Skip to content

feat: add acl constraints #77

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
larskemper merged 4 commits into from
Nov 3, 2025
Merged

feat: add acl constraints #77

larskemper merged 4 commits into from
Nov 3, 2025

Conversation

@larskemper
Copy link
Member

@larskemper larskemper commented Oct 28, 2025
edited
Loading

fixes #13017

Introduced ACL migration roles (viewer, editor, creator, deleter) to make migration access configurable. Previously, access to any migration UI or API route was restricted and available only to admin users.

@larskemper larskemper requested a review from Copilot October 28, 2025 13:58
@larskemper larskemper self-assigned this Oct 28, 2025
Copilot AI reviewed Oct 28, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR implements ACL (Access Control List) constraints for the Migration Assistant feature, replacing generic 'admin' permissions with granular role-based access control.

Key changes:

  • Introduced a comprehensive ACL system with four roles: viewer, editor, creator, and deleter
  • Updated all API route permissions from 'admin' to specific migration permissions
  • Added permission checks in UI components to disable actions based on user roles

Reviewed Changes

Copilot reviewed 21 out of 24 changed files in this pull request and generated 1 comment.

Show a summary per file
File Description
src/Resources/app/administration/src/module/swag-migration/acl/index.ts Defines ACL structure with viewer, editor, creator, and deleter roles
src/Resources/app/administration/src/module/swag-migration/index.ts Updates route privileges and imports ACL configuration
src/Controller/StatusController.php Replaces 'admin' ACL with migration-specific permissions
src/Controller/PremappingController.php Updates premapping endpoints to require editor permission
src/Controller/HistoryController.php Updates history endpoints with appropriate migration permissions
src/Controller/DataProviderController.php Updates data provider endpoints with viewer/editor permissions
src/Resources/app/administration/src/module/swag-migration/store/migration.store.ts Adds ACL checks to store actions
src/Resources/app/administration/src/module/swag-migration/snippet/en-GB.json Adds permission-related translation strings
src/Resources/app/administration/src/module/swag-migration/snippet/de-DE.json Adds German translations for permissions
src/Resources/app/administration/src/module/swag-migration/page/swag-migration-process-screen/index.ts Injects ACL service and adds permission check
src/Resources/app/administration/src/module/swag-migration/page/swag-migration-index/index.ts Injects ACL service
src/Resources/app/administration/src/module/swag-migration/page/swag-migration-history/index.ts Injects ACL service
src/Resources/app/administration/src/module/swag-migration/component/card/swag-migration-shop-information/index.ts Injects ACL service
src/Resources/app/administration/src/module/swag-migration/extension/sw-dashboard-index/index.ts Replaces isAdmin check with viewer permission
tests/Jest/package.json Reorganizes dependencies alphabetically and adds TypeScript
src/Resources/app/administration/package.json Reorganizes dependencies and adds meteor-tokens
Files not reviewed (2)
  • tests/Jest/package-lock.json: Language not supported
  • tests/acceptance/package-lock.json: Language not supported

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@larskemper larskemper force-pushed the feat/add-acl-constrains branch 3 times, most recently from cd9b013 to a6eb3da Compare October 28, 2025 14:08
@larskemper larskemper marked this pull request as ready for review October 28, 2025 14:10
@larskemper larskemper force-pushed the feat/add-acl-constrains branch from a6eb3da to 0bcc699 Compare October 28, 2025 15:16
MalteJanz
MalteJanz reviewed Oct 28, 2025
View reviewed changes
Copy link
Contributor

@MalteJanz MalteJanz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just had a rough first look 🙂

@larskemper larskemper force-pushed the feat/add-acl-constrains branch 2 times, most recently from 107db7f to ae86cfa Compare October 29, 2025 14:26
@larskemper larskemper force-pushed the feat/add-acl-constrains branch from ae86cfa to 2287d30 Compare October 29, 2025 14:27
@larskemper larskemper requested a review from MalteJanz October 29, 2025 14:28
@larskemper larskemper merged commit 7ce1a74 into feature/migration-logging-refactor Nov 3, 2025
10 checks passed
@larskemper larskemper deleted the feat/add-acl-constrains branch November 3, 2025 09:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@jozsefdamokos jozsefdamokos jozsefdamokos approved these changes

@MalteJanz MalteJanz MalteJanz approved these changes

@DennisGarding DennisGarding Awaiting requested review from DennisGarding

@vintagesucks vintagesucks Awaiting requested review from vintagesucks

@ennasus4sun ennasus4sun Awaiting requested review from ennasus4sun

Assignees

@larskemper larskemper

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@larskemper @jozsefdamokos @MalteJanz