Skip to content

Commit

Permalink
Display: Allow limited view access to non-destructive edit-only featu…
Browse files Browse the repository at this point in the history 
…res (#2718)
  • Loading branch information
@mgbaybay
mgbaybay authored Aug 29, 2024
1 parent ebe79bc commit 30587e3
Show file tree
Hide file tree
Showing 3 changed files with 140 additions and 96 deletions.
130 changes: 69 additions & 61 deletions lib/Controller/Display.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1005,33 +1005,36 @@ public function grid(Request $request, Response $response)
);
}

if ($this->getUser()->featureEnabled('displays.modify')
&& $this->getUser()->checkEditable($display)
// Check if limited view access is allowed
if (($this->getUser()->featureEnabled('displays.modify') && $this->getUser()->checkEditable($display))
|| $this->getUser()->featureEnabled('displays.limitedView')
) {
if ($this->getUser()->featureEnabled('layout.view')) {
$display->buttons[] = [
'id' => 'display_button_layouts_jump',
'linkType' => '_self',
'external' => true,
'url' => $this->urlFor($request, 'layout.view')
. '?activeDisplayGroupId=' . $display->displayGroupId,
'text' => __('Jump to Scheduled Layouts')
];
}
if ($this->getUser()->checkEditable($display)) {
if ($this->getUser()->featureEnabled('layout.view')) {
$display->buttons[] = [
'id' => 'display_button_layouts_jump',
'linkType' => '_self',
'external' => true,
'url' => $this->urlFor($request, 'layout.view')
. '?activeDisplayGroupId=' . $display->displayGroupId,
'text' => __('Jump to Scheduled Layouts')
];
}

// File Associations
$display->buttons[] = array(
'id' => 'displaygroup_button_fileassociations',
'url' => $this->urlFor($request, 'displayGroup.media.form', ['id' => $display->displayGroupId]),
'text' => __('Assign Files')
);
// File Associations
$display->buttons[] = array(
'id' => 'displaygroup_button_fileassociations',
'url' => $this->urlFor($request, 'displayGroup.media.form', ['id' => $display->displayGroupId]),
'text' => __('Assign Files')
);

// Layout Assignments
$display->buttons[] = array(
'id' => 'displaygroup_button_layout_associations',
'url' => $this->urlFor($request, 'displayGroup.layout.form', ['id' => $display->displayGroupId]),
'text' => __('Assign Layouts')
);
// Layout Assignments
$display->buttons[] = array(
'id' => 'displaygroup_button_layout_associations',
'url' => $this->urlFor($request, 'displayGroup.layout.form', ['id' => $display->displayGroupId]),
'text' => __('Assign Layouts')
);
}

// Screen Shot
$display->buttons[] = [
Expand Down Expand Up @@ -1085,43 +1088,45 @@ public function grid(Request $request, Response $response)
]
];

// Trigger webhook
$display->buttons[] = [
'id' => 'display_button_trigger_webhook',
'url' => $this->urlFor(
$request,
'displayGroup.trigger.webhook.form',
['id' => $display->displayGroupId]
),
'text' => __('Trigger a web hook'),
'multi-select' => true,
'dataAttributes' => [
[
'name' => 'commit-url',
'value' => $this->urlFor(
$request,
'displayGroup.action.trigger.webhook',
['id' => $display->displayGroupId]
)
],
['name' => 'commit-method', 'value' => 'post'],
['name' => 'id', 'value' => 'display_button_trigger_webhook'],
['name' => 'sort-group', 'value' => 3],
['name' => 'text', 'value' => __('Trigger a web hook')],
['name' => 'rowtitle', 'value' => $display->display],
['name' => 'form-callback', 'value' => 'triggerWebhookMultiSelectFormOpen']
]
];

if ($this->getUser()->isSuperAdmin()) {
if ($this->getUser()->checkEditable($display)) {
// Trigger webhook
$display->buttons[] = [
'id' => 'display_button_purgeAll',
'url' => $this->urlFor($request, 'display.purge.all.form', ['id' => $display->displayId]),
'text' => __('Purge All')
'id' => 'display_button_trigger_webhook',
'url' => $this->urlFor(
$request,
'displayGroup.trigger.webhook.form',
['id' => $display->displayGroupId]
),
'text' => __('Trigger a web hook'),
'multi-select' => true,
'dataAttributes' => [
[
'name' => 'commit-url',
'value' => $this->urlFor(
$request,
'displayGroup.action.trigger.webhook',
['id' => $display->displayGroupId]
)
],
['name' => 'commit-method', 'value' => 'post'],
['name' => 'id', 'value' => 'display_button_trigger_webhook'],
['name' => 'sort-group', 'value' => 3],
['name' => 'text', 'value' => __('Trigger a web hook')],
['name' => 'rowtitle', 'value' => $display->display],
['name' => 'form-callback', 'value' => 'triggerWebhookMultiSelectFormOpen']
]
];
}

$display->buttons[] = ['divider' => true];
if ($this->getUser()->isSuperAdmin()) {
$display->buttons[] = [
'id' => 'display_button_purgeAll',
'url' => $this->urlFor($request, 'display.purge.all.form', ['id' => $display->displayId]),
'text' => __('Purge All')
];
}

$display->buttons[] = ['divider' => true];
}
}

if ($this->getUser()->featureEnabled('displays.modify')
Expand Down Expand Up @@ -2187,7 +2192,8 @@ public function screenShot(Request $request, Response $response, $id)
{
$display = $this->displayFactory->getById($id);

if (!$this->getUser()->checkViewable($display)) {
// Allow limited view access
if (!$this->getUser()->checkViewable($display) && !$this->getUser()->featureEnabled('displays.limitedView')) {
throw new AccessDeniedException();
}

Expand Down Expand Up @@ -2247,7 +2253,8 @@ public function requestScreenShotForm(Request $request, Response $response, $id)
{
$display = $this->displayFactory->getById($id);

if (!$this->getUser()->checkViewable($display)) {
// Allow limited view access
if (!$this->getUser()->checkViewable($display) && !$this->getUser()->featureEnabled('displays.limitedView')) {
throw new AccessDeniedException();
}

Expand Down Expand Up @@ -2305,7 +2312,8 @@ public function requestScreenShot(Request $request, Response $response, $id)
{
$display = $this->displayFactory->getById($id);

if (!$this->getUser()->checkViewable($display)) {
// Allow limited view access
if (!$this->getUser()->checkViewable($display) && !$this->getUser()->featureEnabled('displays.limitedView')) {
throw new AccessDeniedException();
}

Expand Down
96 changes: 61 additions & 35 deletions lib/Controller/DisplayGroup.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -399,11 +399,11 @@ public function grid(Request $request, Response $response)
];
}

$group->buttons[] = ['divider' => true];

if ($this->getUser()->featureEnabled('displaygroup.modify')
&& $this->getUser()->checkEditable($group)
) {
$group->buttons[] = ['divider' => true];

// File Associations
$group->buttons[] = [
'id' => 'displaygroup_button_fileassociations',
Expand Down Expand Up @@ -460,11 +460,16 @@ public function grid(Request $request, Response $response)
];
}

if ($this->getUser()->featureEnabled('displaygroup.modify')
&& $this->getUser()->checkEditable($group)
// Check if limited view access is allowed
if (($this->getUser()->featureEnabled('displaygroup.modify') && $this->getUser()->checkEditable($group))
|| $this->getUser()->featureEnabled('displaygroup.limitedView')
) {
$group->buttons[] = ['divider' => true];

if ($this->getUser()->checkEditable($group)) {
$group->buttons[] = ['divider' => true];
}

// Send command
$group->buttons[] = [
'id' => 'displaygroup_button_command',
'url' => $this->urlFor($request, 'displayGroup.command.form', ['id' => $group->displayGroupId]),
Expand All @@ -488,6 +493,7 @@ public function grid(Request $request, Response $response)
]
];

// Collect Now
$group->buttons[] = [
'id' => 'displaygroup_button_collectNow',
'url' => $this->urlFor($request, 'displayGroup.collectNow.form', ['id' => $group->displayGroupId]),
Expand All @@ -505,32 +511,34 @@ public function grid(Request $request, Response $response)
]
];

// Trigger webhook
$group->buttons[] = [
'id' => 'displaygroup_button_trigger_webhook',
'url' => $this->urlFor(
$request,
'displayGroup.trigger.webhook.form',
['id' => $group->displayGroupId]
),
'text' => __('Trigger a web hook'),
'multi-select' => true,
'dataAttributes' => [
[
'name' => 'commit-url',
'value' => $this->urlFor(
$request,
'displayGroup.action.trigger.webhook',
['id' => $group->displayGroupId]
)
],
['name' => 'commit-method', 'value' => 'post'],
['name' => 'id', 'value' => 'displaygroup_button_trigger_webhook'],
['name' => 'text', 'value' => __('Trigger a web hook')],
['name' => 'rowtitle', 'value' => $group->displayGroup],
['name' => 'form-callback', 'value' => 'triggerWebhookMultiSelectFormOpen']
]
];
if ($this->getUser()->checkEditable($group)) {
// Trigger webhook
$group->buttons[] = [
'id' => 'displaygroup_button_trigger_webhook',
'url' => $this->urlFor(
$request,
'displayGroup.trigger.webhook.form',
['id' => $group->displayGroupId]
),
'text' => __('Trigger a web hook'),
'multi-select' => true,
'dataAttributes' => [
[
'name' => 'commit-url',
'value' => $this->urlFor(
$request,
'displayGroup.action.trigger.webhook',
['id' => $group->displayGroupId]
)
],
['name' => 'commit-method', 'value' => 'post'],
['name' => 'id', 'value' => 'displaygroup_button_trigger_webhook'],
['name' => 'text', 'value' => __('Trigger a web hook')],
['name' => 'rowtitle', 'value' => $group->displayGroup],
['name' => 'form-callback', 'value' => 'triggerWebhookMultiSelectFormOpen']
]
];
}
}
}

Expand Down Expand Up @@ -1949,7 +1957,12 @@ public function collectNowForm(Request $request, Response $response, $id)
{
$displayGroup = $this->displayGroupFactory->getById($id);

if (!$this->getUser()->checkEditable($displayGroup)) {
// Non-destructive edit-only feature; allow limited view access
if (
!$this->getUser()->checkEditable($displayGroup)
&& !$this->getUser()->featureEnabled('displays.limitedView')
&& !$this->getUser()->featureEnabled('displaygroup.limitedView')
) {
throw new AccessDeniedException();
}

Expand Down Expand Up @@ -1995,7 +2008,12 @@ public function collectNow(Request $request, Response $response, $id)
{
$displayGroup = $this->displayGroupFactory->getById($id);

if (!$this->getUser()->checkEditable($displayGroup)) {
// Non-destructive edit-only feature; allow limited view access
if (
!$this->getUser()->checkEditable($displayGroup)
&& !$this->getUser()->featureEnabled('displays.limitedView')
&& !$this->getUser()->featureEnabled('displaygroup.limitedView')
) {
throw new AccessDeniedException();
}

Expand Down Expand Up @@ -2423,7 +2441,11 @@ public function commandForm(Request $request, Response $response, $id)
{
$displayGroup = $this->displayGroupFactory->getById($id);

if (!$this->getUser()->checkEditable($displayGroup)) {
// Non-destructive edit-only feature; allow limited view access
if (
!$this->getUser()->checkEditable($displayGroup)
&& !$this->getUser()->featureEnabled('displaygroup.limitedView')
) {
throw new AccessDeniedException();
}

Expand Down Expand Up @@ -2484,7 +2506,11 @@ public function command(Request $request, Response $response, $id)
$displayGroup = $this->displayGroupFactory->getById($id);
$sanitizedParams = $this->getSanitizer($request->getParams());

if (!$this->getUser()->checkEditable($displayGroup)) {
// Non-destructive edit-only feature; allow limited view access
if (
!$this->getUser()->checkEditable($displayGroup)
&& !$this->getUser()->featureEnabled('displaygroup.limitedView')
) {
throw new AccessDeniedException();
}

Expand Down
10 changes: 10 additions & 0 deletions lib/Factory/UserGroupFactory.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -760,6 +760,11 @@ public function getFeatures()
'group' => 'displays',
'title' => __('Allow edits including deletion for all added Displays')
],
'displays.limitedView' => [
'feature' => 'displays.limitedView',
'group' => 'displays',
'title' => __('Allow access to non-destructive edit-only features')
],
'displaygroup.view' => [
'feature' => 'displaygroup.view',
'group' => 'displays',
Expand All @@ -775,6 +780,11 @@ public function getFeatures()
'group' => 'displays',
'title' => __('Allow edits including deletion for all created Display Groups')
],
'displaygroup.limitedView' => [
'feature' => 'displaygroup.limitedView',
'group' => 'displays',
'title' => __('Allow access to non-destructive edit-only features in a Display Group')
],
'displayprofile.view' => [
'feature' => 'displayprofile.view',
'group' => 'displays',
Expand Down

0 comments on commit 30587e3

Please sign in to comment.