Skip to content

Commit

Permalink
new: [metafield editor permission] added
Browse files Browse the repository at this point in the history 
- users/org admins/group admins/community admins can now only modify metafield data on any object if the permission is set for their role
- Since some communities use this for ACL to secondary tools, this will allow them to restrict who can modify them
  • Loading branch information
@iglocska
iglocska committed Aug 24, 2024
1 parent 25e55a6 commit 6270ae8
Show file tree
Hide file tree
Showing 4 changed files with 53 additions and 8 deletions.
30 changes: 30 additions & 0 deletions config/Migrations/20240824000001_RoleMetaEditor.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
<?php
declare(strict_types=1);

use Migrations\AbstractMigration;
use Phinx\Db\Adapter\MysqlAdapter;

final class RoleMetaEditor extends AbstractMigration
{
public $autoId = false; // turn off automatic `id` column create. We want it to be `int(10) unsigned`

public function change(): void
{
$exists = $this->table('roles')->hasColumn('perm_meta_field_editor');
if (!$exists) {
$this->table('roles')
->addColumn('perm_meta_field_editor', 'boolean', [
'default' => 0,
'null' => false,
])
->addIndex('perm_meta_field_editor')
->update();
}
$builder = $this->getQueryBuilder();
$builder
->update('roles')
->set('perm_meta_field_editor', true)
->where(['perm_admin' => true])
->execute();
}
}
20 changes: 12 additions & 8 deletions src/Controller/Component/CRUDComponent.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -427,7 +427,9 @@ function ($metaTemplate) {
public function add(array $params = []): void
{
$data = $this->Table->newEmptyEntity();
if ($this->metaFieldsSupported()) {
$user = $this->Controller->ACL->getUser();
$metaFieldsEnabled = $user['role']['perm_meta_field_editor'] && $this->metaFieldsSupported();
if ($metaFieldsEnabled) {
$metaTemplates = $this->getMetaTemplates();
$data = $this->attachMetaTemplatesIfNeeded($data, $metaTemplates->toArray());
if (isset($params['afterFind'])) {
Expand All @@ -452,7 +454,7 @@ public function add(array $params = []): void
throw new NotFoundException(__('Could not save {0} due to the marshaling failing. Your input is bad and you should feel bad.', $this->ObjectAlias));
}
}
if ($this->metaFieldsSupported()) {
if ($metaFieldsEnabled) {
$massagedData = $this->massageMetaFields($data, $input, $metaTemplates);
unset($input['MetaTemplates']); // Avoid MetaTemplates to be overriden when patching entity
$data = $massagedData['entity'];
Expand Down Expand Up @@ -526,10 +528,10 @@ public function prepareValidationMessage($errors)
if (!empty($errors)) {
if (count($errors) == 1) {
$field = array_keys($errors)[0];
$fieldError = json_encode($errors[$field]);
$fieldError = implode(', ', array_values($errors[$field]));
$validationMessage = __('{0}: {1}', $field, $fieldError);
} else {
$validationMessage = __('There has been validation issues with multiple fields: {0}', json_encode($errors));
$validationMessage = __('There has been validation issues with multiple fields');
}
}
return $validationMessage;
Expand Down Expand Up @@ -692,7 +694,9 @@ public function edit(int $id, array $params = []): void
$params['contain'][] = 'Tags';
$this->setAllTags();
}
if ($this->metaFieldsSupported()) {
$user = $this->Controller->ACL->getUser();
$metaFieldsEnabled = $user['role']['perm_meta_field_editor'] && $this->metaFieldsSupported();
if ($metaFieldsEnabled) {
if (empty($params['contain'])) {
$params['contain'] = [];
}
Expand All @@ -710,7 +714,7 @@ public function edit(int $id, array $params = []): void
$query->where($params['conditions']);
}
$data = $query->first();
if ($this->metaFieldsSupported()) {
if ($metaFieldsEnabled) {
$metaTemplates = $this->getMetaTemplates();
$data = $this->attachMetaTemplatesIfNeeded($data, $metaTemplates->toArray());
}
Expand All @@ -734,7 +738,7 @@ public function edit(int $id, array $params = []): void
throw new NotFoundException(__('Could not save {0} due to the marshaling failing. Your input is bad and you should feel bad.', $this->ObjectAlias));
}
}
if ($this->metaFieldsSupported()) {
if ($metaFieldsEnabled) {
$massagedData = $this->massageMetaFields($data, $input, $metaTemplates);
unset($input['MetaTemplates']); // Avoid MetaTemplates to be overriden when patching entity
$data = $massagedData['entity'];
Expand All @@ -749,7 +753,7 @@ public function edit(int $id, array $params = []): void
}
$savedData = $this->Table->save($data);
if ($savedData !== false) {
if ($this->metaFieldsSupported() && !empty($metaFieldsToDelete)) {
if ($metaFieldsEnabled && !empty($metaFieldsToDelete)) {
foreach ($metaFieldsToDelete as $k => $v) {
if ($v === null) {
unset($metaFieldsToDelete[$k]);
Expand Down
5 changes: 5 additions & 0 deletions templates/Roles/add.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,6 +32,11 @@
'type' => 'checkbox',
'label' => 'Sync permission'
],
[
'field' => 'perm_meta_field_editor',
'type' => 'checkbox',
'label' => 'Meta field modification privilege'
],
[
'field' => 'is_default',
'type' => 'checkbox',
Expand Down
6 changes: 6 additions & 0 deletions templates/Roles/index.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -74,6 +74,12 @@
'data_path' => 'perm_sync',
'element' => 'boolean'
],
[
'name' => __('Meta field Editor'),
'sort' => 'perm_meta_field_editor',
'data_path' => 'perm_meta_field_editor',
'element' => 'boolean'
],
[
'name' => 'Default',
'sort' => 'is_default',
Expand Down

0 comments on commit 6270ae8

Please sign in to comment.