From a41609b87445daaab023554e95280fe8bb6f5f99 Mon Sep 17 00:00:00 2001 From: lukmzig <30526586+lukmzig@users.noreply.github.com> Date: Mon, 20 Jan 2025 12:00:44 +0100 Subject: [PATCH] [Fix]: Add root node permissions (#279) * fix: add missing root node permissions * Apply php-cs-fixer changes * fix: STAN * try to specify server version * try to specify server version * try to specify server version * try to specify server version * fix: codeception * fix: tests --------- Co-authored-by: lukmzig --- .../workflows/elastic-search-codeception.yaml | 2 +- .../workflows/open-search-codeception.yaml | 2 +- .github/workflows/static-analysis.yaml | 2 +- src/Service/Permission/PermissionService.php | 33 +++++++++++++++---- .../Permission/PermissionServiceTest.php | 24 ++++++++------ 5 files changed, 44 insertions(+), 19 deletions(-) diff --git a/.github/workflows/elastic-search-codeception.yaml b/.github/workflows/elastic-search-codeception.yaml index 4d6ddeb8..85af6b3e 100644 --- a/.github/workflows/elastic-search-codeception.yaml +++ b/.github/workflows/elastic-search-codeception.yaml @@ -30,7 +30,7 @@ jobs: strategy: matrix: include: - - { php-version: "8.3", dependencies: "highest", pimcore_version: "11.x-dev as 11.99.9", experimental: true, search_engine: "elasticsearch"} + - { php-version: "8.3", dependencies: "highest", pimcore_version: "^11.5", experimental: true, search_engine: "elasticsearch"} services: mariadb: diff --git a/.github/workflows/open-search-codeception.yaml b/.github/workflows/open-search-codeception.yaml index 66a796c3..df4132d1 100644 --- a/.github/workflows/open-search-codeception.yaml +++ b/.github/workflows/open-search-codeception.yaml @@ -32,7 +32,7 @@ jobs: include: - { php-version: "8.2", dependencies: "lowest", pimcore_version: "", experimental: false, search_engine: "openSearch" } - { php-version: "8.3", dependencies: "highest", pimcore_version: "", experimental: false, search_engine: "openSearch"} - - { php-version: "8.3", dependencies: "highest", pimcore_version: "11.x-dev as 11.99.9", experimental: true, search_engine: "openSearch"} + - { php-version: "8.3", dependencies: "highest", pimcore_version: "^11.5", experimental: true, search_engine: "openSearch"} services: mariadb: diff --git a/.github/workflows/static-analysis.yaml b/.github/workflows/static-analysis.yaml index 64949c92..0298bffd 100644 --- a/.github/workflows/static-analysis.yaml +++ b/.github/workflows/static-analysis.yaml @@ -26,7 +26,7 @@ jobs: include: - { php-version: "8.2", dependencies: "lowest", experimental: false } - { php-version: "8.3", dependencies: "highest", experimental: false } - - { php-version: "8.3", dependencies: "highest", pimcore_version: "11.x-dev as 11.99.9", experimental: true } + - { php-version: "8.3", dependencies: "highest", pimcore_version: "^11.5", experimental: true } steps: - name: "Checkout code" uses: "actions/checkout@v2" diff --git a/src/Service/Permission/PermissionService.php b/src/Service/Permission/PermissionService.php index e0652e48..e05a3d12 100644 --- a/src/Service/Permission/PermissionService.php +++ b/src/Service/Permission/PermissionService.php @@ -50,10 +50,11 @@ public function getAssetPermissions( /** @var AssetPermissions $permissions */ $permissions = $this->getPermissions( elementPath: $asset->getFullPath(), + parentId: $asset->getParentId(), permissionsType: AssetWorkspace::WORKSPACE_TYPE, defaultPermissions: $permissions, user: $user - ) ?? $permissions; + ); return $this->eventService->dispatchAssetSearchEvent($asset, $permissions)->getPermissions(); } @@ -66,10 +67,11 @@ public function getDocumentPermissions( /** @var DocumentPermissions $permissions */ $permissions = $this->getPermissions( elementPath: $document->getFullPath(), + parentId: $document->getParentId(), permissionsType: DocumentWorkspace::WORKSPACE_TYPE, defaultPermissions: $permissions, user: $user - ) ?? $permissions; + ); return $this->eventService->dispatchDocumentSearchEvent($document, $permissions)->getPermissions(); } @@ -82,10 +84,11 @@ public function getDataObjectPermissions( /** @var DataObjectPermissions $permissions */ $permissions = $this->getPermissions( elementPath: $object->getFullPath(), + parentId: $object->getParentId(), permissionsType: DataObjectWorkspace::WORKSPACE_TYPE, defaultPermissions: $permissions, user: $user, - ) ?? $permissions; + ); return $this->eventService->dispatchDataObjectSearchEvent($object, $permissions)->getPermissions(); } @@ -111,17 +114,18 @@ public function getPermissionValue(BasePermissions $permissions, string $permiss private function getPermissions( string $elementPath, + int $parentId, string $permissionsType, BasePermissions $defaultPermissions, ?User $user - ): ?BasePermissions { + ): BasePermissions { $adminPermissions = $this->getAdminUserPermissions( $user, $defaultPermissions ); if ($adminPermissions) { - return $adminPermissions; + return $this->addRootNodePermissions($elementPath, $parentId, $adminPermissions); } $userWorkspaces = $this->workspaceService->getRelevantWorkspaces( @@ -136,8 +140,9 @@ private function getPermissions( $elementPath ); } + $permissions = $this->getPermissionsFromWorkspaces($userWorkspaces, $userRoleWorkspaces) ?? $defaultPermissions; - return $this->getPermissionsFromWorkspaces($userWorkspaces, $userRoleWorkspaces); + return $this->addRootNodePermissions($elementPath, $parentId, $permissions); } private function getAdminUserPermissions( @@ -206,4 +211,20 @@ private function addRelevantRolePermissions( return $workspacePermissions; } + + private function addRootNodePermissions( + string $fullPath, + int $parentId, + BasePermissions $permissions + ): BasePermissions { + if ($fullPath === '/' && $parentId === 0) { + $permissions->setDelete(false); + $permissions->setRename(false); + if (method_exists($permissions, 'setUnpublish')) { + $permissions->setUnpublish(false); + } + } + + return $permissions; + } } diff --git a/tests/Unit/Service/Permission/PermissionServiceTest.php b/tests/Unit/Service/Permission/PermissionServiceTest.php index ef630d61..7ae87be4 100644 --- a/tests/Unit/Service/Permission/PermissionServiceTest.php +++ b/tests/Unit/Service/Permission/PermissionServiceTest.php @@ -54,9 +54,9 @@ final class PermissionServiceTest extends Unit public function _before(): void { $this->user = new User(); - $this->assetSearchResult = new AssetSearchResultItem(); - $this->dataObjectSearchResult = new DataObjectSearchResultItem(); - $this->documentSearchResultItem = new DocumentSearchResultItem(); + $this->assetSearchResult = (new AssetSearchResultItem())->setParentId(1); + $this->dataObjectSearchResult = (new DataObjectSearchResultItem())->setParentId(1); + $this->documentSearchResultItem = (new DocumentSearchResultItem())->setParentId(1); } public function testAssetPermissionWithUserOnRoot(): void @@ -67,13 +67,14 @@ public function testAssetPermissionWithUserOnRoot(): void type: AssetWorkspace::WORKSPACE_TYPE )]); $assetPermission = $this->getPermissionServiceWithUser()->getAssetPermissions( - $this->assetSearchResult->setFullPath('/'), + $this->assetSearchResult->setParentId(0)->setFullPath('/'), $this->user ); $this->assertTrue($assetPermission->isView()); $this->assertTrue($assetPermission->isList()); $this->assertFalse($assetPermission->isDelete()); + $this->assertFalse($assetPermission->isRename()); } public function testAssetPermissionWithUserOnCustomPath(): void @@ -160,12 +161,13 @@ public function testAssetPermissionWithoutUserOnRoot(): void { $permissionService = $this->getPermissionServiceWithoutUser(); $assetPermission = $permissionService->getAssetPermissions( - $this->assetSearchResult->setFullPath('/'), + $this->assetSearchResult->setParentId(0)->setFullPath('/'), null ); $this->assertSame(self::DEFAULT_VALUE, $assetPermission->isList()); $this->assertSame(self::DEFAULT_VALUE, $assetPermission->isView()); $this->assertSame(self::DEFAULT_VALUE, $assetPermission->isRename()); + $this->assertSame(self::DEFAULT_VALUE, $assetPermission->isDelete()); } public function testObjectPermissionWithUserOnRoot(): void @@ -176,15 +178,16 @@ public function testObjectPermissionWithUserOnRoot(): void type: DataObjectWorkspace::WORKSPACE_TYPE )]); $permission = $this->getPermissionServiceWithUser()->getDataObjectPermissions( - $this->dataObjectSearchResult->setFullPath('/'), + $this->dataObjectSearchResult->setParentId(0)->setFullPath('/'), $this->user ); $this->assertTrue($permission->isView()); $this->assertTrue($permission->isList()); $this->assertTrue($permission->isPublish()); - $this->assertTrue($permission->isUnpublish()); $this->assertFalse($permission->isDelete()); + $this->assertFalse($permission->isUnpublish()); + $this->assertFalse($permission->isRename()); } public function testObjectPermissionWithUserOnCustomPath(): void @@ -272,7 +275,7 @@ public function testObjectPermissionWithoutUserOnRoot(): void { $permissionService = $this->getPermissionServiceWithoutUser(); $permission = $permissionService->getDataObjectPermissions( - $this->dataObjectSearchResult->setFullPath('/'), + $this->dataObjectSearchResult->setParentId(0)->setFullPath('/'), null ); @@ -290,15 +293,16 @@ public function testDocumentPermissionWithUserOnRoot(): void type: DocumentWorkspace::WORKSPACE_TYPE )]); $permission = $this->getPermissionServiceWithUser()->getDocumentPermissions( - $this->documentSearchResultItem->setFullPath('/'), + $this->documentSearchResultItem->setParentId(0)->setFullPath('/'), $this->user ); $this->assertTrue($permission->isView()); $this->assertTrue($permission->isSave()); $this->assertTrue($permission->isPublish()); - $this->assertTrue($permission->isUnpublish()); + $this->assertFalse($permission->isUnpublish()); $this->assertFalse($permission->isList()); + $this->assertFalse($permission->isDelete()); } public function testDocumentPermissionWithUserOnCustomPath(): void