Merge pull request #470 from mikadamczyk/EZP-29160

EZP-29160: Hide Roles and Policies tab if the user does not have "Role/Read" permission
ezsystems · May 17, 2018 · 6139ba8 · 6139ba8
2 parents 5b6e85d + d7cc07b
commit 6139ba8
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 2 deletions.
diff --git a/src/lib/Tab/LocationView/PoliciesTab.php b/src/lib/Tab/LocationView/PoliciesTab.php
@@ -19,6 +19,7 @@
 use Pagerfanta\Pagerfanta;
 use Symfony\Component\Translation\TranslatorInterface;
 use Twig\Environment;
+use eZ\Publish\API\Repository\PermissionResolver;
 
 class PoliciesTab extends AbstractTab implements OrderedTabInterface, ConditionalTabInterface
 {
@@ -33,25 +34,31 @@ class PoliciesTab extends AbstractTab implements OrderedTabInterface, Conditiona
     /** @var array */
     private $userGroupContentTypeIdentifier;
 
+    /** @var \eZ\Publish\API\Repository\PermissionResolver */
+    protected $permissionResolver;
+
     /**
      * @param \Twig\Environment $twig
      * @param \Symfony\Component\Translation\TranslatorInterface $translator
      * @param \EzSystems\EzPlatformAdminUi\UI\Dataset\DatasetFactory $datasetFactory
      * @param array $userContentTypeIdentifier
      * @param array $userGroupContentTypeIdentifier
+     * @param \eZ\Publish\API\Repository\PermissionResolver $permissionResolver
      */
     public function __construct(
         Environment $twig,
         TranslatorInterface $translator,
         DatasetFactory $datasetFactory,
         array $userContentTypeIdentifier,
-        array $userGroupContentTypeIdentifier
+        array $userGroupContentTypeIdentifier,
+        PermissionResolver $permissionResolver
     ) {
         parent::__construct($twig, $translator);
 
         $this->datasetFactory = $datasetFactory;
         $this->userContentTypeIdentifier = $userContentTypeIdentifier;
         $this->userGroupContentTypeIdentifier = $userGroupContentTypeIdentifier;
+        $this->permissionResolver = $permissionResolver;
     }
 
     /**
@@ -87,9 +94,16 @@ public function getOrder(): int
      * @param array $parameters
      *
      * @return bool
+     *
+     * @throws \eZ\Publish\API\Repository\Exceptions\BadStateException
+     * @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException
      */
     public function evaluate(array $parameters): bool
     {
+        if (false === $this->permissionResolver->canUser('role', 'read', $parameters['content'])) {
+            return false;
+        }
+
         /** @var \eZ\Publish\API\Repository\Values\ContentType\ContentType $contentType */
         $contentType = $parameters['contentType'];
 

diff --git a/src/lib/Tab/LocationView/RolesTab.php b/src/lib/Tab/LocationView/RolesTab.php
@@ -19,6 +19,7 @@
 use Pagerfanta\Pagerfanta;
 use Symfony\Component\Translation\TranslatorInterface;
 use Twig\Environment;
+use eZ\Publish\API\Repository\PermissionResolver;
 
 class RolesTab extends AbstractTab implements OrderedTabInterface, ConditionalTabInterface
 {
@@ -33,25 +34,31 @@ class RolesTab extends AbstractTab implements OrderedTabInterface, ConditionalTa
     /** @var array */
     private $userGroupContentTypeIdentifier;
 
+    /** @var \eZ\Publish\API\Repository\PermissionResolver */
+    protected $permissionResolver;
+
     /**
      * @param \Twig\Environment $twig
      * @param \Symfony\Component\Translation\TranslatorInterface $translator
      * @param \EzSystems\EzPlatformAdminUi\UI\Dataset\DatasetFactory $datasetFactory
      * @param array $userContentTypeIdentifier
      * @param array $userGroupContentTypeIdentifier
+     * @param \eZ\Publish\API\Repository\PermissionResolver $permissionResolver
      */
     public function __construct(
         Environment $twig,
         TranslatorInterface $translator,
         DatasetFactory $datasetFactory,
         array $userContentTypeIdentifier,
-        array $userGroupContentTypeIdentifier
+        array $userGroupContentTypeIdentifier,
+        PermissionResolver $permissionResolver
     ) {
         parent::__construct($twig, $translator);
 
         $this->datasetFactory = $datasetFactory;
         $this->userContentTypeIdentifier = $userContentTypeIdentifier;
         $this->userGroupContentTypeIdentifier = $userGroupContentTypeIdentifier;
+        $this->permissionResolver = $permissionResolver;
     }
 
     /**
@@ -87,9 +94,16 @@ public function getOrder(): int
      * @param array $parameters
      *
      * @return bool
+     *
+     * @throws \eZ\Publish\API\Repository\Exceptions\BadStateException
+     * @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException
      */
     public function evaluate(array $parameters): bool
     {
+        if (false === $this->permissionResolver->canUser('role', 'read', $parameters['content'])) {
+            return false;
+        }
+
         /** @var \eZ\Publish\API\Repository\Values\ContentType\ContentType $contentType */
         $contentType = $parameters['contentType'];