116 lines
4.3 KiB
PHP
116 lines
4.3 KiB
PHP
<?php
|
||
|
||
namespace App\Command;
|
||
|
||
use App\Repository\UserRepository;
|
||
use Symfony\Component\Console\Attribute\AsCommand;
|
||
use Symfony\Component\Console\Command\Command;
|
||
use Symfony\Component\Console\Input\InputArgument;
|
||
use Symfony\Component\Console\Input\InputInterface;
|
||
use Symfony\Component\Console\Output\OutputInterface;
|
||
use Symfony\Component\Console\Style\SymfonyStyle;
|
||
|
||
#[AsCommand(
|
||
name: 'app:user:permissions',
|
||
description: 'Zeigt die Berechtigungen eines Benutzers an',
|
||
)]
|
||
class UserPermissionsCommand extends Command
|
||
{
|
||
public function __construct(
|
||
private UserRepository $userRepository
|
||
) {
|
||
parent::__construct();
|
||
}
|
||
|
||
protected function configure(): void
|
||
{
|
||
$this
|
||
->addArgument('email', InputArgument::REQUIRED, 'Email des Benutzers')
|
||
;
|
||
}
|
||
|
||
protected function execute(InputInterface $input, OutputInterface $output): int
|
||
{
|
||
$io = new SymfonyStyle($input, $output);
|
||
$email = $input->getArgument('email');
|
||
|
||
$user = $this->userRepository->findOneBy(['email' => $email]);
|
||
|
||
if (!$user) {
|
||
$io->error(sprintf('Benutzer mit Email "%s" nicht gefunden.', $email));
|
||
return Command::FAILURE;
|
||
}
|
||
|
||
$io->title(sprintf('Berechtigungen für: %s (%s)', $user->getFullName(), $user->getEmail()));
|
||
|
||
// Symfony Standard Roles
|
||
$io->section('Symfony Roles');
|
||
$io->listing($user->getRoles());
|
||
|
||
// Zugewiesene Rollen
|
||
$io->section('Zugewiesene Rollen');
|
||
$roles = $user->getUserRoles();
|
||
|
||
if ($roles->isEmpty()) {
|
||
$io->note('Keine Rollen zugewiesen');
|
||
} else {
|
||
foreach ($roles as $role) {
|
||
$io->text(sprintf('- %s (%s)', $role->getName(), $role->getDescription()));
|
||
}
|
||
}
|
||
|
||
// Modul-Berechtigungen
|
||
$io->section('Modul-Berechtigungen');
|
||
|
||
$allPermissions = [];
|
||
foreach ($roles as $role) {
|
||
foreach ($role->getPermissions() as $permission) {
|
||
$moduleCode = $permission->getModule()->getCode();
|
||
$moduleName = $permission->getModule()->getName();
|
||
|
||
if (!isset($allPermissions[$moduleCode])) {
|
||
$allPermissions[$moduleCode] = [
|
||
'name' => $moduleName,
|
||
'permissions' => []
|
||
];
|
||
}
|
||
|
||
// Merge permissions (OR logic - wenn eine Rolle erlaubt, ist es erlaubt)
|
||
if ($permission->canView()) $allPermissions[$moduleCode]['permissions']['view'] = true;
|
||
if ($permission->canCreate()) $allPermissions[$moduleCode]['permissions']['create'] = true;
|
||
if ($permission->canEdit()) $allPermissions[$moduleCode]['permissions']['edit'] = true;
|
||
if ($permission->canDelete()) $allPermissions[$moduleCode]['permissions']['delete'] = true;
|
||
if ($permission->canExport()) $allPermissions[$moduleCode]['permissions']['export'] = true;
|
||
if ($permission->canManage()) $allPermissions[$moduleCode]['permissions']['manage'] = true;
|
||
}
|
||
}
|
||
|
||
if (empty($allPermissions)) {
|
||
$io->note('Keine Modul-Berechtigungen definiert');
|
||
} else {
|
||
$rows = [];
|
||
foreach ($allPermissions as $moduleCode => $data) {
|
||
$perms = [];
|
||
if (isset($data['permissions']['view'])) $perms[] = '👁️ View';
|
||
if (isset($data['permissions']['create'])) $perms[] = '➕ Create';
|
||
if (isset($data['permissions']['edit'])) $perms[] = '✏️ Edit';
|
||
if (isset($data['permissions']['delete'])) $perms[] = '🗑️ Delete';
|
||
if (isset($data['permissions']['export'])) $perms[] = '📤 Export';
|
||
if (isset($data['permissions']['manage'])) $perms[] = '⚙️ Manage';
|
||
|
||
$rows[] = [
|
||
$data['name'],
|
||
$moduleCode,
|
||
implode(', ', $perms)
|
||
];
|
||
}
|
||
|
||
$io->table(['Modul', 'Code', 'Berechtigungen'], $rows);
|
||
}
|
||
|
||
$io->success('Berechtigungsübersicht erfolgreich angezeigt');
|
||
|
||
return Command::SUCCESS;
|
||
}
|
||
}
|