Initial commit: CloudOps infrastructure platform

2026-04-09 19:58:57 +02:00
commit 1166a52f26
7762 changed files with 839452 additions and 0 deletions
--- a/docker-compose/mautic-setup/mautic-backup-files/docroot/app/bundles/ApiBundle/Security/Permissions/ApiPermissions.php
+++ b/docker-compose/mautic-setup/mautic-backup-files/docroot/app/bundles/ApiBundle/Security/Permissions/ApiPermissions.php
@@ -0,0 +1,70 @@
+<?php
+
+namespace Mautic\ApiBundle\Security\Permissions;
+
+use Mautic\CoreBundle\Security\Permissions\AbstractPermissions;
+use Mautic\UserBundle\Form\Type\PermissionListType;
+use Symfony\Component\Form\FormBuilderInterface;
+
+class ApiPermissions extends AbstractPermissions
+{
+    public function __construct($params)
+    {
+        parent::__construct($params);
+
+        $this->permissions = [
+            'access' => [
+                'full' => 1024,
+            ],
+        ];
+        $this->addStandardPermissions('clients', false);
+    }
+
+    public function getName(): string
+    {
+        return 'api';
+    }
+
+    public function buildForm(FormBuilderInterface &$builder, array $options, array $data): void
+    {
+        $builder->add(
+            'api:access',
+            PermissionListType::class,
+            [
+                'choices' => [
+                    'mautic.api.permissions.granted' => 'full',
+                ],
+                'label'             => 'mautic.api.permissions.apiaccess',
+                'data'              => (!empty($data['access']) ? $data['access'] : []),
+                'bundle'            => 'api',
+                'level'             => 'access',
+            ]
+        );
+
+        $this->addStandardFormFields('api', 'clients', $builder, $data, false);
+    }
+
+    public function getValue($name, $perm)
+    {
+        // ensure api is enabled system wide
+        if (empty($this->params['api_enabled'])) {
+            return 0;
+        }
+
+        return parent::getValue($name, $perm);
+    }
+
+    public function isEnabled(): bool
+    {
+        return !empty($this->params['api_enabled']);
+    }
+
+    protected function getSynonym($name, $level)
+    {
+        if ('access' == $name && 'granted' == $level) {
+            return [$name, 'full'];
+        }
+
+        return parent::getSynonym($name, $level);
+    }
+}
--- a/docker-compose/mautic-setup/mautic-backup-files/docroot/app/bundles/ApiBundle/Security/Voter/ApiPermissionVoter.php
+++ b/docker-compose/mautic-setup/mautic-backup-files/docroot/app/bundles/ApiBundle/Security/Voter/ApiPermissionVoter.php
@@ -0,0 +1,33 @@
+<?php
+
+namespace Mautic\ApiBundle\Security\Voter;
+
+use Mautic\CoreBundle\Security\Permissions\CorePermissions;
+use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\Voter;
+use Symfony\Component\Security\Core\User\UserInterface;
+
+class ApiPermissionVoter extends Voter
+{
+    public function __construct(private CorePermissions $security)
+    {
+    }
+
+    protected function supports(string $attribute, mixed $subject): bool
+    {
+        // Support Mautic permission format like 'focus:items:viewown'
+        return str_contains($attribute, ':');
+    }
+
+    protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool
+    {
+        $user = $token->getUser();
+
+        if (!$user instanceof UserInterface) {
+            return false;
+        }
+
+        // Use Mautic's security system to check permissions
+        return $this->security->isGranted($attribute);
+    }
+}