(feat) permissions rbac 600
Dynamic calculation of Mind's entities using flags defined in Zend's RBAC framework
Just the roles right now, will be adding permissions as we go.
Setup a new manager that takes a user and a list of entities.
Based on the user's relationship to the entity, it will return a Role object with all the derived flags
It returns a Permissions object which contains the Channels and the user's role within that channel Groups and the user's role within that group The entities themselves and the user's role for that entity
Full exportable as json on /v2/permissions/roles/{user guid}?guids[]=entity_guid&guids[]=entity_guid
changed milestone to %sprint: Kilted Koala
added Squad::Green scoped label
added 19 commits
- a362a518 - [Sprint/HipsterHedgehog] (fix): update thumbnails in activities
- 4f0eea59 - Merge branch 'fix/update-thumbnails-in-activities' into 'master'
- b14691c5 - [Sprint/GiddyGiraffe] (feat): ability for channels to self-declare nsfw
- b50c93d2 - Merge branch 'feat/self-declare-nsfw' into 'master'
- 84da7d65 - Sprint/JollyJellyfish: Filtering banned and deleted channels
- ef53036e - Merge branch 'fix/banned-suggested-channels-381' into 'master'
- f0a0a925 - Fixed forgot password validation
- 83d701b4 - Merge branch 'forgot-password-validation-fix-560' into 'master'
- bbf41c60 - [Sprint/CleverChipmunk] (feat): ability to disable group conversations
- 5845f667 - Merge branch 'feat/disable-group-convos' into 'master'
- 14927878 - [Sprint/KiltedKoala] (fix): groups conversations issue
- 07015d77 - Merge branch 'fix/groups-conversation-issue' into 'master'
- dffd0a4e - (feat): introduce new mwa endpoint for pageview recording
- d14ac69a - (chore): change boost existing check to include approved too
- e0140852 - (revert): d14ac69a -> also includes revoked and completed"
- 3b7aafa9 - (chore): reduce boost offset to 2.5 minutes
- c5d27f85 - (fix): comment on reminds should not go to remind_object
- 9bd4d314 - (fix): correct labels for gitlab runners
- 526aae86 - Merge remote-tracking branch 'origin/master' into feature/permissions-rbac-600
Toggle commit list
Resolved by Brian Hatchet- Resolved by Brian Hatchet
added 1 commit
- 3b020fa8 - Feature complete, role parsing for groups and channels.
resolved all threads
unmarked as a Work In Progress
changed title from WIP: Feature/permissions rbac 600 to (feat) permissions rbac 600
changed the description
Resolved by Brian Hatchet- Resolved by Brian Hatchet
- Resolved by Brian Hatchet
- Resolved by Brian Hatchet
added MR::Requires Changes scoped label
resolved all threads
Last updated by Brian Hatchet3 namespace Minds\Core\Permissions\Delegates; 4 5 use Minds\Core\Permissions\Roles\Roles; 6 use Minds\Entities\User; 7 8 abstract class BaseRoleCalculator 9 { 10 /** @var Roles */ 11 protected $roles; 12 /** @var User */ 13 protected $user; 14 15 public function __construct(User $user, Roles $roles = null) 16 { 17 $this->roles = $roles ?: new Roles(); 18 $this->user = $user; - Developer
We're using __construct as DI (either instances or constant values).
$this->usershould be set by asetUser(User $user)setter. 
DeveloperEhh, I get that's our paradigm, but I think this is an appropriate user of setting forcing the permissions object to be contextualized to the user. This object will be popping up like kudzu and I'd rather make it hard to change the user per instance. I'll await @markeharding 's final ruling
- Last updated by Brian Hatchet
7 use Minds\Core\Permissions\Roles\Roles; 8 use Minds\Core\EntitiesBuilder; 9 use Minds\Entities\User; 10 11 class GroupRoleCalculator extends BaseRoleCalculator 12 { 13 use MagicAttributes; 14 15 /** @var EntitiesBuilder */ 16 private $entitiesBuilder; 17 /** @var array */ 18 private $groups = []; 19 20 public function __construct(User $user, Roles $roles, EntitiesBuilder $entitiesBuilder = null) 21 { 22 parent::__construct($user, $roles); - Developer
As stated in the comments above,
$this->usershould be handled by a setter. - Developer
knife fight
- Resolved by Brian Hatchet
32 $opts = array_merge([ 33 'user_guid' => null, 34 'guids' => [], 35 ], $opts); 36 37 if ($opts['user_guid'] === null) { 38 throw new \InvalidArgumentException('user_guid is required'); 53 39 } 54 40 55 foreach ($this->db->getRow('activity:entitylink:'.$entity->getGUID()) as $parentGuid => $ts) { 56 $activity = $this->entitiesBuilder->single($parentGuid); 57 $activity->setAllowComments($permissions->getAllowComments()); 58 $this->save 59 ->setEntity($activity) 60 ->save(); 41 $user = $this->entitiesBuilder->single($opts['user_guid']); - Developer
Just a note here: If we're using the user as a GUID placeholder (just to check subscriptions). I think that you might be able to just do:
$user = new User(); $user->set('guid', $opts['user_guid']);This is ONLY if you're NOT using '->username', '->admin', '->banned', etc.
26 private $entities; 27 /** @var ChannelRoleCalculator */ 28 private $channelRoleCalculator; 29 /** @var GroupRoleCalculator */ 30 private $groupRoleCalculator; 31 32 public function __construct(User $user, Roles $roles = null, EntitiesBuilder $entitiesBuilder) 33 { 34 $this->roles = $roles ?: new Roles(); 35 $this->user = $user; 36 $this->isAdmin = $user->isAdmin(); 37 $this->isBanned = $user->isBanned(); 38 $this->groups = []; 39 $this->channels = []; 40 $this->entities = []; 41 $this->channels[$user->getGUID()] = $user; - Developer
$this->usershould be provided via setter. Both here and in the calculators. On the calculators, I think they should be set on-the-fly before the calculation happens.