From 6270ae8e18228146ae0c33319381dca0ab82a65a Mon Sep 17 00:00:00 2001 From: iglocska Date: Sat, 24 Aug 2024 16:25:58 +0200 Subject: [PATCH] new: [metafield editor permission] added - users/org admins/group admins/community admins can now only modify metafield data on any object if the permission is set for their role - Since some communities use this for ACL to secondary tools, this will allow them to restrict who can modify them --- .../20240824000001_RoleMetaEditor.php | 30 +++++++++++++++++++ src/Controller/Component/CRUDComponent.php | 20 ++++++++----- templates/Roles/add.php | 5 ++++ templates/Roles/index.php | 6 ++++ 4 files changed, 53 insertions(+), 8 deletions(-) create mode 100644 config/Migrations/20240824000001_RoleMetaEditor.php diff --git a/config/Migrations/20240824000001_RoleMetaEditor.php b/config/Migrations/20240824000001_RoleMetaEditor.php new file mode 100644 index 00000000..30c6b008 --- /dev/null +++ b/config/Migrations/20240824000001_RoleMetaEditor.php @@ -0,0 +1,30 @@ +table('roles')->hasColumn('perm_meta_field_editor'); + if (!$exists) { + $this->table('roles') + ->addColumn('perm_meta_field_editor', 'boolean', [ + 'default' => 0, + 'null' => false, + ]) + ->addIndex('perm_meta_field_editor') + ->update(); + } + $builder = $this->getQueryBuilder(); + $builder + ->update('roles') + ->set('perm_meta_field_editor', true) + ->where(['perm_admin' => true]) + ->execute(); + } +} diff --git a/src/Controller/Component/CRUDComponent.php b/src/Controller/Component/CRUDComponent.php index 93307404..7d87fd5f 100644 --- a/src/Controller/Component/CRUDComponent.php +++ b/src/Controller/Component/CRUDComponent.php @@ -427,7 +427,9 @@ function ($metaTemplate) { public function add(array $params = []): void { $data = $this->Table->newEmptyEntity(); - if ($this->metaFieldsSupported()) { + $user = $this->Controller->ACL->getUser(); + $metaFieldsEnabled = $user['role']['perm_meta_field_editor'] && $this->metaFieldsSupported(); + if ($metaFieldsEnabled) { $metaTemplates = $this->getMetaTemplates(); $data = $this->attachMetaTemplatesIfNeeded($data, $metaTemplates->toArray()); if (isset($params['afterFind'])) { @@ -452,7 +454,7 @@ public function add(array $params = []): void throw new NotFoundException(__('Could not save {0} due to the marshaling failing. Your input is bad and you should feel bad.', $this->ObjectAlias)); } } - if ($this->metaFieldsSupported()) { + if ($metaFieldsEnabled) { $massagedData = $this->massageMetaFields($data, $input, $metaTemplates); unset($input['MetaTemplates']); // Avoid MetaTemplates to be overriden when patching entity $data = $massagedData['entity']; @@ -526,10 +528,10 @@ public function prepareValidationMessage($errors) if (!empty($errors)) { if (count($errors) == 1) { $field = array_keys($errors)[0]; - $fieldError = json_encode($errors[$field]); + $fieldError = implode(', ', array_values($errors[$field])); $validationMessage = __('{0}: {1}', $field, $fieldError); } else { - $validationMessage = __('There has been validation issues with multiple fields: {0}', json_encode($errors)); + $validationMessage = __('There has been validation issues with multiple fields'); } } return $validationMessage; @@ -692,7 +694,9 @@ public function edit(int $id, array $params = []): void $params['contain'][] = 'Tags'; $this->setAllTags(); } - if ($this->metaFieldsSupported()) { + $user = $this->Controller->ACL->getUser(); + $metaFieldsEnabled = $user['role']['perm_meta_field_editor'] && $this->metaFieldsSupported(); + if ($metaFieldsEnabled) { if (empty($params['contain'])) { $params['contain'] = []; } @@ -710,7 +714,7 @@ public function edit(int $id, array $params = []): void $query->where($params['conditions']); } $data = $query->first(); - if ($this->metaFieldsSupported()) { + if ($metaFieldsEnabled) { $metaTemplates = $this->getMetaTemplates(); $data = $this->attachMetaTemplatesIfNeeded($data, $metaTemplates->toArray()); } @@ -734,7 +738,7 @@ public function edit(int $id, array $params = []): void throw new NotFoundException(__('Could not save {0} due to the marshaling failing. Your input is bad and you should feel bad.', $this->ObjectAlias)); } } - if ($this->metaFieldsSupported()) { + if ($metaFieldsEnabled) { $massagedData = $this->massageMetaFields($data, $input, $metaTemplates); unset($input['MetaTemplates']); // Avoid MetaTemplates to be overriden when patching entity $data = $massagedData['entity']; @@ -749,7 +753,7 @@ public function edit(int $id, array $params = []): void } $savedData = $this->Table->save($data); if ($savedData !== false) { - if ($this->metaFieldsSupported() && !empty($metaFieldsToDelete)) { + if ($metaFieldsEnabled && !empty($metaFieldsToDelete)) { foreach ($metaFieldsToDelete as $k => $v) { if ($v === null) { unset($metaFieldsToDelete[$k]); diff --git a/templates/Roles/add.php b/templates/Roles/add.php index 4d6028f2..fd3e2844 100644 --- a/templates/Roles/add.php +++ b/templates/Roles/add.php @@ -32,6 +32,11 @@ 'type' => 'checkbox', 'label' => 'Sync permission' ], + [ + 'field' => 'perm_meta_field_editor', + 'type' => 'checkbox', + 'label' => 'Meta field modification privilege' + ], [ 'field' => 'is_default', 'type' => 'checkbox', diff --git a/templates/Roles/index.php b/templates/Roles/index.php index 60eda622..d5e20e1f 100644 --- a/templates/Roles/index.php +++ b/templates/Roles/index.php @@ -74,6 +74,12 @@ 'data_path' => 'perm_sync', 'element' => 'boolean' ], + [ + 'name' => __('Meta field Editor'), + 'sort' => 'perm_meta_field_editor', + 'data_path' => 'perm_meta_field_editor', + 'element' => 'boolean' + ], [ 'name' => 'Default', 'sort' => 'is_default',