Epic/permissions open channels
Let's get this closed off so we can get all the e2e tests up and running before I commit the next big block of permissions
Request to merge epic/permissions-open-channels into master
The source branch is 1 commit behind the target branch
0/14 threads resolved
changed milestone to %sprint: Modest Monkey
added Squad::Green scoped label
added 6 commits
- 34aca270...d684846f - 5 commits from branch
master - f7700208 - Merge remote-tracking branch 'origin/master' into epic/permissions-open-channels
- 34aca270...d684846f - 5 commits from branch
unmarked as a Work In Progress
changed the description
21 /** @var bool */ 22 private $isBanned = false; 23 /** @var User */ 24 private $user; 25 /** @var Roles */ 26 private $roles; 27 /** @var array */ 28 private $entities; 29 /** @var ChannelRoleCalculator */ 30 private $channelRoleCalculator; 31 /** @var GroupRoleCalculator */ 32 private $groupRoleCalculator; 33 /** @var EntitiesBuilder */ 34 private $entitiesBuilder; 35 36 public function setUser(User $user) 
OwnerReturn type would be nice
8 class ChannelRoleCalculator extends BaseRoleCalculator 9 { 10 use MagicAttributes; 11 12 private $channels = []; 13 14 /** 15 * Retrieves permissions for an entity relative to the user's role in a channel 16 * Retrieves the role from the in memory cache if we've seen this channel before during this request 17 * Else checks the user's membership against the channel. 18 * 19 * @param $entity an entity from a channel 20 * 21 * @return Role 22 */ 23 public function calculate($entity) - Owner
Return type would be nice
20 public function __construct(User $user, Roles $roles, EntitiesBuilder $entitiesBuilder = null) 21 { 22 parent::__construct($user, $roles); 23 $this->entitiesBuilder = $entitiesBuilder ?: Di::_()->get('EntitiesBuilder'); 24 } 25 26 /** 27 * Retrieves permissions for an entity relative to the user's role in a group 28 * Retrieves the role from the in memory cache if we've seen this group before during this request 29 * Else gets the group and checks the user's membership. 30 * 31 * @param $entity an entity belonging to a group 32 * 33 * @return Role 34 */ 35 public function calculate($entity) - Owner
Return type would be nice
23 public function __construct( 24 EntitiesBuilder $entitiesBuilder = null, 25 Call $db = null, 26 Save $save = null) 27 { 28 $this->entitiesBuilder = $entitiesBuilder ?: Di::_()->get('EntitiesBuilder'); 29 $this->db = $db ?: new Call('entities_by_time'); 30 $this->save = $save ?: new Save(); //Mockable, else instantiate a new one on save. 31 } 32 33 /** 34 * Save permissions for an entity and propegate it to linked objects 35 * @param mixed $entity a minds entity that implements the save function 36 * @param Permissions $permissions the flag to apply to the entity 37 */ 38 public function save($entity, EntityPermissions $permissions) - Owner
Return type would be nice
30 31 22 /** 32 * Save permissions for an entity and propegate it to linked objects 33 * @param mixed $entity a minds entity that implements the save function 34 * @param Permissions $permissions the flag to apply to the entity 35 */ 36 public function save($entity, Permissions $permissions) 23 * Takes a user_guid and list of entity guids 24 * Builds up a permissions object 25 * Permissions contains the user's role per entity, channel and group 26 * @param array $opts 27 * - user_guid: long, the user's guid for calculating permissions 28 * - guids: array long, the list of entities to permit 29 * @return Permissions A map of channels, groups and entities with the user's role for each 30 */ 31 public function getList(array $opts = []) - Owner
Return type would be nice
26 private $roles; 27 /** @var array */ 28 private $entities; 29 /** @var ChannelRoleCalculator */ 30 private $channelRoleCalculator; 31 /** @var GroupRoleCalculator */ 32 private $groupRoleCalculator; 33 /** @var EntitiesBuilder */ 34 private $entitiesBuilder; 35 36 public function setUser(User $user) 37 { 38 throw new ImmutableException('User can only be set in the constructor'); 39 } 40 41 public function __construct(User $user, Roles $roles = null, EntitiesBuilder $entitiesBuilder = null) - Owner
I don't think we should have functions above the constructor?
51 $this->entitiesBuilder = $entitiesBuilder ?: Di::_()->get('EntitiesBuilder'); 52 $this->channels[$user->getGUID()] = $user; 53 $this->channelRoleCalculator = new ChannelRoleCalculator($this->user, $this->roles); 54 $this->groupRoleCalculator = new GroupRoleCalculator($this->user, $this->roles, $entitiesBuilder); 55 } 56 57 /** 58 * Takes an array of entities and checks their permissions 59 * Builds up collections of permissions based on the user's relationships to the entity 60 * Any found channels and their roles are accessible in the channelRoleCalculator 61 * Any found groups and their roles are in the groupRoleCalculator 62 * All requested entities and the user's role is available in $this->entities. 63 * 64 * @param array entities an array of entities for calculating permissions 65 */ 66 public function calculate(array $entities = []) - Owner
Return type would be nice
58 * Takes an array of entities and checks their permissions 59 * Builds up collections of permissions based on the user's relationships to the entity 60 * Any found channels and their roles are accessible in the channelRoleCalculator 61 * Any found groups and their roles are in the groupRoleCalculator 62 * All requested entities and the user's role is available in $this->entities. 63 * 64 * @param array entities an array of entities for calculating permissions 65 */ 66 public function calculate(array $entities = []) 67 { 68 foreach ($entities as $entity) { 69 $this->entities[$entity->getGUID()] = $this->getRoleForEntity($entity); 70 } 71 } 72 73 private function getRoleForEntity($entity) - Owner
Return type would be nice
90 if ($this->isAdmin) { 91 $role = $this->roles->getRole(Roles::ROLE_ADMIN); 92 } 93 if ($this->isBanned) { 94 $role = $this->roles->getRole(Roles::ROLE_BANNED); 95 } 96 97 return $role; 98 } 99 100 /** 101 * Export the nested objects. 102 * 103 * @return array serialized objects 104 */ 105 public function export() - Owner
Return type would be nice
104 */ 105 public function export() 106 { 107 $export = []; 108 $export['user'] = $this->user->export(); 109 $export['channels'] = $this->getChannels(); 110 $export['groups'] = $this->getGroups(); 111 $export['entities'] = $this->entities; 112 113 return $export; 114 } 115 116 /** 117 * @return array channel guids with the user's role 118 */ 119 public function getChannels() - Owner
Return type would be nice
112 113 return $export; 114 } 115 116 /** 117 * @return array channel guids with the user's role 118 */ 119 public function getChannels() 120 { 121 return $this->channelRoleCalculator->getChannels(); 122 } 123 124 /** 125 * @return array group guids with the user's role 126 */ 127 public function getGroups() - Owner
Return type would be nice
120 { 121 return $this->channelRoleCalculator->getChannels(); 122 } 123 124 /** 125 * @return array group guids with the user's role 126 */ 127 public function getGroups() 128 { 129 return $this->groupRoleCalculator->getGroups(); 130 } 131 132 /** 133 * @return array serialized objects 134 */ 135 public function jsonSerialize() - Owner
Return type would be nice
1 <?php 2 3 namespace Minds\Core\Permissions\Roles; 4 5 use Zend\Permissions\Rbac; 6 7 abstract class BaseRole extends Rbac\Role implements \JsonSerializable 8 { 9 public function export() - Owner
Return type would be nice
54 41 55 foreach ($this->db->getRow('activity:entitylink:'.$entity->getGUID()) as $parentGuid => $ts) { 56 $activity = $this->entitiesBuilder->single($parentGuid); 57 $activity->setAllowComments($permissions->getAllowComments()); 58 $this->save 59 ->setEntity($activity) 60 ->save(); 42 $user = $this->entitiesBuilder->single($opts['user_guid']); 43 $entities = $this->entitiesBuilder->get($opts); 44 45 if ($user->getType() !== 'user') { 46 throw new \InvalidArgumentException('Entity is not a user'); 47 } 48 49 /** @var Permissions */ 50 $permissions = new Permissions($user, null, $entitiesBuilder); - Owner
Should 2nd param not be roles injected from above?
added MR::Requires Changes scoped label
- Owner
Looks great. How are we feeling about caching?