IBX-4160: Enh. custom Limitation doc and examples (4.5+)

code_samples/back_office/limitation/config/append_to_services.yaml

@@ -0,0 +1,12 @@
+services:
+    App\Security\Limitation\CustomLimitationType:
+        tags:
+            - { name: 'ibexa.permissions.limitation_type', alias: 'CustomLimitation' }
+
+    App\Security\Limitation\Mapper\CustomLimitationFormMapper:
+        tags:
+            - { name: 'ibexa.admin_ui.limitation.mapper.form', limitationType: 'CustomLimitation' }
+
+    App\Security\Limitation\Mapper\CustomLimitationValueMapper:
+        tags:
+            - { name: 'ibexa.admin_ui.limitation.mapper.value', limitationType: 'CustomLimitation' }

code_samples/back_office/limitation/config/packages/ibexa_security.yaml

@@ -0,0 +1,5 @@
+ibexa:
+    system:
+        default:
+            limitation_value_templates:
+                - { template: '@ibexadesign/limitation/custom_limitation_value.html.twig', priority: 0 }

code_samples/back_office/limitation/src/Kernel.php

@@ -0,0 +1,24 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App;
+
+use App\Security\MyPolicyProvider;
+use Symfony\Bundle\FrameworkBundle\Kernel\MicroKernelTrait;
+use Symfony\Component\DependencyInjection\ContainerBuilder;
+use Symfony\Component\HttpKernel\Kernel as BaseKernel;
+
+class Kernel extends BaseKernel
+{
+    use MicroKernelTrait;
+
+    protected function build(ContainerBuilder $container): void
+    {
+        // Retrieve "ibexa" container extension
+        /** @var \Ibexa\Bundle\Core\DependencyInjection\IbexaCoreExtension $IbexaExtension */
+        $ibexaExtension = $container->getExtension('ibexa');
+        // Add the policy provider
+        $ibexaExtension->addPolicyProvider(new MyPolicyProvider());
+    }
+}

code_samples/back_office/limitation/src/Resources/config/policies.yaml

@@ -0,0 +1,4 @@
+# src/Resources/config/policies.yaml
+custom_module:
+    custom_function_1: ~
+    custom_function_2: [CustomLimitation]

code_samples/back_office/limitation/src/Security/Limitation/CustomLimitationType.php

@@ -0,0 +1,82 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Security\Limitation;
+
+use Ibexa\Contracts\Core\Limitation\Type;
+use Ibexa\Contracts\Core\Repository\Exceptions\NotImplementedException;
+use Ibexa\Contracts\Core\Repository\Values\Content\Query\CriterionInterface;
+use Ibexa\Contracts\Core\Repository\Values\User\Limitation;
+use Ibexa\Contracts\Core\Repository\Values\User\UserReference;
+use Ibexa\Contracts\Core\Repository\Values\ValueObject;
+use Ibexa\Core\Base\Exceptions\InvalidArgumentType;
+use Ibexa\Core\FieldType\ValidationError;
+
+class CustomLimitationType implements Type
+{
+    public function acceptValue(Limitation $limitationValue): void
+    {
+        if (!$limitationValue instanceof CustomLimitationValue) {
+            throw new InvalidArgumentType(
+                '$limitationValue',
+                FieldGroupLimitation::class,
+                $limitationValue
+            );
+        }
+    }
+
+    /** @return \Ibexa\Core\FieldType\ValidationError[] */
+    public function validate(Limitation $limitationValue): array
+    {
+        $validationErrors = [];
+        if (!array_key_exists('value', $limitationValue->limitationValues)) {
+            $validationErrors[] = new ValidationError("limitationValues['value'] is missing.");
+        } elseif (!is_bool($limitationValue->limitationValues['value'])) {
+            $validationErrors[] = new ValidationError("limitationValues['value'] is not a boolean.");
+        }
+
+        return $validationErrors;
+    }
+
+    public function buildValue(array $limitationValues): CustomLimitationValue
+    {
+        $value = false;
+        if (array_key_exists('value', $limitationValues)) {
+            $value = $limitationValues['value'];
+        } elseif (count($limitationValues)) {
+            $value = (bool)$limitationValues[0];
+        }
+
+        return new CustomLimitationValue(['limitationValues' => ['value' => $value]]);
+    }
+
+    /**
+     * @param \Ibexa\Contracts\Core\Repository\Values\ValueObject[]|null $targets
+     *
+     * @return bool|null
+     */
+    public function evaluate(Limitation $value, UserReference $currentUser, ValueObject $object, array $targets = null): ?bool
+    {
+        if (!$value instanceof CustomLimitationValue) {
+            throw new InvalidArgumentException('$value', 'Must be of type: CustomLimitationValue');
+        }
+
+        if ($value->limitationValues['value']) {
+            return Type::ACCESS_GRANTED;
+        }
+
+        // If the limitation value is not set to `true`, then $currentUser, $object and/or $targets could be challenged to determine if the access is granted or not.
+        return Type::ACCESS_DENIED;
+    }
+
+    public function getCriterion(Limitation $value, UserReference $currentUser): CriterionInterface
+    {
+        throw new NotImplementedException(__METHOD__);
+    }
+
+    public function valueSchema(): void
+    {
+        throw new NotImplementedException(__METHOD__);
+    }
+}

code_samples/back_office/limitation/src/Security/Limitation/CustomLimitationValue.php

@@ -0,0 +1,15 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Security\Limitation;
+
+use Ibexa\Contracts\Core\Repository\Values\User\Limitation;
+
+class CustomLimitationValue extends Limitation
+{
+    public function getIdentifier(): string
+    {
+        return 'CustomLimitation';
+    }
+}

code_samples/back_office/limitation/src/Security/Limitation/Mapper/CustomLimitationFormMapper.php

@@ -0,0 +1,33 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Security\Limitation\Mapper;
+
+use Ibexa\AdminUi\Limitation\LimitationFormMapperInterface;
+use Ibexa\AdminUi\Translation\Extractor\LimitationTranslationExtractor;
+use Ibexa\Contracts\Core\Repository\Values\User\Limitation;
+use Symfony\Component\Form\Extension\Core\Type\CheckboxType;
+use Symfony\Component\Form\FormInterface;
+
+class CustomLimitationFormMapper implements LimitationFormMapperInterface
+{
+    public function mapLimitationForm(FormInterface $form, Limitation $data): void
+    {
+        $form->add('limitationValues', CheckboxType::class, [
+            'label' => LimitationTranslationExtractor::identifierToLabel($data->getIdentifier()),
+            'required' => false,
+            'data' => $data->limitationValues['value'],
+            'property_path' => 'limitationValues[value]',
+        ]);
+    }
+
+    public function getFormTemplate(): string
+    {
+        return '@ibexadesign/limitation/custom_limitation_form.html.twig';
+    }
+
+    public function filterLimitationValues(Limitation $limitation): void
+    {
+    }
+}

code_samples/back_office/limitation/src/Security/Limitation/Mapper/CustomLimitationValueMapper.php

@@ -0,0 +1,16 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Security\Limitation\Mapper;
+
+use Ibexa\AdminUi\Limitation\LimitationValueMapperInterface;
+use Ibexa\Contracts\Core\Repository\Values\User\Limitation;
+
+class CustomLimitationValueMapper implements LimitationValueMapperInterface
+{
+    public function mapLimitationValue(Limitation $limitation): bool
+    {
+        return $limitation->limitationValues['value'];
+    }
+}

code_samples/back_office/limitation/src/Security/MyPolicyProvider.php

@@ -0,0 +1,18 @@
+<?php
+
+declare(strict_types=1);
+
+namespace App\Security;
+
+use Ibexa\Bundle\Core\DependencyInjection\Security\PolicyProvider\YamlPolicyProvider;
+
+class MyPolicyProvider extends YamlPolicyProvider
+{
+    /** @returns string[] */
+    protected function getFiles(): array
+    {
+        return [
+            __DIR__ . '/../Resources/config/policies.yaml',
+        ];
+    }
+}

code_samples/back_office/limitation/templates/themes/admin/limitation/custom_limitation_form.html.twig

@@ -0,0 +1,3 @@
+{# templates/themes/admin/limitation/custom_limitation_form.html.twig #}
+{{ form_label(form.limitationValues) }}
+{{ form_widget(form.limitationValues) }}

code_samples/back_office/limitation/templates/themes/standard/limitation/custom_limitation_value.html.twig

@@ -0,0 +1,4 @@
+{# templates/themes/standard/limitation/custom_limitation_value.html.twig #}
+{% block ez_limitation_customlimitation_value %}
+    <span style="color: {{ values ? 'green' : 'red' }};">{{ values ? 'Yes' : 'No' }}</span>
+{% endblock %}

code_samples/back_office/limitation/translations/forms.en.yaml

@@ -0,0 +1,4 @@
+role.policy.custom_module: 'Custom module'
+role.policy.custom_module.all_functions: 'Custom module / All functions'
+role.policy.custom_module.custom_function_1: 'Custom module / Function #1'
+role.policy.custom_module.custom_function_2: 'Custom module / Function #2'

code_samples/back_office/limitation/translations/ibexa_content_forms_policies.en.yaml

@@ -0,0 +1 @@
+policy.limitation.identifier.customlimitation: 'Custom limitation'