order.read', + 'model.read', // 'model.create', 'model.update', 'model.delete', + 'account.read', 'account.create', 'account.update', 'account.delete', + 'backup.read', 'backup.delete', + 'backuping.read', 'backuping.create', 'backuping.update', 'backuping.delete', + 'crontab.read', 'crontab.create', 'crontab.update', 'crontab.delete', + 'db.read', 'db.create', 'db.update', 'db.delete', + 'hdomain.read', 'hdomain.create', 'hdomain.update', 'hdomain.delete', 'hdomain.set-dns', + 'mail.read', 'mail.create', 'mail.update', 'mail.delete', + 'request.read', 'request.create', 'request.update', 'request.delete', + 'vhost.read', 'vhost.create', 'vhost.update', 'vhost.delete', + 'ip.read', 'ip.create', 'ip.update', 'ip.delete', + 'service.read', 'service.create', 'service.update', 'service.delete', + 'blacklist.read', 'blacklist.create', 'blacklist.update', 'blacklist.delete', ]); } From 86836c0625304968fa827b0c1bdedbe76defdf24 Mon Sep 17 00:00:00 2001 From: Yurii Myronchuk Date: Mon, 14 Oct 2024 05:36:18 +0000 Subject: [PATCH 06/16] change access role for hub --- src/files/items.php | 30 +++++++++++++++++++----------- src/files/source/metadata.php | 3 +++ src/files/source/tree.php | 8 ++++++-- tests/unit/CheckAccessTrait.php | 2 +- 4 files changed, 29 insertions(+), 14 deletions(-) diff --git a/src/files/items.php b/src/files/items.php index 3ac95ea..9479eec 100644 --- a/src/files/items.php +++ b/src/files/items.php @@ -144,11 +144,18 @@ ], 'role:hub.admin' => [ 'type' => 1, - 'description' => 'The role is generally assigned to staff who are in charge of client\'s hubs administration', + 'description' => 'The role is generally assigned to reseller staff who are in charge of client\'s hubs administration', 'children' => [ 'hub.read', - 'hub.create', 'hub.update', + ], + ], + 'role:staff-hub.admin' => [ + 'type' => 1, + 'description' => 'The role is generally assigned to staff who are in charge of client\'s hubs administration', + 'children' => [ + 'role:hub.admin', + 'hub.create', 'hub.delete', ], ], @@ -164,7 +171,7 @@ 'type' => 1, 'description' => 'The role is generally assigned to staff who have exceptionally high permissions on hubs management', 'children' => [ - 'role:hub.admin', + 'role:staff-hub.admin', 'role:hub.manager', ], ], @@ -857,6 +864,7 @@ 'children' => [ 'role:admin', 'role:staff-server.admin', + 'role:staff-hub.admin', ], ], 'role:accounter' => [ @@ -1488,14 +1496,6 @@ 'type' => 2, 'description' => 'Prohibits reading of the hub', ], - 'hub.create' => [ - 'type' => 2, - 'description' => 'Allows creating of the hub', - ], - 'deny:hub.create' => [ - 'type' => 2, - 'description' => 'Prohibits creating of the hub', - ], 'hub.update' => [ 'type' => 2, 'description' => 'Allows updating of the hub', @@ -1504,6 +1504,14 @@ 'type' => 2, 'description' => 'Prohibits updating of the hub', ], + 'hub.create' => [ + 'type' => 2, + 'description' => 'Allows creating of the hub', + ], + 'deny:hub.create' => [ + 'type' => 2, + 'description' => 'Prohibits creating of the hub', + ], 'hub.delete' => [ 'type' => 2, 'description' => 'Allows deleting of the hub', diff --git a/src/files/source/metadata.php b/src/files/source/metadata.php index a301c7f..5e3f4fa 100644 --- a/src/files/source/metadata.php +++ b/src/files/source/metadata.php @@ -47,6 +47,9 @@ 'description' => 'The role is generally assigned to users who are allowed to rents hubs', ], 'role:hub.admin' => [ + 'description' => 'The role is generally assigned to reseller staff who are in charge of client\'s hubs administration', + ], + 'role:staff-hub.admin' => [ 'description' => 'The role is generally assigned to staff who are in charge of client\'s hubs administration', ], 'role:hub.manager' => [ diff --git a/src/files/source/tree.php b/src/files/source/tree.php index 7ce8b3d..9c369e0 100644 --- a/src/files/source/tree.php +++ b/src/files/source/tree.php @@ -56,13 +56,16 @@ 'hub.read', ], 'role:hub.admin' => [ - 'hub.read', 'hub.create', 'hub.update', 'hub.delete', + 'hub.read', 'hub.update', + ], + 'role:staff-hub.admin' => [ + 'role:hub.admin', 'hub.create', 'hub.delete', ], 'role:hub.manager' => [ 'hub.read', 'hub.sell', ], 'role:hub.master' => [ - 'role:hub.admin', 'role:hub.manager', + 'role:staff-hub.admin', 'role:hub.manager', ], 'role:consumption.user' => [ 'consumption.read', @@ -363,6 +366,7 @@ 'role:staff-admin' => [ 'role:admin', 'role:staff-server.admin', + 'role:staff-hub.admin', ], 'role:accounter' => [ 'role:manager', diff --git a/tests/unit/CheckAccessTrait.php b/tests/unit/CheckAccessTrait.php index 9f66730..b333cc6 100644 --- a/tests/unit/CheckAccessTrait.php +++ b/tests/unit/CheckAccessTrait.php @@ -170,7 +170,7 @@ public function testAdmin() 'server.control-system', 'server.wizzard', 'server.set-label', 'server.set-note', 'server.manage-settings', 'server.see-label', 'server.move-disks', - 'hub.read', 'hub.create', 'hub.update', 'hub.delete', + 'hub.read', 'hub.update', 'consumption.read', 'stock.read', 'part.read', // 'part.create', 'part.update', 'part.delete', From 99d8a9ce7bfa2788e05daf3d326a1fe5617561d2 Mon Sep 17 00:00:00 2001 From: Yurii Myronchuk Date: Sun, 27 Oct 2024 22:23:12 +0000 Subject: [PATCH 07/16] add tesst adn permissions --- src/files/items.php | 82 +++++++++++++++++++++++++++++++++ src/files/source/metadata.php | 48 +++++++++++++++++++ src/files/source/tree.php | 17 ++++++- tests/unit/CheckAccessTrait.php | 15 +++++- 4 files changed, 160 insertions(+), 2 deletions(-) diff --git a/src/files/items.php b/src/files/items.php index 9479eec..9afa52b 100644 --- a/src/files/items.php +++ b/src/files/items.php @@ -41,6 +41,7 @@ 'client.set-note', 'purse.update', 'purse.read', + 'purse.set-credit', ], ], 'role:employee.manager' => [ @@ -96,6 +97,9 @@ 'description' => 'The role is generally assigned to reseller client who are in charge of client\'s servers administration', 'children' => [ 'role:server.user', + 'server.wizzard-read', + 'server.read-legend', + 'server.read-all', 'server.wizzard', 'server.set-label', 'consumption.read', @@ -109,12 +113,17 @@ 'description' => 'The role is generally assigned to staff who are in charge of client\'s servers management', 'children' => [ 'role:server.user', + 'server.wizzard-read', 'server.enable-block', 'server.disable-block', 'server.pay', 'server.sell', 'server.set-label', 'server.see-label', + 'server.read-legend', + 'server.read-all', + 'server.read-manager', + 'server.read-billing', ], ], 'role:staff-server.admin' => [ @@ -125,6 +134,7 @@ 'server.create', 'server.delete', 'server.update', + 'server.asssign-hub', ], ], 'role:server.master' => [ @@ -466,6 +476,7 @@ 'description' => 'The role is generally assigned to staff who are in charge of bills management', 'children' => [ 'bill.read', + 'charge.read', ], ], 'role:bill.manager' => [ @@ -478,6 +489,7 @@ 'bill.delete', 'deposit', 'role:purse.manager', + 'charge.read', ], ], 'role:bill.master' => [ @@ -533,6 +545,7 @@ 'price.update', 'price.delete', 'price.create', + 'plan.set-note', ], ], 'role:plan.master' => [ @@ -1272,6 +1285,13 @@ 'type' => 2, 'description' => 'Prohibits reading of the purse', ], + 'purse.set-credit' => [ + 'type' => 2, + ], + 'deny:purse.set-credit' => [ + 'type' => 2, + 'description' => 'Prohibits set credit to purse', + ], 'employee.read' => [ 'type' => 2, 'description' => 'Allows reading of the employee', @@ -1392,6 +1412,30 @@ 'type' => 2, 'description' => 'Prohibits set-note operation on the server', ], + 'server.wizzard-read' => [ + 'type' => 2, + 'description' => 'Allows reading info about wizzarding of the server', + ], + 'deny:server.wizzard-read' => [ + 'type' => 2, + 'description' => 'Prohibits reading of the info about wizzarding of server', + ], + 'server.read-legend' => [ + 'type' => 2, + 'description' => 'Prohibits reading of the server', + ], + 'deny:server.read-legend' => [ + 'type' => 2, + 'description' => 'Prohibits reading label of the server', + ], + 'server.read-all' => [ + 'type' => 2, + 'description' => 'Allows reading of extended data of the server', + ], + 'deny:server.read-all' => [ + 'type' => 2, + 'description' => 'Prohibits reading of extended data fo the server', + ], 'server.wizzard' => [ 'type' => 2, 'description' => 'Allows wizzarding of the server', @@ -1464,6 +1508,20 @@ 'type' => 2, 'description' => 'Prohibits selling of the server', ], + 'server.read-manager' => [ + 'type' => 2, + ], + 'deny:server.read-manager' => [ + 'type' => 2, + ], + 'server.read-billing' => [ + 'type' => 2, + 'description' => 'Allow reading of tariff and sale information of server', + ], + 'deny:server.read-billing' => [ + 'type' => 2, + 'description' => 'Prohibits reading of tariff and sale information of server', + ], 'server.create' => [ 'type' => 2, 'description' => 'Allows creating of the server', @@ -1488,6 +1546,14 @@ 'type' => 2, 'description' => 'Prohibits updating of the server', ], + 'server.asssign-hub' => [ + 'type' => 2, + 'description' => 'Allows assign hubs to server', + ], + 'deny:server.asssign-hub' => [ + 'type' => 2, + 'description' => 'Prohibits assign hub to server', + ], 'hub.read' => [ 'type' => 2, 'description' => 'Allows reading of the hub', @@ -2082,6 +2148,14 @@ 'type' => 2, 'description' => 'Prohibits reading of the bill', ], + 'charge.read' => [ + 'type' => 2, + 'description' => 'Allow reading of the charges', + ], + 'deny:charge.read' => [ + 'type' => 2, + 'description' => 'Prohibits reading of the charges', + ], 'bill.create' => [ 'type' => 2, 'description' => 'Allows creating of the bill', @@ -2226,6 +2300,14 @@ 'type' => 2, 'description' => 'Prohibits creating of the price', ], + 'plan.set-note' => [ + 'type' => 2, + 'description' => 'Allows set note to plan', + ], + 'deny:plan.set-note' => [ + 'type' => 2, + 'description' => 'Prohibits set note to plan', + ], 'document.read' => [ 'type' => 2, 'description' => 'Allows reading of the document', diff --git a/src/files/source/metadata.php b/src/files/source/metadata.php index 5e3f4fa..8cceb4b 100644 --- a/src/files/source/metadata.php +++ b/src/files/source/metadata.php @@ -934,6 +934,9 @@ 'deny:plan.update' => [ 'description' => 'Prohibits updating of the plan', ], + 'deny:plan.set-note' => [ + 'description' => 'Prohibits set note to plan', + ], 'deny:price.create' => [ 'description' => 'Prohibits creating of the price', ], @@ -949,6 +952,9 @@ 'deny:purse.update' => [ 'description' => 'Prohibits updating of the purse', ], + 'deny:purse.set-credit' => [ + 'description' => 'Prohibits set credit to purse', + ], 'deny:ref.view.not-used' => [ 'description' => 'Prohibits view.not-used operation on the ref', ], @@ -1018,6 +1024,18 @@ 'deny:server.read' => [ 'description' => 'Prohibits reading of the server', ], + 'deny:server.read-all' => [ + 'description' => 'Prohibits reading of extended data fo the server', + ], + 'deny:server.read-billing' => [ + 'description' => 'Prohibits reading of tariff and sale information of server', + ], + 'deny:server.wizzard-read' => [ + 'description' => 'Prohibits reading of the info about wizzarding of server', + ], + 'deny:server.read-legend' => [ + 'description' => 'Prohibits reading label of the server', + ], 'deny:server.sell' => [ 'description' => 'Prohibits selling of the server', ], @@ -1033,6 +1051,9 @@ 'deny:server.wizzard' => [ 'description' => 'Prohibits wizzarding of the server', ], + 'deny:server.asssign-hub' => [ + 'description' => 'Prohibits assign hub to server', + ], 'deny:service.create' => [ 'description' => 'Prohibits creating of the service', ], @@ -1354,6 +1375,9 @@ 'plan.update' => [ 'description' => 'Allows updating of the plan', ], + 'plan.set-note' => [ + 'description' => 'Allows set note to plan', + ], 'price.create' => [ 'description' => 'Allows creating of the price', ], @@ -1369,6 +1393,9 @@ 'purse.update' => [ 'description' => 'Allows updating of the purse', ], + 'purse.st-credit' => [ + 'description' => 'Allows set credit to the purse', + ], 'ref.view.not-used' => [ 'description' => 'Allows view.not-used operation on the ref', ], @@ -1420,6 +1447,9 @@ 'server.create' => [ 'description' => 'Allows creating of the server', ], + 'server.asssign-hub' => [ + 'description' => 'Allows assign hubs to server', + ], 'server.delete' => [ 'description' => 'Allows deleting of the server', ], @@ -1438,6 +1468,18 @@ 'server.read' => [ 'description' => 'Allows reading of the server', ], + 'server.read-all' => [ + 'description' => 'Allows reading of extended data of the server', + ], + 'server.wizzard-read' => [ + 'description' => 'Allows reading info about wizzarding of the server', + ], + 'server.read-legend' => [ + 'description' => 'Prohibits reading of the server', + ], + 'server.read-billing' => [ + 'description' => 'Allow reading of tariff and sale information of server', + ], 'server.sell' => [ 'description' => 'Allows selling of the server', ], @@ -1618,6 +1660,12 @@ 'deny:costprice.update' => [ 'description' => 'Prohibits updating of the costprice', ], + 'charge.read' => [ + 'description' => 'Allow reading of the charges', + ], + 'deny:charge.read' => [ + 'description' => 'Prohibits reading of the charges', + ], 'deny:pay' => [ 'description' => 'Prohibits paying', ], diff --git a/src/files/source/tree.php b/src/files/source/tree.php index 9c369e0..d6dbb1b 100644 --- a/src/files/source/tree.php +++ b/src/files/source/tree.php @@ -16,6 +16,7 @@ 'contact.set-verified', 'client.block', 'client.unblock', 'client.get-note', 'client.set-note', 'purse.update', 'purse.read', + 'purse.set-credit', ], 'role:employee.manager' => [ 'client.list', 'employee.read', 'employee.create', 'employee.update', 'employee.delete', 'document.acceptance', @@ -36,18 +37,29 @@ ], 'role:server.admin' => [ 'role:server.user', + 'server.wizzard-read', + 'server.read-legend', + 'server.read-all', 'server.wizzard', 'server.set-label', 'consumption.read', 'server.manage-settings', 'server.see-label', 'server.move-disks', ], 'role:server.manager' => [ - 'role:server.user', 'server.enable-block', 'server.disable-block', 'server.pay', 'server.sell', 'server.set-label', + 'role:server.user', + 'server.wizzard-read', + 'server.enable-block', 'server.disable-block', + 'server.pay', 'server.sell', 'server.set-label', 'server.see-label', + 'server.read-legend', + 'server.read-all', + 'server.read-manager', + 'server.read-billing', ], 'role:staff-server.admin' => [ 'role:server.admin', 'server.create', 'server.delete', 'server.update', + 'server.asssign-hub', ], 'role:server.master' => [ 'role:staff-server.admin', 'role:server.manager', @@ -174,10 +186,12 @@ ], 'role:bill.junior-manager' => [ 'bill.read', + 'charge.read', ], 'role:bill.manager' => [ 'bill.read', 'bill.create', 'bill.update', 'bill.delete', 'deposit', 'role:purse.manager', + 'charge.read', ], 'role:bill.master' => [ 'bill.read', 'bill.create', 'bill.update', 'bill.delete', 'deposit', @@ -198,6 +212,7 @@ 'role:plan.manager' => [ 'plan.read', 'plan.create', 'plan.update', 'plan.delete', 'plan.force-read', 'price.read', 'price.update', 'price.delete', 'price.create', + 'plan.set-note', ], 'role:plan.master' => [ 'role:plan.manager', diff --git a/tests/unit/CheckAccessTrait.php b/tests/unit/CheckAccessTrait.php index b333cc6..ee77ef6 100644 --- a/tests/unit/CheckAccessTrait.php +++ b/tests/unit/CheckAccessTrait.php @@ -169,6 +169,7 @@ public function testAdmin() 'server.read', 'server.control-power', 'server.control-system', 'server.wizzard', 'server.set-label', 'server.set-note', 'server.manage-settings', 'server.see-label', 'server.move-disks', + 'server.wizzard-read', 'server.read-legend', 'server.read-all', 'hub.read', 'hub.update', 'consumption.read', @@ -198,6 +199,7 @@ public function testStaffAdmin() $this->assertAccesses('role:staff-admin', [ 'access-subclients', 'support', 'admin', 'server.create', 'server.update', 'server.delete', + 'server.wizzard-read', 'server.read-legend', 'server.read-all', 'access-subclients', 'support', 'admin', 'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete', 'client.read', 'client.list', @@ -208,7 +210,7 @@ public function testStaffAdmin() 'server.read', 'server.control-power', 'server.control-system', 'server.wizzard', 'server.set-label', 'server.set-note', 'server.manage-settings', - 'server.see-label', 'server.move-disks', + 'server.see-label', 'server.move-disks', 'server.asssign-hub', 'hub.read', 'hub.create', 'hub.update', 'hub.delete', 'consumption.read', @@ -275,6 +277,8 @@ public function testAccounter() 'vhost.read', 'vhost.create', 'vhost.update', 'vhost.delete', 'ip.read', 'service.read', 'client.notify', 'blacklist.read', 'blacklist.create', 'blacklist.update', 'blacklist.delete', + 'purse.set-credit','server.wizzard-read','server.read-legend','server.read-all','server.read-manager', + 'server.read-billing','charge.read','plan.set-note', ]); } @@ -314,6 +318,8 @@ public function testManager() 'vhost.read', 'vhost.create', 'vhost.update', 'vhost.delete', 'ip.read', 'service.read', 'client.notify', 'blacklist.read', 'blacklist.create', 'blacklist.update', 'blacklist.delete', + 'purse.set-credit','server.wizzard-read','server.read-legend','server.read-all','server.read-manager', + 'server.read-billing','charge.read','plan.set-note', ]); } @@ -354,6 +360,8 @@ public function testReseller() 'ip.read', 'service.read', 'client.notify', 'integration.read', 'integration.create', 'integration.update', 'integration.delete', 'blacklist.read', 'blacklist.create', 'blacklist.update', 'blacklist.delete', + 'purse.set-credit','server.wizzard-read','server.read-legend','server.read-all','server.read-manager', + 'server.read-billing','charge.read','plan.set-note', ]); } @@ -423,6 +431,9 @@ public function testMighty() 'ip.read', 'ip.create', 'ip.update', 'ip.delete', 'service.read', 'service.create', 'service.update', 'service.delete', 'blacklist.read', 'blacklist.create', 'blacklist.update', 'blacklist.delete', + + 'purse.set-credit','server.wizzard-read','server.read-legend','server.read-all','server.read-manager', + 'server.read-billing','server.asssign-hub','charge.read','plan.set-note', ]); } @@ -490,6 +501,8 @@ public function testAlmighty() 'costprice.read', 'costprice.create', 'costprice.update', 'costprice.delete', 'pnl.read', 'pnl.read-expenses', 'pnl.update', 'blacklist.read', 'blacklist.create', 'blacklist.update', 'blacklist.delete', + 'purse.set-credit','server.wizzard-read','server.read-legend','server.read-all','server.read-manager', + 'server.read-billing','server.asssign-hub','charge.read','plan.set-note', ]); } From 22d73edd8a9e98d4efee0c8b93391e0cefae524c Mon Sep 17 00:00:00 2001 From: Yurii Myronchuk Date: Mon, 28 Oct 2024 13:44:48 +0000 Subject: [PATCH 08/16] rename role --- src/files/items.php | 6 +++--- src/files/source/metadata.php | 2 +- src/files/source/tree.php | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/files/items.php b/src/files/items.php index 9afa52b..1b8c81d 100644 --- a/src/files/items.php +++ b/src/files/items.php @@ -126,7 +126,7 @@ 'server.read-billing', ], ], - 'role:staff-server.admin' => [ + 'role:server.staff-admin' => [ 'type' => 1, 'description' => 'The role is generally assigned to staff who are in charge of client\'s servers administration', 'children' => [ @@ -141,7 +141,7 @@ 'type' => 1, 'description' => 'The role is generally assigned to staff who have exceptionally high permissions on servers management', 'children' => [ - 'role:staff-server.admin', + 'role:server.staff-admin', 'role:server.manager', ], ], @@ -876,7 +876,7 @@ 'description' => 'The role is generally assigned to staff who are in charge for the technical management of the resources', 'children' => [ 'role:admin', - 'role:staff-server.admin', + 'role:server.staff-admin', 'role:staff-hub.admin', ], ], diff --git a/src/files/source/metadata.php b/src/files/source/metadata.php index 8cceb4b..fc4cced 100644 --- a/src/files/source/metadata.php +++ b/src/files/source/metadata.php @@ -34,7 +34,7 @@ 'role:server.admin' => [ 'description' => 'The role is generally assigned to reseller client who are in charge of client\'s servers administration', ], - 'role:staff-server.admin' => [ + 'role:server.staff-admin' => [ 'description' => 'The role is generally assigned to staff who are in charge of client\'s servers administration', ], 'role:server.manager' => [ diff --git a/src/files/source/tree.php b/src/files/source/tree.php index d6dbb1b..07f0dfc 100644 --- a/src/files/source/tree.php +++ b/src/files/source/tree.php @@ -54,7 +54,7 @@ 'server.read-manager', 'server.read-billing', ], - 'role:staff-server.admin' => [ + 'role:server.staff-admin' => [ 'role:server.admin', 'server.create', 'server.delete', @@ -62,7 +62,7 @@ 'server.asssign-hub', ], 'role:server.master' => [ - 'role:staff-server.admin', 'role:server.manager', + 'role:server.staff-admin', 'role:server.manager', ], 'role:hub.user' => [ 'hub.read', @@ -380,7 +380,7 @@ ], 'role:staff-admin' => [ 'role:admin', - 'role:staff-server.admin', + 'role:server.staff-admin', 'role:staff-hub.admin', ], 'role:accounter' => [ From d6d2e73ca1530f1bef0a97adcc1286fa697d3839 Mon Sep 17 00:00:00 2001 From: Yurii Myronchuk Date: Mon, 28 Oct 2024 13:46:00 +0000 Subject: [PATCH 09/16] rename role --- src/files/items.php | 6 +++--- src/files/source/metadata.php | 2 +- src/files/source/tree.php | 6 +++--- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/files/items.php b/src/files/items.php index 1b8c81d..0d7a4b9 100644 --- a/src/files/items.php +++ b/src/files/items.php @@ -160,7 +160,7 @@ 'hub.update', ], ], - 'role:staff-hub.admin' => [ + 'role:hub.staff-admin' => [ 'type' => 1, 'description' => 'The role is generally assigned to staff who are in charge of client\'s hubs administration', 'children' => [ @@ -181,7 +181,7 @@ 'type' => 1, 'description' => 'The role is generally assigned to staff who have exceptionally high permissions on hubs management', 'children' => [ - 'role:staff-hub.admin', + 'role:hub.staff-admin', 'role:hub.manager', ], ], @@ -877,7 +877,7 @@ 'children' => [ 'role:admin', 'role:server.staff-admin', - 'role:staff-hub.admin', + 'role:hub.staff-admin', ], ], 'role:accounter' => [ diff --git a/src/files/source/metadata.php b/src/files/source/metadata.php index fc4cced..8f3ad0b 100644 --- a/src/files/source/metadata.php +++ b/src/files/source/metadata.php @@ -49,7 +49,7 @@ 'role:hub.admin' => [ 'description' => 'The role is generally assigned to reseller staff who are in charge of client\'s hubs administration', ], - 'role:staff-hub.admin' => [ + 'role:hub.staff-admin' => [ 'description' => 'The role is generally assigned to staff who are in charge of client\'s hubs administration', ], 'role:hub.manager' => [ diff --git a/src/files/source/tree.php b/src/files/source/tree.php index 07f0dfc..1e63ba4 100644 --- a/src/files/source/tree.php +++ b/src/files/source/tree.php @@ -70,14 +70,14 @@ 'role:hub.admin' => [ 'hub.read', 'hub.update', ], - 'role:staff-hub.admin' => [ + 'role:hub.staff-admin' => [ 'role:hub.admin', 'hub.create', 'hub.delete', ], 'role:hub.manager' => [ 'hub.read', 'hub.sell', ], 'role:hub.master' => [ - 'role:staff-hub.admin', 'role:hub.manager', + 'role:hub.staff-admin', 'role:hub.manager', ], 'role:consumption.user' => [ 'consumption.read', @@ -381,7 +381,7 @@ 'role:staff-admin' => [ 'role:admin', 'role:server.staff-admin', - 'role:staff-hub.admin', + 'role:hub.staff-admin', ], 'role:accounter' => [ 'role:manager', From a96b1461ca429ba96507d4937695a481a95de44a Mon Sep 17 00:00:00 2001 From: Yurii Myronchuk Date: Mon, 28 Oct 2024 14:11:01 +0000 Subject: [PATCH 10/16] change --- src/files/items.php | 9 +++++---- src/files/source/metadata.php | 10 +++++----- src/files/source/tree.php | 4 ++-- tests/unit/CheckAccessTrait.php | 14 +++++++------- 4 files changed, 19 insertions(+), 18 deletions(-) diff --git a/src/files/items.php b/src/files/items.php index 0d7a4b9..b113ed7 100644 --- a/src/files/items.php +++ b/src/files/items.php @@ -97,7 +97,7 @@ 'description' => 'The role is generally assigned to reseller client who are in charge of client\'s servers administration', 'children' => [ 'role:server.user', - 'server.wizzard-read', + 'server.read-wizzard', 'server.read-legend', 'server.read-all', 'server.wizzard', @@ -113,7 +113,7 @@ 'description' => 'The role is generally assigned to staff who are in charge of client\'s servers management', 'children' => [ 'role:server.user', - 'server.wizzard-read', + 'server.read-wizzard', 'server.enable-block', 'server.disable-block', 'server.pay', @@ -1287,6 +1287,7 @@ ], 'purse.set-credit' => [ 'type' => 2, + 'description' => 'Allows set credit to the purse', ], 'deny:purse.set-credit' => [ 'type' => 2, @@ -1412,11 +1413,11 @@ 'type' => 2, 'description' => 'Prohibits set-note operation on the server', ], - 'server.wizzard-read' => [ + 'server.read-wizzard' => [ 'type' => 2, 'description' => 'Allows reading info about wizzarding of the server', ], - 'deny:server.wizzard-read' => [ + 'deny:server.read-wizzard' => [ 'type' => 2, 'description' => 'Prohibits reading of the info about wizzarding of server', ], diff --git a/src/files/source/metadata.php b/src/files/source/metadata.php index 8f3ad0b..f6403ae 100644 --- a/src/files/source/metadata.php +++ b/src/files/source/metadata.php @@ -1030,11 +1030,11 @@ 'deny:server.read-billing' => [ 'description' => 'Prohibits reading of tariff and sale information of server', ], - 'deny:server.wizzard-read' => [ + 'deny:server.read-wizzard' => [ 'description' => 'Prohibits reading of the info about wizzarding of server', ], 'deny:server.read-legend' => [ - 'description' => 'Prohibits reading label of the server', + 'description' => 'Prohibits reading legend of the server', ], 'deny:server.sell' => [ 'description' => 'Prohibits selling of the server', @@ -1393,7 +1393,7 @@ 'purse.update' => [ 'description' => 'Allows updating of the purse', ], - 'purse.st-credit' => [ + 'purse.set-credit' => [ 'description' => 'Allows set credit to the purse', ], 'ref.view.not-used' => [ @@ -1471,11 +1471,11 @@ 'server.read-all' => [ 'description' => 'Allows reading of extended data of the server', ], - 'server.wizzard-read' => [ + 'server.read-wizzard' => [ 'description' => 'Allows reading info about wizzarding of the server', ], 'server.read-legend' => [ - 'description' => 'Prohibits reading of the server', + 'description' => 'Prohibits reading legend of the server', ], 'server.read-billing' => [ 'description' => 'Allow reading of tariff and sale information of server', diff --git a/src/files/source/tree.php b/src/files/source/tree.php index 1e63ba4..a1f7baa 100644 --- a/src/files/source/tree.php +++ b/src/files/source/tree.php @@ -37,7 +37,7 @@ ], 'role:server.admin' => [ 'role:server.user', - 'server.wizzard-read', + 'server.read-wizzard', 'server.read-legend', 'server.read-all', 'server.wizzard', 'server.set-label', 'consumption.read', 'server.manage-settings', @@ -45,7 +45,7 @@ ], 'role:server.manager' => [ 'role:server.user', - 'server.wizzard-read', + 'server.read-wizzard', 'server.enable-block', 'server.disable-block', 'server.pay', 'server.sell', 'server.set-label', 'server.see-label', diff --git a/tests/unit/CheckAccessTrait.php b/tests/unit/CheckAccessTrait.php index ee77ef6..fa4dd15 100644 --- a/tests/unit/CheckAccessTrait.php +++ b/tests/unit/CheckAccessTrait.php @@ -169,7 +169,7 @@ public function testAdmin() 'server.read', 'server.control-power', 'server.control-system', 'server.wizzard', 'server.set-label', 'server.set-note', 'server.manage-settings', 'server.see-label', 'server.move-disks', - 'server.wizzard-read', 'server.read-legend', 'server.read-all', + 'server.read-wizzard', 'server.read-legend', 'server.read-all', 'hub.read', 'hub.update', 'consumption.read', @@ -199,7 +199,7 @@ public function testStaffAdmin() $this->assertAccesses('role:staff-admin', [ 'access-subclients', 'support', 'admin', 'server.create', 'server.update', 'server.delete', - 'server.wizzard-read', 'server.read-legend', 'server.read-all', + 'server.read-wizzard', 'server.read-legend', 'server.read-all', 'access-subclients', 'support', 'admin', 'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete', 'client.read', 'client.list', @@ -277,7 +277,7 @@ public function testAccounter() 'vhost.read', 'vhost.create', 'vhost.update', 'vhost.delete', 'ip.read', 'service.read', 'client.notify', 'blacklist.read', 'blacklist.create', 'blacklist.update', 'blacklist.delete', - 'purse.set-credit','server.wizzard-read','server.read-legend','server.read-all','server.read-manager', + 'purse.set-credit','server.read-wizzard','server.read-legend','server.read-all','server.read-manager', 'server.read-billing','charge.read','plan.set-note', ]); } @@ -318,7 +318,7 @@ public function testManager() 'vhost.read', 'vhost.create', 'vhost.update', 'vhost.delete', 'ip.read', 'service.read', 'client.notify', 'blacklist.read', 'blacklist.create', 'blacklist.update', 'blacklist.delete', - 'purse.set-credit','server.wizzard-read','server.read-legend','server.read-all','server.read-manager', + 'purse.set-credit','server.read-wizzard','server.read-legend','server.read-all','server.read-manager', 'server.read-billing','charge.read','plan.set-note', ]); } @@ -360,7 +360,7 @@ public function testReseller() 'ip.read', 'service.read', 'client.notify', 'integration.read', 'integration.create', 'integration.update', 'integration.delete', 'blacklist.read', 'blacklist.create', 'blacklist.update', 'blacklist.delete', - 'purse.set-credit','server.wizzard-read','server.read-legend','server.read-all','server.read-manager', + 'purse.set-credit','server.read-wizzard','server.read-legend','server.read-all','server.read-manager', 'server.read-billing','charge.read','plan.set-note', ]); } @@ -432,7 +432,7 @@ public function testMighty() 'service.read', 'service.create', 'service.update', 'service.delete', 'blacklist.read', 'blacklist.create', 'blacklist.update', 'blacklist.delete', - 'purse.set-credit','server.wizzard-read','server.read-legend','server.read-all','server.read-manager', + 'purse.set-credit','server.read-wizzard','server.read-legend','server.read-all','server.read-manager', 'server.read-billing','server.asssign-hub','charge.read','plan.set-note', ]); } @@ -501,7 +501,7 @@ public function testAlmighty() 'costprice.read', 'costprice.create', 'costprice.update', 'costprice.delete', 'pnl.read', 'pnl.read-expenses', 'pnl.update', 'blacklist.read', 'blacklist.create', 'blacklist.update', 'blacklist.delete', - 'purse.set-credit','server.wizzard-read','server.read-legend','server.read-all','server.read-manager', + 'purse.set-credit','server.read-wizzard','server.read-legend','server.read-all','server.read-manager', 'server.read-billing','server.asssign-hub','charge.read','plan.set-note', ]); } From fe0cec4fa630437435fffefef9f498172b1759c0 Mon Sep 17 00:00:00 2001 From: Yurii Myronchuk Date: Sun, 10 Nov 2024 22:59:08 +0000 Subject: [PATCH 11/16] change permisions names --- src/files/items.php | 24 ++++++++++++++++-------- src/files/source/metadata.php | 14 ++++++++++---- src/files/source/tree.php | 4 ++-- tests/unit/CheckAccessTrait.php | 14 +++++++------- 4 files changed, 35 insertions(+), 21 deletions(-) diff --git a/src/files/items.php b/src/files/items.php index b113ed7..0f5a1e8 100644 --- a/src/files/items.php +++ b/src/files/items.php @@ -99,7 +99,7 @@ 'role:server.user', 'server.read-wizzard', 'server.read-legend', - 'server.read-all', + 'server.read-system-info', 'server.wizzard', 'server.set-label', 'consumption.read', @@ -121,7 +121,7 @@ 'server.set-label', 'server.see-label', 'server.read-legend', - 'server.read-all', + 'server.read-financial-info', 'server.read-manager', 'server.read-billing', ], @@ -1423,19 +1423,19 @@ ], 'server.read-legend' => [ 'type' => 2, - 'description' => 'Prohibits reading of the server', + 'description' => 'Prohibits reading legend of the server', ], 'deny:server.read-legend' => [ 'type' => 2, - 'description' => 'Prohibits reading label of the server', + 'description' => 'Prohibits reading legend of the server', ], - 'server.read-all' => [ + 'server.read-system-info' => [ 'type' => 2, - 'description' => 'Allows reading of extended data of the server', + 'description' => 'Allows reading system info of the server', ], - 'deny:server.read-all' => [ + 'deny:server.read-system-info' => [ 'type' => 2, - 'description' => 'Prohibits reading of extended data fo the server', + 'description' => 'Prohibits reading system info of the server', ], 'server.wizzard' => [ 'type' => 2, @@ -1509,6 +1509,14 @@ 'type' => 2, 'description' => 'Prohibits selling of the server', ], + 'server.read-financial-info' => [ + 'type' => 2, + 'description' => 'Allows reading financial info of the server', + ], + 'deny:server.read-financial-info' => [ + 'type' => 2, + 'description' => 'Prohibits reading financial info of the server', + ], 'server.read-manager' => [ 'type' => 2, ], diff --git a/src/files/source/metadata.php b/src/files/source/metadata.php index f6403ae..e00b933 100644 --- a/src/files/source/metadata.php +++ b/src/files/source/metadata.php @@ -1024,8 +1024,11 @@ 'deny:server.read' => [ 'description' => 'Prohibits reading of the server', ], - 'deny:server.read-all' => [ - 'description' => 'Prohibits reading of extended data fo the server', + 'deny:server.read-financial-info' => [ + 'description' => 'Prohibits reading financial info of the server', + ], + 'deny:server.read-system-info' => [ + 'description' => 'Prohibits reading system info of the server', ], 'deny:server.read-billing' => [ 'description' => 'Prohibits reading of tariff and sale information of server', @@ -1468,8 +1471,11 @@ 'server.read' => [ 'description' => 'Allows reading of the server', ], - 'server.read-all' => [ - 'description' => 'Allows reading of extended data of the server', + 'server.read-financial-info' => [ + 'description' => 'Allows reading financial info of the server', + ], + 'server.read-system-info' => [ + 'description' => 'Allows reading system info of the server', ], 'server.read-wizzard' => [ 'description' => 'Allows reading info about wizzarding of the server', diff --git a/src/files/source/tree.php b/src/files/source/tree.php index a1f7baa..5dd9789 100644 --- a/src/files/source/tree.php +++ b/src/files/source/tree.php @@ -39,7 +39,7 @@ 'role:server.user', 'server.read-wizzard', 'server.read-legend', - 'server.read-all', + 'server.read-system-info', 'server.wizzard', 'server.set-label', 'consumption.read', 'server.manage-settings', 'server.see-label', 'server.move-disks', ], @@ -50,7 +50,7 @@ 'server.pay', 'server.sell', 'server.set-label', 'server.see-label', 'server.read-legend', - 'server.read-all', + 'server.read-financial-info', 'server.read-manager', 'server.read-billing', ], diff --git a/tests/unit/CheckAccessTrait.php b/tests/unit/CheckAccessTrait.php index fa4dd15..5c7daa9 100644 --- a/tests/unit/CheckAccessTrait.php +++ b/tests/unit/CheckAccessTrait.php @@ -169,7 +169,7 @@ public function testAdmin() 'server.read', 'server.control-power', 'server.control-system', 'server.wizzard', 'server.set-label', 'server.set-note', 'server.manage-settings', 'server.see-label', 'server.move-disks', - 'server.read-wizzard', 'server.read-legend', 'server.read-all', + 'server.read-wizzard', 'server.read-legend', 'server.read-system-info', 'hub.read', 'hub.update', 'consumption.read', @@ -199,7 +199,7 @@ public function testStaffAdmin() $this->assertAccesses('role:staff-admin', [ 'access-subclients', 'support', 'admin', 'server.create', 'server.update', 'server.delete', - 'server.read-wizzard', 'server.read-legend', 'server.read-all', + 'server.read-wizzard', 'server.read-legend', 'server.read-system-info', 'access-subclients', 'support', 'admin', 'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete', 'client.read', 'client.list', @@ -277,7 +277,7 @@ public function testAccounter() 'vhost.read', 'vhost.create', 'vhost.update', 'vhost.delete', 'ip.read', 'service.read', 'client.notify', 'blacklist.read', 'blacklist.create', 'blacklist.update', 'blacklist.delete', - 'purse.set-credit','server.read-wizzard','server.read-legend','server.read-all','server.read-manager', + 'purse.set-credit','server.read-wizzard','server.read-legend', 'server.read-financial-info', 'server.read-manager', 'server.read-billing','charge.read','plan.set-note', ]); } @@ -318,7 +318,7 @@ public function testManager() 'vhost.read', 'vhost.create', 'vhost.update', 'vhost.delete', 'ip.read', 'service.read', 'client.notify', 'blacklist.read', 'blacklist.create', 'blacklist.update', 'blacklist.delete', - 'purse.set-credit','server.read-wizzard','server.read-legend','server.read-all','server.read-manager', + 'purse.set-credit','server.read-wizzard','server.read-legend','server.read-financial-info','server.read-manager', 'server.read-billing','charge.read','plan.set-note', ]); } @@ -360,7 +360,7 @@ public function testReseller() 'ip.read', 'service.read', 'client.notify', 'integration.read', 'integration.create', 'integration.update', 'integration.delete', 'blacklist.read', 'blacklist.create', 'blacklist.update', 'blacklist.delete', - 'purse.set-credit','server.read-wizzard','server.read-legend','server.read-all','server.read-manager', + 'purse.set-credit','server.read-wizzard','server.read-legend','server.read-financial-info', 'server.read-manager', 'server.read-billing','charge.read','plan.set-note', ]); } @@ -432,7 +432,7 @@ public function testMighty() 'service.read', 'service.create', 'service.update', 'service.delete', 'blacklist.read', 'blacklist.create', 'blacklist.update', 'blacklist.delete', - 'purse.set-credit','server.read-wizzard','server.read-legend','server.read-all','server.read-manager', + 'purse.set-credit','server.read-wizzard','server.read-legend','server.read-system-info', 'server.read-financial-info', 'server.read-manager', 'server.read-billing','server.asssign-hub','charge.read','plan.set-note', ]); } @@ -501,7 +501,7 @@ public function testAlmighty() 'costprice.read', 'costprice.create', 'costprice.update', 'costprice.delete', 'pnl.read', 'pnl.read-expenses', 'pnl.update', 'blacklist.read', 'blacklist.create', 'blacklist.update', 'blacklist.delete', - 'purse.set-credit','server.read-wizzard','server.read-legend','server.read-all','server.read-manager', + 'purse.set-credit','server.read-wizzard','server.read-legend','server.read-financial-info', 'server.read-system-info', 'server.read-manager', 'server.read-billing','server.asssign-hub','charge.read','plan.set-note', ]); } From c410451db8e35b617e28a9c4e58cdab05eec28ed Mon Sep 17 00:00:00 2001 From: Yurii Myronchuk Date: Wed, 13 Nov 2024 11:41:09 +0000 Subject: [PATCH 12/16] change --- src/files/items.php | 2 +- src/files/source/metadata.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/files/items.php b/src/files/items.php index 18958c2..b805600 100644 --- a/src/files/items.php +++ b/src/files/items.php @@ -861,7 +861,7 @@ ], 'role:admin' => [ 'type' => 1, - 'description' => 'The role is generally assigned to reseller\'s client who are in charge for the technical management of the resources', + 'description' => 'The role is generally assigned to reseller\'s clients who are in charge of the technical management of the resources', 'children' => [ 'admin', 'role:support', diff --git a/src/files/source/metadata.php b/src/files/source/metadata.php index 96f9bf5..d9d3732 100644 --- a/src/files/source/metadata.php +++ b/src/files/source/metadata.php @@ -233,7 +233,7 @@ 'description' => 'The role is generally assigned to staff who are in charge of customer support', ], 'role:admin' => [ - 'description' => 'The role is generally assigned to reseller\'s client who are in charge for the technical management of the resources', + 'description' => 'The role is generally assigned to reseller\'s clients who are in charge of the technical management of the resources', ], 'role:staff-admin' => [ 'description' => 'The role is generally assigned to staff who are in charge for the technical management of the resources', From b4efe775de2539d0fd99a3d01692aecb098bd88d Mon Sep 17 00:00:00 2001 From: Yurii Myronchuk Date: Wed, 13 Nov 2024 12:05:42 +0000 Subject: [PATCH 13/16] change --- src/files/items.php | 2 ++ src/files/source/metadata.php | 6 ++++++ tests/unit/CheckAccessTrait.php | 1 - 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/src/files/items.php b/src/files/items.php index b805600..ed681af 100644 --- a/src/files/items.php +++ b/src/files/items.php @@ -1519,9 +1519,11 @@ ], 'server.read-manager' => [ 'type' => 2, + 'description' => 'Allows reading manager info of the server', ], 'deny:server.read-manager' => [ 'type' => 2, + 'description' => 'Prohibits reading manager info of the server', ], 'server.read-billing' => [ 'type' => 2, diff --git a/src/files/source/metadata.php b/src/files/source/metadata.php index d9d3732..2749994 100644 --- a/src/files/source/metadata.php +++ b/src/files/source/metadata.php @@ -1039,6 +1039,9 @@ 'deny:server.read-legend' => [ 'description' => 'Prohibits reading legend of the server', ], + 'deny:server.read-manager' => [ + 'description' => 'Prohibits reading manager info of the server', + ], 'deny:server.sell' => [ 'description' => 'Prohibits selling of the server', ], @@ -1486,6 +1489,9 @@ 'server.read-billing' => [ 'description' => 'Allow reading of tariff and sale information of server', ], + 'server.read-manager' => [ + 'description' => 'Allows reading manager info of the server', + ], 'server.sell' => [ 'description' => 'Allows selling of the server', ], diff --git a/tests/unit/CheckAccessTrait.php b/tests/unit/CheckAccessTrait.php index 7df5b59..fc50b8e 100644 --- a/tests/unit/CheckAccessTrait.php +++ b/tests/unit/CheckAccessTrait.php @@ -200,7 +200,6 @@ public function testStaffAdmin() 'access-subclients', 'support', 'admin', 'server.create', 'server.update', 'server.delete', 'server.read-wizzard', 'server.read-legend', 'server.read-system-info', - 'access-subclients', 'support', 'admin', 'ticket.read', 'ticket.create', 'ticket.answer', 'ticket.close', 'ticket.update', 'ticket.delete', 'client.read', 'client.list', 'domain.read', 'domain.update', 'domain.delete-agp', 'domain.set-nss', From e67c7b80a775229bccd757688a5831325f1f3860 Mon Sep 17 00:00:00 2001 From: Yurii Myronchuk Date: Sun, 17 Nov 2024 18:40:07 +0000 Subject: [PATCH 14/16] HP-2069: add new permissions --- src/files/items.php | 108 +++++++++++++++++++++++++++++--- src/files/source/metadata.php | 72 +++++++++++++++++++-- src/files/source/tree.php | 8 ++- tests/unit/CheckAccessTrait.php | 30 +++++++-- 4 files changed, 196 insertions(+), 22 deletions(-) diff --git a/src/files/items.php b/src/files/items.php index ed681af..b164dc5 100644 --- a/src/files/items.php +++ b/src/files/items.php @@ -24,6 +24,7 @@ 'children' => [ 'client.read', 'client.list', + 'client.read-ip', ], ], 'role:client.manager' => [ @@ -39,6 +40,10 @@ 'client.unblock', 'client.get-note', 'client.set-note', + 'client.read-financial-info', + 'client.read-requisite', + 'client.read-referral', + 'client.read-deleted', 'purse.update', 'purse.read', 'purse.set-credit', @@ -122,7 +127,6 @@ 'server.see-label', 'server.read-legend', 'server.read-financial-info', - 'server.read-manager', 'server.read-billing', ], ], @@ -785,6 +789,7 @@ 'children' => [ 'role:stock.user', 'role:move.manager', + 'part.read-administrative', ], ], 'role:stock.manager' => [ @@ -1095,6 +1100,11 @@ 'role:ticket.user', 'ticket.update', 'ticket.delete', + 'ticket.read-templates', + 'ticket.read-statistics', + 'ticket.set-private', + 'ticket.set-recipient', + 'ticket.set-time', ], ], 'role:beta-tester' => [ @@ -1205,6 +1215,14 @@ 'type' => 2, 'description' => 'Prohibits listing of the client', ], + 'client.read-ip' => [ + 'type' => 2, + 'description' => 'Allows viewing client\'s IP', + ], + 'deny:client.read-ip' => [ + 'type' => 2, + 'description' => 'Prohibits viewing client\'s IP', + ], 'client.create' => [ 'type' => 2, 'description' => 'Allows creating of the client', @@ -1269,6 +1287,38 @@ 'type' => 2, 'description' => 'Prohibits set-note operation on the client', ], + 'client.read-financial-info' => [ + 'type' => 2, + 'description' => 'Allows viewing client\'s financial info', + ], + 'deny:client.read-financial-info' => [ + 'type' => 2, + 'description' => 'Prohibits viewing client\'s financial info', + ], + 'client.read-requisite' => [ + 'type' => 2, + 'description' => 'Allows viewing setted requisite to client', + ], + 'deny:client.read-requisite' => [ + 'type' => 2, + 'description' => 'Prohibits viewing setted requisite to client', + ], + 'client.read-referral' => [ + 'type' => 2, + 'description' => 'Allows viewing client\'s referral', + ], + 'deny:client.read-referral' => [ + 'type' => 2, + 'description' => 'Prohibits viewing client\'s referral', + ], + 'client.read-deleted' => [ + 'type' => 2, + 'description' => 'Allows viewing deleted clients', + ], + 'deny:client.read-deleted' => [ + 'type' => 2, + 'description' => 'Prohibits viewing deleted clients', + ], 'purse.update' => [ 'type' => 2, 'description' => 'Allows updating of the purse', @@ -1517,14 +1567,6 @@ 'type' => 2, 'description' => 'Prohibits reading financial info of the server', ], - 'server.read-manager' => [ - 'type' => 2, - 'description' => 'Allows reading manager info of the server', - ], - 'deny:server.read-manager' => [ - 'type' => 2, - 'description' => 'Prohibits reading manager info of the server', - ], 'server.read-billing' => [ 'type' => 2, 'description' => 'Allow reading of tariff and sale information of server', @@ -2575,6 +2617,14 @@ 'type' => 2, 'description' => 'Prohibits reading of the stock', ], + 'part.read-administrative' => [ + 'type' => 2, + 'description' => 'Allows reading administrative data of the part', + ], + 'deny:part.read-administrative' => [ + 'type' => 2, + 'description' => 'Prohibits reading admin data of the parts', + ], 'have-goods' => [ 'type' => 2, 'description' => 'Allows have-goods operation', @@ -2951,6 +3001,46 @@ 'type' => 2, 'description' => 'Prohibits deleting of the ticket', ], + 'ticket.read-templates' => [ + 'type' => 2, + 'description' => 'Allows viewing ticket templates', + ], + 'deny:ticket.read-templates' => [ + 'type' => 2, + 'description' => 'Prohibits viewing ticket templates', + ], + 'ticket.read-statistics' => [ + 'type' => 2, + 'description' => 'Allows viewing tickets statistics', + ], + 'deny:ticket.read-statistics' => [ + 'type' => 2, + 'description' => 'Prohibits viewing tickets statistics', + ], + 'ticket.set-private' => [ + 'type' => 2, + 'description' => 'Allows setting `private` to answer', + ], + 'deny:ticket.set-private' => [ + 'type' => 2, + 'description' => 'Prohibits setting `private` to answer', + ], + 'ticket.set-recipient' => [ + 'type' => 2, + 'description' => 'Allows setting ticket\'s recipient', + ], + 'deny:ticket.set-recipient' => [ + 'type' => 2, + 'description' => 'Prohibits setting ticket\'s recipient', + ], + 'ticket.set-time' => [ + 'type' => 2, + 'description' => 'Allows setting spent time to ticket', + ], + 'deny:ticket.set-time' => [ + 'type' => 2, + 'description' => 'Prohibits setting spent time to ticket', + ], 'test.beta' => [ 'type' => 2, 'description' => 'Allows betaing of the test', diff --git a/src/files/source/metadata.php b/src/files/source/metadata.php index 2749994..7d40704 100644 --- a/src/files/source/metadata.php +++ b/src/files/source/metadata.php @@ -433,6 +433,21 @@ 'client.update' => [ 'description' => 'Allows updating of the client', ], + 'client.read-ip' => [ + 'description' => 'Allows viewing client\'s IP', + ], + 'client.read-financial-info' => [ + 'description' => 'Allows viewing client\'s financial info', + ], + 'client.read-requisite' => [ + 'description' => 'Allows viewing setted requisite to client', + ], + 'client.read-referral' => [ + 'description' => 'Allows viewing client\'s referral', + ], + 'client.read-deleted' => [ + 'description' => 'Allows viewing deleted clients', + ], 'config.create' => [ 'description' => 'Allows creating of the config', ], @@ -919,6 +934,9 @@ 'deny:part.update' => [ 'description' => 'Prohibits updating of the part', ], + 'deny:part.read-administrative' => [ + 'description' => 'Prohibits reading admin data of the parts', + ], 'deny:plan.create' => [ 'description' => 'Prohibits creating of the plan', ], @@ -1039,9 +1057,6 @@ 'deny:server.read-legend' => [ 'description' => 'Prohibits reading legend of the server', ], - 'deny:server.read-manager' => [ - 'description' => 'Prohibits reading manager info of the server', - ], 'deny:server.sell' => [ 'description' => 'Prohibits selling of the server', ], @@ -1102,6 +1117,21 @@ 'deny:ticket.update' => [ 'description' => 'Prohibits updating of the ticket', ], + 'deny:ticket.read-templates' => [ + 'description' => 'Prohibits viewing ticket templates', + ], + 'deny:ticket.read-statistics' => [ + 'description' => 'Prohibits viewing tickets statistics', + ], + 'deny:ticket.set-private' => [ + 'description' => 'Prohibits setting `private` to answer', + ], + 'deny:ticket.set-recipient' => [ + 'description' => 'Prohibits setting ticket\'s recipient', + ], + 'deny:ticket.set-time' => [ + 'description' => 'Prohibits setting spent time to ticket', + ], 'deny:vhost.create' => [ 'description' => 'Prohibits creating of the vhost', ], @@ -1366,6 +1396,9 @@ 'part.update' => [ 'description' => 'Allows updating of the part', ], + 'part.read-administrative' => [ + 'description' => 'Allows reading administrative data of the part', + ], 'plan.create' => [ 'description' => 'Allows creating of the plan', ], @@ -1489,9 +1522,6 @@ 'server.read-billing' => [ 'description' => 'Allow reading of tariff and sale information of server', ], - 'server.read-manager' => [ - 'description' => 'Allows reading manager info of the server', - ], 'server.sell' => [ 'description' => 'Allows selling of the server', ], @@ -1555,6 +1585,21 @@ 'ticket.update' => [ 'description' => 'Allows updating of the ticket', ], + 'ticket.read-templates' => [ + 'description' => 'Allows viewing ticket templates', + ], + 'ticket.read-statistics' => [ + 'description' => 'Allows viewing tickets statistics', + ], + 'ticket.set-private' => [ + 'description' => 'Allows setting `private` to answer', + ], + 'ticket.set-recipient' => [ + 'description' => 'Allows setting ticket\'s recipient', + ], + 'ticket.set-time' => [ + 'description' => 'Allows setting spent time to ticket', + ], 'vhost.create' => [ 'description' => 'Allows creating of the vhost', ], @@ -1591,6 +1636,21 @@ 'deny:client.notify' => [ 'description' => 'Prohibits notifying of the client', ], + 'deny:client.read-ip' => [ + 'description' => 'Prohibits viewing client\'s IP', + ], + 'deny:client.read-financial-info' => [ + 'description' => 'Prohibits viewing client\'s financial info', + ], + 'deny:client.read-requisite' => [ + 'description' => 'Prohibits viewing setted requisite to client', + ], + 'deny:client.read-referral' => [ + 'description' => 'Prohibits viewing client\'s referral', + ], + 'deny:client.read-deleted' => [ + 'description' => 'Prohibits viewing deleted clients', + ], 'deny:part.read-all-hierarchy' => [ 'description' => 'Prohibits read-all-hierarchy operation on the part', ], diff --git a/src/files/source/tree.php b/src/files/source/tree.php index 03f34fa..d3a3ab1 100644 --- a/src/files/source/tree.php +++ b/src/files/source/tree.php @@ -9,12 +9,14 @@ ], // CLIENT MODULE 'role:client.support' => [ - 'client.read', 'client.list', + 'client.read', 'client.list', 'client.read-ip', ], 'role:client.manager' => [ 'role:client.support', 'client.create', 'client.update', 'client.delete', 'contact.set-verified', 'client.block', 'client.unblock', 'client.get-note', 'client.set-note', + 'client.read-financial-info', 'client.read-requisite', 'client.read-referral', + 'client.read-deleted', 'purse.update', 'purse.read', 'purse.set-credit', ], @@ -51,7 +53,6 @@ 'server.see-label', 'server.read-legend', 'server.read-financial-info', - 'server.read-manager', 'server.read-billing', ], 'role:server.staff-admin' => [ @@ -325,6 +326,7 @@ 'role:stock.admin' => [ 'role:stock.user', 'role:move.manager', + 'part.read-administrative', ], 'role:stock.manager' => [ 'role:stock.user', @@ -486,6 +488,8 @@ ], 'role:ticket.manager' => [ 'role:ticket.user', 'ticket.update', 'ticket.delete', + 'ticket.read-templates', 'ticket.read-statistics', + 'ticket.set-private', 'ticket.set-recipient', 'ticket.set-time', ], 'role:beta-tester' => [ 'test.beta', diff --git a/tests/unit/CheckAccessTrait.php b/tests/unit/CheckAccessTrait.php index fc50b8e..467593a 100644 --- a/tests/unit/CheckAccessTrait.php +++ b/tests/unit/CheckAccessTrait.php @@ -152,6 +152,8 @@ public function testSupport() 'vhost.read', 'vhost.create', 'vhost.update', 'vhost.delete', 'ip.read', 'service.read', 'blacklist.read', 'blacklist.create', 'blacklist.update', 'blacklist.delete', + 'client.read-ip', + 'ticket.read-templates', 'ticket.read-statistics', 'ticket.set-private', 'ticket.set-recipient', 'ticket.set-time', ]); } @@ -191,6 +193,9 @@ public function testAdmin() 'ip.read', 'ip.create', 'ip.update', 'ip.delete', 'service.read', 'service.create', 'service.update', 'service.delete', 'blacklist.read', 'blacklist.create', 'blacklist.update', 'blacklist.delete', + 'client.read-ip', + 'ticket.read-templates', 'ticket.read-statistics', 'ticket.set-private', 'ticket.set-recipient', 'ticket.set-time', + 'part.read-administrative', ]); } @@ -231,6 +236,9 @@ public function testStaffAdmin() 'ip.read', 'ip.create', 'ip.update', 'ip.delete', 'service.read', 'service.create', 'service.update', 'service.delete', 'blacklist.read', 'blacklist.create', 'blacklist.update', 'blacklist.delete', + 'client.read-ip', + 'ticket.read-templates', 'ticket.read-statistics', 'ticket.set-private', 'ticket.set-recipient', 'ticket.set-time', + 'part.read-administrative', ]); } @@ -276,8 +284,10 @@ public function testAccounter() 'vhost.read', 'vhost.create', 'vhost.update', 'vhost.delete', 'ip.read', 'service.read', 'client.notify', 'blacklist.read', 'blacklist.create', 'blacklist.update', 'blacklist.delete', - 'purse.set-credit','server.read-wizzard','server.read-legend', 'server.read-financial-info', 'server.read-manager', + 'purse.set-credit','server.read-wizzard','server.read-legend', 'server.read-financial-info', 'server.read-billing','charge.read','plan.set-note', + 'client.read-financial-info', 'client.read-requisite', 'client.read-referral', 'client.read-deleted', 'client.read-ip', + 'ticket.read-templates', 'ticket.read-statistics', 'ticket.set-private', 'ticket.set-recipient', 'ticket.set-time' ]); } @@ -317,8 +327,10 @@ public function testManager() 'vhost.read', 'vhost.create', 'vhost.update', 'vhost.delete', 'ip.read', 'service.read', 'client.notify', 'blacklist.read', 'blacklist.create', 'blacklist.update', 'blacklist.delete', - 'purse.set-credit','server.read-wizzard','server.read-legend','server.read-financial-info','server.read-manager', + 'purse.set-credit','server.read-wizzard','server.read-legend','server.read-financial-info', 'server.read-billing','charge.read','plan.set-note', + 'client.read-financial-info', 'client.read-requisite', 'client.read-referral', 'client.read-deleted', 'client.read-ip', + 'ticket.read-templates', 'ticket.read-statistics', 'ticket.set-private', 'ticket.set-recipient', 'ticket.set-time' ]); } @@ -359,8 +371,11 @@ public function testReseller() 'ip.read', 'service.read', 'client.notify', 'integration.read', 'integration.create', 'integration.update', 'integration.delete', 'blacklist.read', 'blacklist.create', 'blacklist.update', 'blacklist.delete', - 'purse.set-credit','server.read-wizzard','server.read-legend','server.read-financial-info', 'server.read-manager', + 'purse.set-credit','server.read-wizzard','server.read-legend','server.read-financial-info', 'server.read-billing','charge.read','plan.set-note', + 'client.read-financial-info', 'client.read-requisite', 'client.read-referral', 'client.read-deleted', 'client.read-ip', + 'ticket.read-templates', 'ticket.read-statistics', 'ticket.set-private', 'ticket.set-recipient', 'ticket.set-time' + ]); } @@ -431,8 +446,11 @@ public function testMighty() 'service.read', 'service.create', 'service.update', 'service.delete', 'blacklist.read', 'blacklist.create', 'blacklist.update', 'blacklist.delete', - 'purse.set-credit','server.read-wizzard','server.read-legend','server.read-system-info', 'server.read-financial-info', 'server.read-manager', + 'purse.set-credit','server.read-wizzard','server.read-legend','server.read-system-info', 'server.read-financial-info', 'server.read-billing','server.assign-hub','charge.read','plan.set-note', + 'client.read-financial-info', 'client.read-requisite', 'client.read-referral', 'client.read-deleted', 'client.read-ip', + 'part.read-administrative', 'ticket.read-templates', 'ticket.read-statistics', 'ticket.set-private', 'ticket.set-recipient', 'ticket.set-time' + ]); } @@ -500,8 +518,10 @@ public function testAlmighty() 'costprice.read', 'costprice.create', 'costprice.update', 'costprice.delete', 'pnl.read', 'pnl.read-expenses', 'pnl.update', 'blacklist.read', 'blacklist.create', 'blacklist.update', 'blacklist.delete', - 'purse.set-credit','server.read-wizzard','server.read-legend','server.read-financial-info', 'server.read-system-info', 'server.read-manager', + 'purse.set-credit','server.read-wizzard','server.read-legend','server.read-financial-info', 'server.read-system-info', 'server.read-billing','server.assign-hub','charge.read','plan.set-note', + 'client.read-financial-info', 'client.read-requisite', 'client.read-referral', 'client.read-deleted', 'client.read-ip', + 'part.read-administrative', 'ticket.read-templates', 'ticket.read-statistics', 'ticket.set-private', 'ticket.set-recipient', 'ticket.set-time' ]); } From 28cde554228c13ca85d2d0eae7efdee751aa6ce4 Mon Sep 17 00:00:00 2001 From: Yurii Myronchuk Date: Sun, 17 Nov 2024 19:10:43 +0000 Subject: [PATCH 15/16] HP-2069: add permissions --- src/files/items.php | 10 ---------- src/files/source/metadata.php | 6 ------ src/files/source/tree.php | 2 -- tests/unit/CheckAccessTrait.php | 10 +++++----- 4 files changed, 5 insertions(+), 23 deletions(-) diff --git a/src/files/items.php b/src/files/items.php index b164dc5..ea65a54 100644 --- a/src/files/items.php +++ b/src/files/items.php @@ -480,7 +480,6 @@ 'description' => 'The role is generally assigned to staff who are in charge of bills management', 'children' => [ 'bill.read', - 'charge.read', ], ], 'role:bill.manager' => [ @@ -493,7 +492,6 @@ 'bill.delete', 'deposit', 'role:purse.manager', - 'charge.read', ], ], 'role:bill.master' => [ @@ -2201,14 +2199,6 @@ 'type' => 2, 'description' => 'Prohibits reading of the bill', ], - 'charge.read' => [ - 'type' => 2, - 'description' => 'Allow reading of the charges', - ], - 'deny:charge.read' => [ - 'type' => 2, - 'description' => 'Prohibits reading of the charges', - ], 'bill.create' => [ 'type' => 2, 'description' => 'Allows creating of the bill', diff --git a/src/files/source/metadata.php b/src/files/source/metadata.php index 7d40704..d0b4dcf 100644 --- a/src/files/source/metadata.php +++ b/src/files/source/metadata.php @@ -1732,12 +1732,6 @@ 'deny:costprice.update' => [ 'description' => 'Prohibits updating of the costprice', ], - 'charge.read' => [ - 'description' => 'Allow reading of the charges', - ], - 'deny:charge.read' => [ - 'description' => 'Prohibits reading of the charges', - ], 'deny:pay' => [ 'description' => 'Prohibits paying', ], diff --git a/src/files/source/tree.php b/src/files/source/tree.php index d3a3ab1..047bc25 100644 --- a/src/files/source/tree.php +++ b/src/files/source/tree.php @@ -187,12 +187,10 @@ ], 'role:bill.junior-manager' => [ 'bill.read', - 'charge.read', ], 'role:bill.manager' => [ 'bill.read', 'bill.create', 'bill.update', 'bill.delete', 'deposit', 'role:purse.manager', - 'charge.read', ], 'role:bill.master' => [ 'bill.read', 'bill.create', 'bill.update', 'bill.delete', 'deposit', diff --git a/tests/unit/CheckAccessTrait.php b/tests/unit/CheckAccessTrait.php index 467593a..df30aab 100644 --- a/tests/unit/CheckAccessTrait.php +++ b/tests/unit/CheckAccessTrait.php @@ -285,7 +285,7 @@ public function testAccounter() 'ip.read', 'service.read', 'client.notify', 'blacklist.read', 'blacklist.create', 'blacklist.update', 'blacklist.delete', 'purse.set-credit','server.read-wizzard','server.read-legend', 'server.read-financial-info', - 'server.read-billing','charge.read','plan.set-note', + 'server.read-billing','plan.set-note', 'client.read-financial-info', 'client.read-requisite', 'client.read-referral', 'client.read-deleted', 'client.read-ip', 'ticket.read-templates', 'ticket.read-statistics', 'ticket.set-private', 'ticket.set-recipient', 'ticket.set-time' ]); @@ -328,7 +328,7 @@ public function testManager() 'ip.read', 'service.read', 'client.notify', 'blacklist.read', 'blacklist.create', 'blacklist.update', 'blacklist.delete', 'purse.set-credit','server.read-wizzard','server.read-legend','server.read-financial-info', - 'server.read-billing','charge.read','plan.set-note', + 'server.read-billing','plan.set-note', 'client.read-financial-info', 'client.read-requisite', 'client.read-referral', 'client.read-deleted', 'client.read-ip', 'ticket.read-templates', 'ticket.read-statistics', 'ticket.set-private', 'ticket.set-recipient', 'ticket.set-time' ]); @@ -372,7 +372,7 @@ public function testReseller() 'integration.read', 'integration.create', 'integration.update', 'integration.delete', 'blacklist.read', 'blacklist.create', 'blacklist.update', 'blacklist.delete', 'purse.set-credit','server.read-wizzard','server.read-legend','server.read-financial-info', - 'server.read-billing','charge.read','plan.set-note', + 'server.read-billing', 'plan.set-note', 'client.read-financial-info', 'client.read-requisite', 'client.read-referral', 'client.read-deleted', 'client.read-ip', 'ticket.read-templates', 'ticket.read-statistics', 'ticket.set-private', 'ticket.set-recipient', 'ticket.set-time' @@ -447,7 +447,7 @@ public function testMighty() 'blacklist.read', 'blacklist.create', 'blacklist.update', 'blacklist.delete', 'purse.set-credit','server.read-wizzard','server.read-legend','server.read-system-info', 'server.read-financial-info', - 'server.read-billing','server.assign-hub','charge.read','plan.set-note', + 'server.read-billing','server.assign-hub','plan.set-note', 'client.read-financial-info', 'client.read-requisite', 'client.read-referral', 'client.read-deleted', 'client.read-ip', 'part.read-administrative', 'ticket.read-templates', 'ticket.read-statistics', 'ticket.set-private', 'ticket.set-recipient', 'ticket.set-time' @@ -519,7 +519,7 @@ public function testAlmighty() 'pnl.read', 'pnl.read-expenses', 'pnl.update', 'blacklist.read', 'blacklist.create', 'blacklist.update', 'blacklist.delete', 'purse.set-credit','server.read-wizzard','server.read-legend','server.read-financial-info', 'server.read-system-info', - 'server.read-billing','server.assign-hub','charge.read','plan.set-note', + 'server.read-billing','server.assign-hub', 'plan.set-note', 'client.read-financial-info', 'client.read-requisite', 'client.read-referral', 'client.read-deleted', 'client.read-ip', 'part.read-administrative', 'ticket.read-templates', 'ticket.read-statistics', 'ticket.set-private', 'ticket.set-recipient', 'ticket.set-time' ]); From be1c2a5ac100f8ea706489f34161bd12d921591a Mon Sep 17 00:00:00 2001 From: Yurii Myronchuk Date: Sun, 17 Nov 2024 19:18:01 +0000 Subject: [PATCH 16/16] fix --- src/files/items.php | 11 ----------- src/files/source/metadata.php | 6 ------ src/files/source/tree.php | 2 -- 3 files changed, 19 deletions(-) diff --git a/src/files/items.php b/src/files/items.php index c54e557..ea65a54 100644 --- a/src/files/items.php +++ b/src/files/items.php @@ -480,7 +480,6 @@ 'description' => 'The role is generally assigned to staff who are in charge of bills management', 'children' => [ 'bill.read', - 'charge.read', ], ], 'role:bill.manager' => [ @@ -493,7 +492,6 @@ 'bill.delete', 'deposit', 'role:purse.manager', - 'charge.read', ], ], 'role:bill.master' => [ @@ -1573,7 +1571,6 @@ ], 'deny:server.read-billing' => [ 'type' => 2, - 'description' => 'Prohibits reading of tariff and sale information of server', ], 'server.create' => [ @@ -2202,14 +2199,6 @@ 'type' => 2, 'description' => 'Prohibits reading of the bill', ], - 'charge.read' => [ - 'type' => 2, - 'description' => 'Allow reading of the charges', - ], - 'deny:charge.read' => [ - 'type' => 2, - 'description' => 'Prohibits reading of the charges', - ], 'bill.create' => [ 'type' => 2, 'description' => 'Allows creating of the bill', diff --git a/src/files/source/metadata.php b/src/files/source/metadata.php index 7d40704..d0b4dcf 100644 --- a/src/files/source/metadata.php +++ b/src/files/source/metadata.php @@ -1732,12 +1732,6 @@ 'deny:costprice.update' => [ 'description' => 'Prohibits updating of the costprice', ], - 'charge.read' => [ - 'description' => 'Allow reading of the charges', - ], - 'deny:charge.read' => [ - 'description' => 'Prohibits reading of the charges', - ], 'deny:pay' => [ 'description' => 'Prohibits paying', ], diff --git a/src/files/source/tree.php b/src/files/source/tree.php index d3a3ab1..047bc25 100644 --- a/src/files/source/tree.php +++ b/src/files/source/tree.php @@ -187,12 +187,10 @@ ], 'role:bill.junior-manager' => [ 'bill.read', - 'charge.read', ], 'role:bill.manager' => [ 'bill.read', 'bill.create', 'bill.update', 'bill.delete', 'deposit', 'role:purse.manager', - 'charge.read', ], 'role:bill.master' => [ 'bill.read', 'bill.create', 'bill.update', 'bill.delete', 'deposit',