READ BEFORE UPGRADE: Breaking Changes in Permission System

[jbtronics]

Beginning with the version from 2022-11-27 a new permission system takes place which is not compatible with the old system.
The old system was really complex and unflexible and maintaining proper protection for each of the very fine granulated permissions were impossible.

In the new system, you can no longer control access to each field of a part (which did not really worked well before and had performance impacts), but you only have one permission to control all aspects of a field. When a user is allowed to read/show parts, he is also allowed to view all other data structures, which could be associated with a part, which should make much more clear what a user is allowed to do and what not.

As the new permissions are not really compatible, the permissions can not be automatically migrated and you have to do that yourself. When upgrading database all permissions are set to their default values!. This means all permissions for all users (except the admin) are set to inherit from group. The 3 default groups readonly, users and admins get their permissions set according to their names, all other custom defined groups get all permissions set to inherit.
For security reasons, all users (except the first admin user) are disabled, meaning they can no longer login. After you have checked a user have the right permission, uncheck the checkmark at the disabled option to enable it. Or you can use the new php bin/console partdb:users:enable --all command to reenable all users at once.

Upgrading instructions

So the steps when updating from an old version are:

1. As always, make a database backup before upgrading
2. If you have some rather special permission configuration, it maybe is helpful to screenshot it as reference for later
3. Upgrade Part-DB like always and run php bin/console doctrine:migrations:migrate to upgrade database schema
4. Permissions are now reset. Login as the first admin user (if you do not remember the username, you can see it with the command php bin/console users:list with the ID 2).
5. Go to System->Groups and change the permissions for each group according to your needs
6. Go to System->Users and check for each user that the group assignments and permissions are according to your needs
7. Uncheck the User disabled (no login possible) checkmark under the password section of the user to reenable login
8. (Optional): To enable all users at once you can run php bin/console partdb:users:enable --all in a console

To ease the setting of permissions there are now certain helpful presets, which can be applied to users and groups using the Apply preset button in the permission section:

New Feature: Server Infos

Another new feature is the new Server Infos tool which can be enabled for administrators and which shows some helpful infos about Part-DB and your server:

Pre-Release Soon

I trying to stabilize and maybe implement some minor quality of life features, and then to do a (pre-) release of 1.0.0, so that there is some stable version which can be used, and for which versioning can be done. That should make Part-DB a bit easier to use, when you dont have to rely on working development versions.