PAYOSWXP-131: implement acl

src/Controller/SettingsController.php

@@ -26,7 +26,7 @@
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\Routing\Annotation\Route;
 
-#[Route(defaults: ['_routeScope' => ['api']])]
+#[Route(defaults: ['_routeScope' => ['api'], '_acl' => ['payone:configuration']])]
 class SettingsController extends AbstractController
 {
     private const REFERENCE_PREFIX_TEST = 'TESTPO-';

src/Resources/app/administration/src/acl/index.js

@@ -6,10 +6,50 @@ try {
         roles: {
             payone_order_management: {
                 privileges: [
-                    'order_transaction:update',
-                    'order_line_item:update',
-                    'state_machine_history:create',
-                    Shopware.Service('privileges').getPrivileges('order.viewer')
+                    // 'order_transaction:update',
+                    // 'order_line_item:update',
+                    // 'state_machine_history:create',
+                    // Shopware.Service('privileges').getPrivileges('order.viewer'),
+
+                    'payone_order_management',
+
+                    'payone_payment_order_transaction_data:read',
+                    'payone_payment_order_transaction_data:update',
+
+                    'payone_payment_order_action_log:read',
+                    'payone_payment_order_action_log:create',
+
+                    'payone_payment_webhook_log:read',
+                    'payone_payment_notification_forward:read',
+                    'payone_payment_notification_forward:create',
+                ],
+                dependencies: []
+            },
+            payone_configuration: {
+                privileges: [
+                    'system_config:read',
+                    'system_config:create',
+                    'system_config:update',
+                    'system_config:delete',
+                    'currency:read',
+                    'sales_channel:read',
+                    'payone:configuration'
+                ],
+                dependencies: []
+            },
+            payone_webhook_forward: {
+                privileges: [
+                    'payone_payment_notification_target:read',
+                    'payone_payment_notification_target:create',
+                    'payone_payment_notification_target:update',
+                    'payone_payment_notification_target:delete',
+                    'payone:manage_webhook_forwards'
+                ],
+                dependencies: []
+            },
+            payone_webhook_resend: {
+                privileges: [
+                    'payone_webhook_resend'
                 ],
                 dependencies: []
             }

src/Resources/app/administration/src/module/payone-notification-target/index.js

@@ -19,9 +19,12 @@ Shopware.Module.register('payone-notification-target', {
     routes: {
         list: {
             component: 'payone-notification-target-list',
-            path: 'list'
+            path: 'list',
+            meta: {
+                privilege: 'payone_payment_notification_target:read'
+            }
         },
-       detail: {
+        detail: {
             component: 'payone-notification-target-detail',
             path: 'detail/:id',
             props: {
@@ -32,14 +35,16 @@ Shopware.Module.register('payone-notification-target', {
                }
             },
             meta: {
-                parentPath: 'payone.notification.target.list'
+                parentPath: 'payone.notification.target.list',
+                privilege: 'payone_payment_notification_target:read'
             }
         },
         create: {
             component: 'payone-notification-target-detail',
             path: 'create',
             meta: {
-                parentPath: 'payone.notification.target.list'
+                parentPath: 'payone.notification.target.list',
+                privilege: 'payone_payment_notification_target:create'
             }
         }
     }

src/Resources/app/administration/src/module/payone-notification-target/page/payone-notification-target-list/index.js

@@ -4,7 +4,7 @@ const { Mixin, Data: { Criteria } } = Shopware;
 export default {
     template,
 
-    inject: ['repositoryFactory'],
+    inject: ['repositoryFactory', 'acl'],
 
     mixins: [
         Mixin.getByName('listing')

src/Resources/app/administration/src/module/payone-notification-target/page/payone-notification-target-list/payone-notification-target-list.html.twig

@@ -25,7 +25,9 @@
                 {% block payone_notification_target_list_smart_bar_actions %}
                     <sw-button
                         :routerLink="{ name: 'payone.notification.target.create' }"
-                        variant="primary">
+                        variant="primary"
+                        v-if="acl.can('payone_payment_notification_target:create')"
+                    >
                         {{ $tc('payonePayment.notificationTarget.list.buttonCreate') }}
                     </sw-button>
                 {% endblock %}
@@ -48,16 +50,23 @@
                         :disableDataFetching="true"
                         :sortBy="sortBy"
                         :showSelection="false"
-                        :allowInlineEdit="false"
                         :sortDirection="sortDirection"
-                        identifier="payone-notification-target-list">
+                        identifier="payone-notification-target-list"
+                        :allowInlineEdit="false"
+                        :allowBulkEdit="false"
+                        :allowColumnEdit="acl.can('payone_payment_notification_target:update')"
+                        :allowEdit="acl.can('payone_payment_notification_target:update')"
+                        :allowDelete="acl.can('payone_payment_notification_target:delete')"
+                    >
 
                         {% block payone_notification_target_list_grid_columns %}
                             {% block payone_notification_target_list_grid_columns_url %}
                                 <template #column-url="{ item }">
-                                    <router-link :to="{ name: 'payone.notification.target.detail', params: { id: item.id } }">
-                                        {{ item.url  }}
+                                    <router-link :to="{ name: 'payone.notification.target.detail', params: { id: item.id } }"
+                                                 v-if="acl.can('payone_payment_notification_target:update')">
+                                        {{ item.url }}
                                     </router-link>
+                                    <span v-else>{{ item.url }}</span>
                                 </template>
                             {% endblock %}
 

src/Resources/app/administration/src/module/payone-payment/index.js

@@ -31,7 +31,8 @@ Shopware.Module.register('payone-payment', {
             component: 'payone-settings',
             path: 'index',
             meta: {
-                parentPath: 'sw.settings.index'
+                parentPath: 'sw.settings.index',
+                privilege: 'payone:configuration'
             }
         }
     },
@@ -42,6 +43,7 @@ Shopware.Module.register('payone-payment', {
         label:  'payone-payment.general.mainMenuItemGeneral',
         group:  'plugins',
         iconComponent: 'payone-payment-plugin-icon',
-        backgroundEnabled: false
+        backgroundEnabled: false,
+        privilege: 'payone:configuration'
     }],
 });

src/Resources/app/administration/src/module/payone-payment/page/payone-settings/index.js

@@ -11,7 +11,7 @@ export default {
         Mixin.getByName('sw-inline-snippet')
     ],
 
-    inject: ['PayonePaymentSettingsService'],
+    inject: ['PayonePaymentSettingsService', 'acl'],
 
     data() {
         return {

src/Resources/app/administration/src/module/payone-payment/page/payone-settings/payone-settings.html.twig

@@ -31,7 +31,9 @@
                 variant="ghost"
                 :square="false"
                 :block="false"
-                :isLoading="false">
+                :isLoading="false"
+                v-if="acl.can('payone_payment_notification_target:read')"
+            >
                 {{ $tc('payonePayment.notificationTarget.module.buttonTitle') }}
             </sw-button>
         {% endblock %}

src/Resources/app/administration/src/module/payone-payment/snippet/de_DE.json

@@ -127,7 +127,10 @@
         "additional_permissions": {
             "Payone": {
                 "label": "PAYONE",
-                "payone_order_management": "PAYONE Transaktionsmanagement"
+                "payone_order_management": "Transaktionsmanagement",
+                "payone_configuration": "Konfiguration",
+                "payone_webhook_forward": "Webhook Weiterleitung Verwaltung",
+                "payone_webhook_resend": "Webhook Weiterleitung erneut senden"
             }
         }
     }

src/Resources/app/administration/src/module/payone-payment/snippet/en_GB.json

@@ -127,7 +127,10 @@
         "additional_permissions": {
             "Payone": {
                 "label": "PAYONE",
-                "payone_order_management": "PAYONE transaction management"
+                "payone_order_management": "Transaction management",
+                "payone_configuration": "Configuration",
+                "payone_webhook_forward": "Manage webhook forwards",
+                "payone_webhook_resend": "Allow Webhook forward resend"
             }
         }
     }

src/Resources/app/administration/src/module/sw-order/component/payone-payment-management/index.js

@@ -125,14 +125,6 @@ export default {
             });
         },
 
-        can(permission) {
-            try {
-                return this.acl.can(permission);
-            } catch (e) {
-                return true;
-            }
-        },
-
         reloadEntityData() {
             this.$emit('reload-entity-data');
         },

src/Resources/app/administration/src/module/sw-order/component/payone-payment-management/payone-payment-management.html.twig

@@ -32,13 +32,13 @@
                         </sw-description-list>
                     </sw-container>
 
-                    <sw-container gap="30px" v-if="isActiveTransaction(transaction) && can('Payone.payone_order_management')">
+                    <sw-container gap="30px" v-if="acl.can('Payone.payone_order_management') && isActiveTransaction(transaction)">
                         <payone-capture-button :order="order" :transaction="transaction" v-on:reload="reloadEntityData"></payone-capture-button>
                         <payone-refund-button :order="order" :transaction="transaction" v-on:reload="reloadEntityData"></payone-refund-button>
                     </sw-container>
                 </sw-container>
 
-                <sw-container v-if="hasNotificationForwards(transaction)" gap="10px" class="payone-payment-management-notification-forwards">
+                <sw-container v-if="acl.can('payone_payment_notification_forward:read') && hasNotificationForwards(transaction)" gap="10px" class="payone-payment-management-notification-forwards">
                     <b>{{ $tc('payonePayment.notificationTarget.list.title') }}</b>
 
                     <sw-data-grid
@@ -60,6 +60,7 @@
 
                         <template #actions="{ item }">
                             <sw-context-menu-item
+                                    v-if="acl.can('payone_webhook_resend')"
                                     @click="requeue(item, transaction)">
                                 {{ $tc('payonePayment.notificationTarget.actions.requeue') }}
                             </sw-context-menu-item>

src/Resources/app/administration/src/module/sw-order/page/sw-order-detail/index.js

@@ -3,6 +3,8 @@ import template from './sw-order-detail.html.twig';
 export default {
     template,
 
+    inject: ['acl'],
+
     methods: {
         hasPayoneTransaction(order) {
             let me = this;
@@ -33,5 +35,13 @@ export default {
         isActiveTransaction(transaction) {
             return transaction.stateMachineState.technicalName !== 'cancelled';
         },
+
+        canAccessPayoneTab() {
+            return (this.acl.can('payone_order_management')
+                || this.acl.can('payone_payment_order_action_log:read')
+                || this.acl.can('payone_payment_notification_forward:read')
+                || this.acl.can('payone_payment_webhook_log:read'))
+            && this.order && this.hasPayoneTransaction(this.order);
+        }
     }
 };

src/Resources/app/administration/src/module/sw-order/page/sw-order-detail/sw-order-detail.html.twig

@@ -3,7 +3,7 @@
 
     {% block sw_order_detail_content_tabs_payone %}
         <sw-tabs-item
-                v-if="order && hasPayoneTransaction(order)"
+                v-if="canAccessPayoneTab()"
                 class="sw-order-detail__tabs-tab-payone"
                 :route="{ name: 'sw.order.detail.payone', params: { id: $route.params.id } }"
                 :title="$tc('sw-order.detail.payone')"
@@ -12,4 +12,4 @@
         </sw-tabs-item>
     {% endblock %}
 
-{% endblock %}
+{% endblock %}

src/Resources/app/administration/src/module/sw-order/view/sw-order-detail-payone/index.js

@@ -6,6 +6,8 @@ const { mapState } = Component.getComponentHelper();
 export default {
     template,
 
+    inject: ['acl'],
+
     props: {
         orderId: {
             type: String,
@@ -21,8 +23,8 @@ export default {
 
     methods: {
         reloadEntityData() {
-            this.$refs.payoneOrderActionLogs.reloadActionLogs();
-            this.$refs.payoneWebhookLogs.reloadWebhookLogs();
+            this.$refs.payoneOrderActionLogs?.reloadActionLogs();
+            this.$refs.payoneWebhookLogs?.reloadWebhookLogs();
             this.$emit('reload-entity-data');
         },
     }

src/Resources/app/administration/src/module/sw-order/view/sw-order-detail-payone/sw-order-detail-payone.html.twig

@@ -4,6 +4,7 @@
             <payone-payment-management
                     :order="order"
                     @reload-entity-data="reloadEntityData"
+                    v-if="acl.can('Payone.payone_order_management') || acl.can('payone_payment_notification_forward:read')"
             />
         {% endblock %}
 
@@ -12,6 +13,7 @@
                     ref="payoneOrderActionLogs"
                     :order="order"
                     @reload-entity-data="reloadEntityData"
+                    v-if="acl.can('payone_payment_order_action_log:read')"
             />
         {% endblock %}
 
@@ -20,6 +22,7 @@
                     ref="payoneWebhookLogs"
                     :order="order"
                     @reload-entity-data="reloadEntityData"
+                    v-if="acl.can('payone_payment_webhook_log:read')"
             />
         {% endblock %}
     </div>