From d7cc07b05512d860ff14b0c35088d623632a7160 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Miko=C5=82aj=20Adamczyk?= Date: Tue, 15 May 2018 09:38:48 +0200 Subject: [PATCH] EZP-29160: Hide Roles and Policies tab if the user does not have "Role/Read" permission --- src/lib/Tab/LocationView/PoliciesTab.php | 16 +++++++++++++++- src/lib/Tab/LocationView/RolesTab.php | 16 +++++++++++++++- 2 files changed, 30 insertions(+), 2 deletions(-) diff --git a/src/lib/Tab/LocationView/PoliciesTab.php b/src/lib/Tab/LocationView/PoliciesTab.php index 959b21e2ad..51ddeb2176 100644 --- a/src/lib/Tab/LocationView/PoliciesTab.php +++ b/src/lib/Tab/LocationView/PoliciesTab.php @@ -19,6 +19,7 @@ use Pagerfanta\Pagerfanta; use Symfony\Component\Translation\TranslatorInterface; use Twig\Environment; +use eZ\Publish\API\Repository\PermissionResolver; class PoliciesTab extends AbstractTab implements OrderedTabInterface, ConditionalTabInterface { @@ -33,25 +34,31 @@ class PoliciesTab extends AbstractTab implements OrderedTabInterface, Conditiona /** @var array */ private $userGroupContentTypeIdentifier; + /** @var \eZ\Publish\API\Repository\PermissionResolver */ + protected $permissionResolver; + /** * @param \Twig\Environment $twig * @param \Symfony\Component\Translation\TranslatorInterface $translator * @param \EzSystems\EzPlatformAdminUi\UI\Dataset\DatasetFactory $datasetFactory * @param array $userContentTypeIdentifier * @param array $userGroupContentTypeIdentifier + * @param \eZ\Publish\API\Repository\PermissionResolver $permissionResolver */ public function __construct( Environment $twig, TranslatorInterface $translator, DatasetFactory $datasetFactory, array $userContentTypeIdentifier, - array $userGroupContentTypeIdentifier + array $userGroupContentTypeIdentifier, + PermissionResolver $permissionResolver ) { parent::__construct($twig, $translator); $this->datasetFactory = $datasetFactory; $this->userContentTypeIdentifier = $userContentTypeIdentifier; $this->userGroupContentTypeIdentifier = $userGroupContentTypeIdentifier; + $this->permissionResolver = $permissionResolver; } /** @@ -87,9 +94,16 @@ public function getOrder(): int * @param array $parameters * * @return bool + * + * @throws \eZ\Publish\API\Repository\Exceptions\BadStateException + * @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException */ public function evaluate(array $parameters): bool { + if (false === $this->permissionResolver->canUser('role', 'read', $parameters['content'])) { + return false; + } + /** @var \eZ\Publish\API\Repository\Values\ContentType\ContentType $contentType */ $contentType = $parameters['contentType']; diff --git a/src/lib/Tab/LocationView/RolesTab.php b/src/lib/Tab/LocationView/RolesTab.php index 84a07f7214..7b11acd204 100644 --- a/src/lib/Tab/LocationView/RolesTab.php +++ b/src/lib/Tab/LocationView/RolesTab.php @@ -19,6 +19,7 @@ use Pagerfanta\Pagerfanta; use Symfony\Component\Translation\TranslatorInterface; use Twig\Environment; +use eZ\Publish\API\Repository\PermissionResolver; class RolesTab extends AbstractTab implements OrderedTabInterface, ConditionalTabInterface { @@ -33,25 +34,31 @@ class RolesTab extends AbstractTab implements OrderedTabInterface, ConditionalTa /** @var array */ private $userGroupContentTypeIdentifier; + /** @var \eZ\Publish\API\Repository\PermissionResolver */ + protected $permissionResolver; + /** * @param \Twig\Environment $twig * @param \Symfony\Component\Translation\TranslatorInterface $translator * @param \EzSystems\EzPlatformAdminUi\UI\Dataset\DatasetFactory $datasetFactory * @param array $userContentTypeIdentifier * @param array $userGroupContentTypeIdentifier + * @param \eZ\Publish\API\Repository\PermissionResolver $permissionResolver */ public function __construct( Environment $twig, TranslatorInterface $translator, DatasetFactory $datasetFactory, array $userContentTypeIdentifier, - array $userGroupContentTypeIdentifier + array $userGroupContentTypeIdentifier, + PermissionResolver $permissionResolver ) { parent::__construct($twig, $translator); $this->datasetFactory = $datasetFactory; $this->userContentTypeIdentifier = $userContentTypeIdentifier; $this->userGroupContentTypeIdentifier = $userGroupContentTypeIdentifier; + $this->permissionResolver = $permissionResolver; } /** @@ -87,9 +94,16 @@ public function getOrder(): int * @param array $parameters * * @return bool + * + * @throws \eZ\Publish\API\Repository\Exceptions\BadStateException + * @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException */ public function evaluate(array $parameters): bool { + if (false === $this->permissionResolver->canUser('role', 'read', $parameters['content'])) { + return false; + } + /** @var \eZ\Publish\API\Repository\Values\ContentType\ContentType $contentType */ $contentType = $parameters['contentType'];