EZP-29742: Implement permissions for Content/Create in Content item view #713
Conversation
mikadamczyk
force-pushed
the
EZP-29742-wip
branch
from
1435abc to
51d7a63
Compare
mikadamczyk
force-pushed
the
EZP-29742-wip
branch
from
ab69c5d to
ac60882
Compare
| use EzSystems\EzPlatformAdminUi\Util\PermissionUtilInterface; | ||
| use eZ\Publish\API\Repository\Values\ContentType\ContentType; | ||
|
|
||
| class PermissionAwareContentTypeChoiceListProvider implements ChoiceListProviderInterface |
There was a problem hiding this comment.
No need to provide your own interface: Symfony\Component\Form\ChoiceList\Loader\ChoiceLoaderInterface
|
|
||
| use eZ\Publish\API\Repository\Values\Content\Location; | ||
|
|
||
| interface PermissionUtilInterface |
There was a problem hiding this comment.
Utility class with an interface is bad by a design. This is clearly more than a utility class thus it can be renamed to e.g. PermissionChecker. Also I'd think about extracting some parts to other classes i.e. part related to user groups.
src/lib/Util/PermissionUtil.php
Outdated
| @@ -18,8 +141,14 @@ class PermissionUtil | |||
| * | |||
| * @return array | |||
| */ | |||
| public function flattenArrayOfLimitations(array $hasAccess): array | |||
| private function flattenArrayOfLimitationsForCurrentUser(array $hasAccess): array | |||
There was a problem hiding this comment.
If you go as far as changing class name please leave original PermissionUtil in place to avoid breaking changes (here you are changing method visibility).
|
|
||
| EzSystems\EzPlatformAdminUi\Form\Type\ChoiceList\Provider\ContentTypeChoiceListProvider: ~ | ||
|
|
||
| EzSystems\EzPlatformAdminUi\Form\Type\ChoiceList\Provider\LanguageChoiceListProvider: |
There was a problem hiding this comment.
Idea behind services/ directory was that we put service definitions there to avoid services.yml getting bloated.
mikadamczyk
force-pushed
the
EZP-29742-wip
branch
3 times, most recently
from
7fe4dae to
6c703dd
Compare
mikadamczyk
force-pushed
the
EZP-29742-wip
branch
from
6c703dd to
a3a4bd8
Compare
| } | ||
|
|
||
| /** | ||
| * @return array |
There was a problem hiding this comment.
| * @return array | |
| {@inheritdoc} |
| } | ||
|
|
||
| /** | ||
| * @return array |
There was a problem hiding this comment.
| * @return array | |
| * {@inheritdoc} |
| } | ||
|
|
||
| public function buildForm(FormBuilderInterface $builder, array $options) | ||
| { | ||
| dump($this->languageChoiceLoader); |
There was a problem hiding this comment.
| dump($this->languageChoiceLoader); |
| } | ||
|
|
||
| /** | ||
| * @return array |
There was a problem hiding this comment.
| * @return array | |
| * {@inheritdoc} |
| /** @var \eZ\Publish\API\Repository\LanguageService */ | ||
| protected $languageService; | ||
|
|
||
| /** @var array */ |
There was a problem hiding this comment.
| /** @var array */ | |
| /** @var string[] */ |
| return strpos($location->pathString, $restrictedSubtree) === 0; | ||
| })); | ||
|
|
||
| return $canCreateInParentContentType |
There was a problem hiding this comment.
There is no need to check further criterions if $canCreateInParentContentType fails, etc. so we should return false immediately without further checks.
mikadamczyk
force-pushed
the
EZP-29742-wip
branch
from
a3a4bd8 to
aa79e65
Compare
| public: false | ||
|
|
||
| EzSystems\EzPlatformAdminUi\Permission\: | ||
| resource: "../../../lib/Permission" |
There was a problem hiding this comment.
Quite risky. Given Permission is a broad namespace you might not want every class to become a service.
|
|
||
| return $contentTypes; | ||
| }), | ||
| 'choice_loader' => $this->contentTypeChoiceLoader, |
There was a problem hiding this comment.
Does it need to be registered as a service? I'm pretty sure in Symfony's codebase they are initializing ChoiceLoaders on demand which for me makes sense as ChoiceLoader living in the container wastes memory. Large number of services makes your application slower.
Okay it would make Type class bloated with dependencies so I'm fine with your code.
|
|
||
| class PermissionChecker implements PermissionCheckerInterface | ||
| { | ||
| private const USER_GROUPS_LIMIT = 1; |
There was a problem hiding this comment.
Limit of one will make large number of queries to the database.
| * | ||
| * @return bool | ||
| */ | ||
| public function canCreateInLocation(Location $location, $hasAccess): bool; |
There was a problem hiding this comment.
I'd like to hear others opinion on this but for me Permission namespace is very broad so PermissionCheckerInterface having canCreateInLocation method makes it badly designed. It should has more specific name i.e. LocationBasedPermissionCheckerInterface or the method should be a part of completely different interface.
There was a problem hiding this comment.
You might be right, but for now, it's fine. If this class will begin to gain weight then we will refactor it by splitting into more specific classes.
mikadamczyk
force-pushed
the
EZP-29742-wip
branch
from
aa79e65 to
73943b8
Compare
mikadamczyk
changed the title
|
Works fine. After rebasing and retesting https://github.com/ezsystems/ezplatform-page-builder/pull/262#issuecomment-439427895 it can be approved by QA. |
…iew - refactor for assign section
…iew - choice loaders
…iew - content create policy in UDW
mikadamczyk
force-pushed
the
EZP-29742-wip
branch
from
73943b8 to
b169ec9
Compare
This PR adds additional checks when a user tries to add new content. If the user has no permission to create content in location than "create button" is disabled. When user can create content only in some of languages or CT those lists are limited.
https://github.com/ezsystems/ezplatform-page-builder/pull/262
Checklist:
$ composer fix-cs)