EZP-29734: As an Administrator I want to add Content Type limitation for Section/Assign policy #696
Conversation
mikadamczyk
requested review from
adamwojs,
Nattfarinn,
webhdx,
ViniTou,
sunpietro and
dew326
| public function onUdwConfigResolve(ConfigResolveEvent $event): void | ||
| { | ||
| $configName = $event->getConfigName(); | ||
| if ('single' !== $configName && 'multiple' !== $configName) { |
There was a problem hiding this comment.
I'm not sure if we need to check for single - I think we have only multiple.
mikadamczyk
force-pushed
the
EZP-29734
branch
from
2346772 to
5c88119
Compare
mikadamczyk
force-pushed
the
EZP-29734
branch
from
5c88119 to
3b31fe0
Compare
| $allowedContentTypesIds = array_unique(array_merge(...$allowedContentTypesIds)); | ||
| foreach ($allowedContentTypesIds as $allowedContentTypeId) { | ||
| try { | ||
| $identifier = $this->contentTypeService->loadContentType($allowedContentTypeId)->identifier; |
There was a problem hiding this comment.
This won't be very efficient, better if you can use ContentTypeService->loadContentTypeList($allowedContentTypesIds), to do that we need a second review of ezsystems/ezpublish-kernel#2444
Besides repeated loads that would avoid the loop and the try block (invalid content type id's will simply not be returned, just like the logic here already does)
| * | ||
| * @return array | ||
| */ | ||
| public function flattenArrayOfLimitations(array $hasAccess): array |
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
| $this->permissionUtil = $permissionUtil; | ||
| $this->contentTypeService = $contentTypeService; | ||
| $hasAccess = $permissionResolver->hasAccess('section', 'assign'); | ||
| $this->allowedContentTypesIdentifiers = is_array($hasAccess) ? $this->checkAllowedContentTypes($hasAccess) : []; |
There was a problem hiding this comment.
shouldn't this be filled with all content types if $hasAccess is true? otherwise layer above would need to second guess if empty array means false or true, or?
| foreach ($this->permissionUtil->flattenArrayOfLimitations($hasAccess) as $limitation) { | ||
| if ($limitation instanceof NewSectionLimitation) { | ||
| // If one of user limitation is NewSectionLimitation we check if user can assign Content to $section | ||
| return in_array($section->id, $limitation->limitationValues); |
There was a problem hiding this comment.
As this is iterating several roles and policies, this should not return here unless value is true.
Afaik you can do like in checkAllowedContentTypes() and collect all allowed sections before you do a in_array.
| @@ -490,9 +507,25 @@ private function getSectionsNumbers(array $sections): array | |||
| * @param \eZ\Publish\API\Repository\Values\Content\Section $section | |||
| * | |||
| * @return bool | |||
| * | |||
| * @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException | |||
| */ | |||
| private function canUserAssignSectionToAnyContent(Section $section): bool | |||
There was a problem hiding this comment.
naming, but something like canUserAssignSectionToSomeContent might be more fitting, given a true here is more like a "maybe", while a false is pretty accurate.
mikadamczyk
force-pushed
the
EZP-29734
branch
from
3b31fe0 to
fb83d01
Compare
|
@adamwojs can you take a look at it? |
Actual result: Error 403 is show: Access denied |
|
For Admin user after publishing an Article error 500 is thrown:
Actual result: Error 500 is thrown: None of the routers in the chain matched url '/admin/content/location/61' but article was published. For editor user (with policies mentioned above) everything works fine. |
mikadamczyk
force-pushed
the
EZP-29734
branch
3 times, most recently
from
a27a265 to
01b629e
Compare
|
@mikadamczyk could you rebase here, as I merged #695 |
…for Section/Assign policy
mikadamczyk
force-pushed
the
EZP-29734
branch
from
01b629e to
682adaf
Compare
|
@lserwatka done |
Checklist:
$ composer fix-cs)