Skip to content

Commit

Permalink
User Group & ACLs updates
Browse files Browse the repository at this point in the history 
Apply new permissions methods
  • Loading branch information
@smg6511
smg6511 committed Dec 7, 2024
1 parent 3e01a15 commit 81956c3
Show file tree
Hide file tree
Showing 14 changed files with 284 additions and 175 deletions.
54 changes: 34 additions & 20 deletions core/src/Revolution/Processors/Security/Access/UserGroup/AccessNamespace/GetList.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,13 @@ class GetList extends GetListProcessor
/** @var modUserGroup $userGroup */
public $userGroup;

/** @var bool $canCreate Whether user can assign a new Category ACL entry for a given User Group */
public $canCreate = false;
/** @var bool $canEdit Whether user can change a Category ACL entry for a given User Group */
public $canEdit = false;
/** @var bool $canRemove Whether user can remove a Category ACL entry for a given User Group */
public $canRemove = false;

/**
* @return bool
*/
Expand All @@ -64,6 +71,15 @@ public function initialize()
if ($this->getProperty('sort') == 'role_display') {
$this->setProperty('sort', 'authority');
}
/*
Currently, all actions essentially relate to editing a User Group.
Nonetheless, we maintain each separately to remain consistent with how permissions
are relayed throughout the MODX app
*/
$canChange = $this->modx->hasPermission('usergroup_edit') && $this->modx->hasPermission('usergroup_save');
$this->canCreate = $canChange;
$this->canEdit = $canChange;
$this->canRemove = $canChange;
return $initialized;
}

Expand Down Expand Up @@ -142,33 +158,31 @@ public function useSecondaryGroupCondition(string $sortBy, string $groupBy, stri
*/
public function prepareRow(xPDOObject $object)
{
$objectArray = $object->toArray();
if (empty($objectArray['name'])) {
$objectArray['name'] = '(' . $this->modx->lexicon('none') . ')';
$permissions = [
'create' => $this->canCreate,
'update' => $this->canEdit,
'delete' => $this->canRemove
];

$aclData = $object->toArray();
if (empty($aclData['name'])) {
$aclData['name'] = '(' . $this->modx->lexicon('none') . ')';
}
$objectArray['authority_name'] = !empty($objectArray['role_name'])
? $objectArray['role_name'] . ' - ' . $objectArray['authority']
: $objectArray['authority']
$aclData['authority_name'] = !empty($aclData['role_name'])
? $aclData['role_name'] . ' - ' . $aclData['authority']
: $aclData['authority']
;

/* get permissions list */
$data = $objectArray['policy_data'];
unset($objectArray['policy_data']);
$aclData['policyPermissions'] = [];
$data = $aclData['policy_data'];
unset($aclData['policy_data']);
$data = $this->modx->fromJSON($data);
if (!empty($data)) {
$permissions = [];
foreach ($data as $permission => $enabled) {
if (!$enabled) {
continue;
}
$permissions[] = $permission;
}
$objectArray['permissions'] = implode(', ', $permissions);
$aclData['policyPermissions'] = array_keys($data, 1);
}
$aclData['permissions'] = $permissions;

$cls = 'pedit premove';
$objectArray['cls'] = $cls;

return $objectArray;
return $aclData;
}
}
58 changes: 38 additions & 20 deletions core/src/Revolution/Processors/Security/Access/UserGroup/Category/GetList.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,13 @@ class GetList extends GetListProcessor
/** @var modUserGroup $userGroup */
public $userGroup;

/** @var bool $canCreate Whether user can assign a new Category ACL entry for a given User Group */
public $canCreate = false;
/** @var bool $canEdit Whether user can change a Category ACL entry for a given User Group */
public $canEdit = false;
/** @var bool $canRemove Whether user can remove a Category ACL entry for a given User Group */
public $canRemove = false;

/**
* @return bool
*/
Expand All @@ -65,6 +72,15 @@ public function initialize()
if ($this->getProperty('sort') == 'role_display') {
$this->setProperty('sort', 'authority');
}
/*
Currently, all actions essentially relate to editing a User Group.
Nonetheless, we maintain each separately to remain consistent with how permissions
are relayed throughout the MODX app
*/
$canChange = $this->modx->hasPermission('usergroup_edit') && $this->modx->hasPermission('usergroup_save');
$this->canCreate = $canChange;
$this->canEdit = $canChange;
$this->canRemove = $canChange;
return $initialized;
}

Expand Down Expand Up @@ -143,33 +159,35 @@ public function useSecondaryGroupCondition(string $sortBy, string $groupBy, stri
*/
public function prepareRow(xPDOObject $object)
{
$objectArray = $object->toArray();
if (empty($objectArray['name'])) {
$objectArray['name'] = '(' . $this->modx->lexicon('none') . ')';
$permissions = [
'create' => $this->canCreate,
'update' => $this->canEdit,
'delete' => $this->canRemove
];

$aclData = $object->toArray();
if (empty($aclData['name'])) {
$aclData['name'] = '(' . $this->modx->lexicon('none') . ')';
}

/* get permissions list */
$data = $objectArray['policy_data'];
unset($objectArray['policy_data']);
$aclData['policyPermissions'] = [];
$data = $aclData['policy_data'];
unset($aclData['policy_data']);
$data = $this->modx->fromJSON($data);
if (!empty($data)) {
$permissions = [];
foreach ($data as $permission => $enabled) {
if (!$enabled) {
continue;
}
$permissions[] = $permission;
}
$objectArray['permissions'] = implode(', ', $permissions);
$aclData['policyPermissions'] = array_keys($data, 1);
}

$cls = '';
if (($objectArray['target'] === 'web' || $objectArray['target'] === 'mgr') && $objectArray['policy_name'] === 'Administrator' && ($this->userGroup && $this->userGroup->get('name') === 'Administrator')) {
} else {
$cls .= 'pedit premove';
if (
in_array($aclData['target'], ['web', 'mgr'])
&& $aclData['policy_name'] === 'Administrator'
&& ($this->userGroup && $this->userGroup->get('name') === 'Administrator')
) {
$permissions['edit'] = false;
$permissions['delete'] = false;
}
$objectArray['cls'] = $cls;
$aclData['permissions'] = $permissions;

return $objectArray;
return $aclData;
}
}
56 changes: 35 additions & 21 deletions core/src/Revolution/Processors/Security/Access/UserGroup/Context/GetList.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,13 @@ class GetList extends GetListProcessor
/** @var modUserGroup $userGroup */
public $userGroup;

/** @var bool $canCreate Whether user can assign a new Context ACL entry for a given User Group */
public $canCreate = false;
/** @var bool $canEdit Whether user can change a Context ACL entry for a given User Group */
public $canEdit = false;
/** @var bool $canRemove Whether user can remove a Context ACL entry for a given User Group */
public $canRemove = false;

/**
* @return mixed
*/
Expand All @@ -63,6 +70,15 @@ public function initialize()
if ($this->getProperty('sort') == 'role_display') {
$this->setProperty('sort', 'authority');
}
/*
Currently, all actions essentially relate to editing a User Group.
Nonetheless, we maintain each separately to remain consistent with how permissions
are relayed throughout the MODX app
*/
$canChange = $this->modx->hasPermission('usergroup_edit') && $this->modx->hasPermission('usergroup_save');
$this->canCreate = $canChange;
$this->canEdit = $canChange;
$this->canRemove = $canChange;
return $initialized;
}

Expand Down Expand Up @@ -135,37 +151,35 @@ public function useSecondaryGroupCondition(string $sortBy, string $groupBy, stri
*/
public function prepareRow(xPDOObject $object)
{
$objectArray = $object->toArray();
if (empty($objectArray['name'])) {
$objectArray['name'] = '(' . $this->modx->lexicon('none') . ')';
$permissions = [
'create' => $this->canCreate,
'update' => $this->canEdit,
'delete' => $this->canRemove
];

$aclData = $object->toArray();
if (empty($aclData['name'])) {
$aclData['name'] = '(' . $this->modx->lexicon('none') . ')';
}

/* get permissions list */
$data = $objectArray['policy_data'];
unset($objectArray['policy_data']);
$aclData['policyPermissions'] = [];
$data = $aclData['policy_data'];
unset($aclData['policy_data']);
$data = $this->modx->fromJSON($data);
if (!empty($data)) {
$permissions = [];
foreach ($data as $permission => $enabled) {
if (!$enabled) {
continue;
}
$permissions[] = $permission;
}
$objectArray['permissions'] = implode(', ', $permissions);
$aclData['policyPermissions'] = array_keys($data, 1);
}

$cls = '';
if (
($objectArray['target'] === 'web' || $objectArray['target'] === 'mgr')
&& $objectArray['policy_name'] === 'Administrator'
in_array($aclData['target'], ['web', 'mgr'])
&& $aclData['policy_name'] === 'Administrator'
&& ($this->userGroup && $this->userGroup->get('name') === 'Administrator')
) {
} else {
$cls .= 'pedit premove';
$permissions['edit'] = false;
$permissions['delete'] = false;
}
$objectArray['cls'] = $cls;
$aclData['permissions'] = $permissions;

return $objectArray;
return $aclData;
}
}
56 changes: 36 additions & 20 deletions core/src/Revolution/Processors/Security/Access/UserGroup/ResourceGroup/GetList.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,13 @@ class GetList extends GetListProcessor
/** @var modUserGroup $userGroup */
public $userGroup;

/** @var bool $canCreate Whether user can assign a new Resource Group ACL entry for a given User Group */
public $canCreate = false;
/** @var bool $canEdit Whether user can change a Resource Group ACL entry for a given User Group */
public $canEdit = false;
/** @var bool $canRemove Whether user can remove a Resource Group ACL entry for a given User Group */
public $canRemove = false;

/**
* @return bool
*/
Expand All @@ -65,6 +72,16 @@ public function initialize()
if ($this->getProperty('sort') == 'role_display') {
$this->setProperty('sort', 'authority');
}
/*
Currently, all actions essentially relate to editing a User Group.
Nonetheless, we maintain each separately to remain consistent with how permissions
are relayed throughout the MODX app
*/
$canChange = $this->modx->hasPermission('usergroup_edit') && $this->modx->hasPermission('usergroup_save');
$this->canCreate = $canChange;
$this->canEdit = $canChange;
$this->canRemove = $canChange;

return $initialized;
}

Expand Down Expand Up @@ -143,36 +160,35 @@ public function useSecondaryGroupCondition(string $sortBy, string $groupBy, stri
*/
public function prepareRow(xPDOObject $object)
{
$objectArray = $object->toArray();
if (empty($objectArray['name'])) {
$objectArray['name'] = '(' . $this->modx->lexicon('none') . ')';
$permissions = [
'create' => $this->canCreate,
'update' => $this->canEdit,
'delete' => $this->canRemove
];

$aclData = $object->toArray();
if (empty($aclData['name'])) {
$aclData['name'] = '(' . $this->modx->lexicon('none') . ')';
}

/* get permissions list */
$data = $objectArray['policy_data'];
unset($objectArray['policy_data']);
$aclData['policyPermissions'] = [];
$data = $aclData['policy_data'];
unset($aclData['policy_data']);
$data = $this->modx->fromJSON($data);
if (!empty($data)) {
foreach ($data as $permission => $enabled) {
if (!$enabled) {
continue;
}
$permissions[] = $permission;
}
$objectArray['permissions'] = implode(', ', $permissions);
$aclData['policyPermissions'] = array_keys($data, 1);
}

$cls = '';
if (
($objectArray['target'] === 'web' || $objectArray['target'] == 'mgr')
&& $objectArray['policy_name'] === 'Administrator'
in_array($aclData['target'], ['web', 'mgr'])
&& $aclData['policy_name'] === 'Administrator'
&& ($this->userGroup && $this->userGroup->get('name') === 'Administrator')
) {
} else {
$cls .= 'pedit premove';
$permissions['edit'] = false;
$permissions['delete'] = false;
}
$objectArray['cls'] = $cls;
$aclData['permissions'] = $permissions;

return $objectArray;
return $aclData;
}
}
Loading

0 comments on commit 81956c3

Please sign in to comment.