Skip to content
Next
Projects
Groups
Snippets
Help
Loading...
Help
Support
Submit feedback
Contribute to GitLab
Switch to GitLab Next
Sign in / Register
Toggle navigation
Minds Backend - Engine
Project
Project
Details
Activity
Releases
Cycle Analytics
Insights
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Locked Files
Issues
221
Issues
221
List
Boards
Labels
Service Desk
Milestones
Merge Requests
36
Merge Requests
36
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Security & Compliance
Security & Compliance
Dependency List
Packages
Packages
List
Container Registry
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
Minds
Minds Backend - Engine
Commits
a110fc61
Commit
a110fc61
authored
31 minutes ago
by
Brian Hatchet
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
More permissions
parent
2f1aee28
feat/permissions-on-entities-737
1 merge request
!335
WIP: Feat/permissions on entities 737
Pipeline
#83855128
passed with stages
in 10 minutes and 32 seconds
Changes
10
Pipelines
1
Hide whitespace changes
Inline
Side-by-side
Showing
10 changed files
with
143 additions
and
3 deletions
+143
-3
ChannelRoleCalculator.php
Core/Permissions/Delegates/ChannelRoleCalculator.php
+10
-1
GroupRoleCalculator.php
Core/Permissions/Delegates/GroupRoleCalculator.php
+7
-1
ChannelModeratorRole.php
Core/Permissions/Roles/ChannelModeratorRole.php
+16
-0
LoggedOutClosedRole.php
Core/Permissions/Roles/LoggedOutClosedRole.php
+12
-0
LoggedOutRole.php
Core/Permissions/Roles/LoggedOutRole.php
+1
-0
OpenChannelNonSubscriberRole.php
Core/Permissions/Roles/OpenChannelNonSubscriberRole.php
+11
-0
OpenChannelSubscriberRole.php
Core/Permissions/Roles/OpenChannelSubscriberRole.php
+11
-0
Roles.php
Core/Permissions/Roles/Roles.php
+2
-0
PermissionsSpec.php
Spec/Core/Permissions/PermissionsSpec.php
+17
-1
RolesSpec.php
Spec/Core/Permissions/Roles/RolesSpec.php
+56
-0
No files found.
Core/Permissions/Delegates/ChannelRoleCalculator.php
View file @
a110fc61
...
...
@@ -42,7 +42,7 @@ class ChannelRoleCalculator extends BaseRoleCalculator
$role
=
null
;
$channel
=
$this
->
getChannelForEntity
(
$entity
);
if
(
$this
->
user
===
null
)
{
$role
=
$this
->
roles
->
getRole
(
Roles
::
ROLE_LOGGED_OUT
);
$role
=
$this
->
getChannelNonSubscriberRole
(
$channel
);
}
elseif
(
$entity
->
getOwnerGuid
()
===
$this
->
user
->
getGuid
())
{
$role
=
$this
->
roles
->
getRole
(
Roles
::
ROLE_CHANNEL_OWNER
);
}
elseif
(
$this
->
user
->
isSubscribed
(
$entity
->
getOwnerGuid
()))
{
...
...
@@ -98,10 +98,19 @@ class ChannelRoleCalculator extends BaseRoleCalculator
{
switch
(
$channel
->
getMode
())
{
case
ChannelMode
::
CLOSED
:
if
(
$this
->
user
===
null
)
{
return
$this
->
roles
->
getRole
(
Roles
::
ROLE_LOGGED_OUT_CLOSED
);
}
return
$this
->
roles
->
getRole
(
Roles
::
ROLE_CLOSED_CHANNEL_NON_SUBSCRIBER
);
case
ChannelMode
::
MODERATED
:
if
(
$this
->
user
===
null
)
{
return
$this
->
roles
->
getRole
(
Roles
::
ROLE_LOGGED_OUT
);
}
return
$this
->
roles
->
getRole
(
Roles
::
ROLE_MODERATED_CHANNEL_NON_SUBSCRIBER
);
case
ChannelMode
::
OPEN
:
if
(
$this
->
user
===
null
)
{
return
$this
->
roles
->
getRole
(
Roles
::
ROLE_LOGGED_OUT
);
}
return
$this
->
roles
->
getRole
(
Roles
::
ROLE_OPEN_CHANNEL_NON_SUBSCRIBER
);
}
}
...
...
This diff is collapsed.
Click to expand it.
Core/Permissions/Delegates/GroupRoleCalculator.php
View file @
a110fc61
...
...
@@ -43,7 +43,7 @@ class GroupRoleCalculator extends BaseRoleCalculator
$group
=
$this
->
entitiesBuilder
->
single
(
$entity
->
getAccessId
());
$role
=
null
;
if
(
$this
->
user
===
null
)
{
$role
=
$this
->
roles
->
getRole
(
Roles
::
ROLE_LOGGED_OUT
);
$role
=
$this
->
getGroupNonSubscriberRole
(
$group
);
}
elseif
(
$group
->
isCreator
(
$this
->
user
))
{
$role
=
$this
->
roles
->
getRole
(
Roles
::
ROLE_GROUP_OWNER
);
}
elseif
(
$group
->
isOwner
(
$this
->
user
))
{
...
...
@@ -86,8 +86,14 @@ class GroupRoleCalculator extends BaseRoleCalculator
protected
function
getGroupNonSubscriberRole
(
Group
$group
)
:
Role
{
if
(
$group
->
isPublic
())
{
if
(
$this
->
user
===
null
)
{
$this
->
roles
->
getRole
(
Roles
::
ROLE_LOGGED_OUT
);
}
return
$this
->
roles
->
getRole
(
Roles
::
ROLE_OPEN_GROUP_NON_SUBSCRIBER
);
}
else
{
if
(
$this
->
user
===
null
)
{
$this
->
roles
->
getRole
(
Roles
::
ROLE_LOGGED_OUT_CLOSED
);
}
return
$this
->
roles
->
getRole
(
Roles
::
ROLE_CLOSED_GROUP_NON_SUBSCRIBER
);
}
}
...
...
This diff is collapsed.
Click to expand it.
Core/Permissions/Roles/ChannelModeratorRole.php
View file @
a110fc61
...
...
@@ -7,5 +7,21 @@ class ChannelModeratorRole extends BaseRole
public
function
__construct
()
{
parent
::
__construct
(
Roles
::
ROLE_CHANNEL_MODERATOR
);
$this
->
addPermission
(
Roles
::
FLAG_CREATE_POST
);
$this
->
addPermission
(
Roles
::
FLAG_EDIT_CHANNEL
);
$this
->
addPermission
(
Roles
::
FLAG_EDIT_POST
);
$this
->
addPermission
(
Roles
::
FLAG_DELETE_POST
);
$this
->
addPermission
(
Roles
::
FLAG_APPOINT_MODERATOR
);
$this
->
addPermission
(
Roles
::
FLAG_APPROVE_SUBSCRIBER
);
$this
->
addPermission
(
Roles
::
FLAG_SUBSCRIBE
);
$this
->
addPermission
(
Roles
::
FLAG_VIEW
);
$this
->
addPermission
(
Roles
::
FLAG_VOTE
);
$this
->
addPermission
(
Roles
::
FLAG_CREATE_COMMENT
);
$this
->
addPermission
(
Roles
::
FLAG_EDIT_COMMENT
);
$this
->
addPermission
(
Roles
::
FLAG_DELETE_COMMENT
);
$this
->
addPermission
(
Roles
::
FLAG_REMIND
);
$this
->
addPermission
(
Roles
::
FLAG_WIRE
);
$this
->
addPermission
(
Roles
::
FLAG_MESSAGE
);
$this
->
addPermission
(
Roles
::
FLAG_INVITE
);
}
}
This diff is collapsed.
Click to expand it.
Core/Permissions/Roles/LoggedOutClosedRole.php
0 → 100644
View file @
a110fc61
<?php
namespace
Minds\Core\Permissions\Roles
;
class
LoggedOutClosedRole
extends
BaseRole
{
public
function
__construct
()
{
parent
::
__construct
(
Roles
::
ROLE_LOGGED_OUT_CLOSED
);
//No permissions for closed channels or groups
}
}
This diff is collapsed.
Click to expand it.
Core/Permissions/Roles/LoggedOutRole.php
View file @
a110fc61
...
...
@@ -7,5 +7,6 @@ class LoggedOutRole extends BaseRole
public
function
__construct
()
{
parent
::
__construct
(
Roles
::
ROLE_LOGGED_OUT
);
$this
->
addPermission
(
Roles
::
FLAG_VIEW
);
}
}
This diff is collapsed.
Click to expand it.
Core/Permissions/Roles/OpenChannelNonSubscriberRole.php
View file @
a110fc61
...
...
@@ -7,5 +7,16 @@ class OpenChannelNonSubscriberRole extends BaseRole
public
function
__construct
()
{
parent
::
__construct
(
Roles
::
ROLE_OPEN_CHANNEL_NON_SUBSCRIBER
);
$this
->
addPermission
(
Roles
::
FLAG_CREATE_POST
);
$this
->
addPermission
(
Roles
::
FLAG_SUBSCRIBE
);
$this
->
addPermission
(
Roles
::
FLAG_VIEW
);
$this
->
addPermission
(
Roles
::
FLAG_VOTE
);
$this
->
addPermission
(
Roles
::
FLAG_CREATE_COMMENT
);
$this
->
addPermission
(
Roles
::
FLAG_EDIT_COMMENT
);
$this
->
addPermission
(
Roles
::
FLAG_DELETE_COMMENT
);
$this
->
addPermission
(
Roles
::
FLAG_REMIND
);
$this
->
addPermission
(
Roles
::
FLAG_WIRE
);
$this
->
addPermission
(
Roles
::
FLAG_MESSAGE
);
$this
->
addPermission
(
Roles
::
FLAG_INVITE
);
}
}
This diff is collapsed.
Click to expand it.
Core/Permissions/Roles/OpenChannelSubscriberRole.php
View file @
a110fc61
...
...
@@ -7,5 +7,16 @@ class OpenChannelSubscriberRole extends BaseRole
public
function
__construct
()
{
parent
::
__construct
(
Roles
::
ROLE_OPEN_CHANNEL_SUBSCRIBER
);
$this
->
addPermission
(
Roles
::
FLAG_CREATE_POST
);
$this
->
addPermission
(
Roles
::
FLAG_SUBSCRIBE
);
$this
->
addPermission
(
Roles
::
FLAG_VIEW
);
$this
->
addPermission
(
Roles
::
FLAG_VOTE
);
$this
->
addPermission
(
Roles
::
FLAG_CREATE_COMMENT
);
$this
->
addPermission
(
Roles
::
FLAG_EDIT_COMMENT
);
$this
->
addPermission
(
Roles
::
FLAG_DELETE_COMMENT
);
$this
->
addPermission
(
Roles
::
FLAG_REMIND
);
$this
->
addPermission
(
Roles
::
FLAG_WIRE
);
$this
->
addPermission
(
Roles
::
FLAG_MESSAGE
);
$this
->
addPermission
(
Roles
::
FLAG_INVITE
);
}
}
This diff is collapsed.
Click to expand it.
Core/Permissions/Roles/Roles.php
View file @
a110fc61
...
...
@@ -19,6 +19,7 @@ class Roles extends Rbac
public
const
ROLE_GROUP_MODERATOR
=
'group_moderator'
;
public
const
ROLE_GROUP_OWNER
=
'group_owner'
;
public
const
ROLE_LOGGED_OUT
=
'logged_out'
;
public
const
ROLE_LOGGED_OUT_CLOSED
=
'logged_out_closed'
;
public
const
ROLE_MODERATED_CHANNEL_SUBSCRIBER
=
'moderated_channel_subscriber'
;
public
const
ROLE_MODERATED_CHANNEL_NON_SUBSCRIBER
=
'moderated_channel_nonsubscriber'
;
public
const
ROLE_OPEN_CHANNEL_SUBSCRIBER
=
'open_channel_subscriber'
;
...
...
@@ -67,6 +68,7 @@ class Roles extends Rbac
$this
->
addRole
(
new
GroupModeratorRole
());
$this
->
addRole
(
new
GroupOwnerRole
());
$this
->
addRole
(
new
LoggedOutRole
());
$this
->
addRole
(
new
LoggedOutClosedRole
());
$this
->
addRole
(
new
ModeratedChannelNonSubscriberRole
());
$this
->
addRole
(
new
ModeratedChannelSubscriberRole
());
$this
->
addRole
(
new
OpenChannelNonSubscriberRole
());
...
...
This diff is collapsed.
Click to expand it.
Spec/Core/Permissions/PermissionsSpec.php
View file @
a110fc61
...
...
@@ -52,9 +52,9 @@ class PermissionsSpec extends ObjectBehavior
$this
->
unsubscribedChannel
->
getGuid
()
->
willReturn
(
3
);
$this
->
unsubscribedChannel
->
getMode
()
->
willReturn
(
ChannelMode
::
CLOSED
);
$this
->
group
->
getGuid
()
->
willReturn
(
100
);
$this
->
group
->
isCreator
(
$this
->
user
)
->
willReturn
(
true
);
$this
->
group
->
isPublic
()
->
willReturn
(
true
);
$this
->
entitiesBuilder
->
single
(
100
)
->
willReturn
(
$this
->
group
);
$this
->
entitiesBuilder
->
single
(
1
)
->
willReturn
(
$this
->
user
);
$this
->
entitiesBuilder
->
single
(
2
)
->
willReturn
(
$this
->
subscribedChannel
);
...
...
@@ -358,6 +358,22 @@ class PermissionsSpec extends ObjectBehavior
expect
(
$role
->
hasPermission
(
Roles
::
FLAG_APPOINT_ADMIN
))
->
shouldEqual
(
false
);
}
public
function
it_should_returned_a_closed_channel_non_subscriber_role_for_logged_out
()
{
$this
->
beConstructedWith
(
null
,
null
,
$this
->
entitiesBuilder
);
$this
->
calculate
(
$this
->
mockEntities
());
$this
->
getIsAdmin
()
->
shouldEqual
(
false
);
$this
->
getIsBanned
()
->
shouldEqual
(
false
);
$channels
=
$this
->
getChannels
()
->
getWrappedObject
();
expect
(
$channels
[
1
]
->
getName
())
->
toEqual
(
Roles
::
ROLE_LOGGED_OUT
);
expect
(
$channels
[
2
]
->
getName
())
->
toEqual
(
Roles
::
ROLE_LOGGED_OUT
);
expect
(
$channels
[
3
]
->
getName
())
->
toEqual
(
Roles
::
ROLE_LOGGED_OUT_CLOSED
);
$entities
=
$this
->
getEntities
();
$role
=
$entities
[
12
]
->
getWrappedObject
();
expect
(
$role
->
getName
())
->
shouldEqual
(
Roles
::
ROLE_LOGGED_OUT_CLOSED
);
expect
(
$role
->
hasPermission
(
Roles
::
FLAG_APPOINT_ADMIN
))
->
shouldEqual
(
false
);
}
private
function
mockEntities
()
{
...
...
This diff is collapsed.
Click to expand it.
Spec/Core/Permissions/Roles/RolesSpec.php
View file @
a110fc61
...
...
@@ -96,4 +96,60 @@ class RolesSpec extends ObjectBehavior
$role
->
hasPermission
(
Roles
::
FLAG_JOIN
)
->
shouldEqual
(
false
);
$role
->
hasPermission
(
Roles
::
FLAG_JOIN_GATHERING
)
->
shouldEqual
(
false
);
}
public
function
it_should_have_open_channel_non_subscriber_permissions
()
{
$role
=
$this
->
getRole
(
Roles
::
ROLE_OPEN_CHANNEL_NON_SUBSCRIBER
);
$role
->
hasPermission
(
Roles
::
FLAG_APPOINT_ADMIN
)
->
shouldEqual
(
false
);
$role
->
hasPermission
(
Roles
::
FLAG_CREATE_POST
)
->
shouldEqual
(
true
);
$role
->
hasPermission
(
Roles
::
FLAG_EDIT_CHANNEL
)
->
shouldEqual
(
false
);
$role
->
hasPermission
(
Roles
::
FLAG_EDIT_POST
)
->
shouldEqual
(
false
);
$role
->
hasPermission
(
Roles
::
FLAG_DELETE_CHANNEL
)
->
shouldEqual
(
false
);
$role
->
hasPermission
(
Roles
::
FLAG_DELETE_POST
)
->
shouldEqual
(
false
);
$role
->
hasPermission
(
Roles
::
FLAG_APPOINT_MODERATOR
)
->
shouldEqual
(
false
);
$role
->
hasPermission
(
Roles
::
FLAG_APPROVE_SUBSCRIBER
)
->
shouldEqual
(
false
);
$role
->
hasPermission
(
Roles
::
FLAG_SUBSCRIBE
)
->
shouldEqual
(
true
);
$role
->
hasPermission
(
Roles
::
FLAG_VIEW
)
->
shouldEqual
(
true
);
$role
->
hasPermission
(
Roles
::
FLAG_VOTE
)
->
shouldEqual
(
true
);
$role
->
hasPermission
(
Roles
::
FLAG_CREATE_COMMENT
)
->
shouldEqual
(
true
);
$role
->
hasPermission
(
Roles
::
FLAG_EDIT_COMMENT
)
->
shouldEqual
(
true
);
$role
->
hasPermission
(
Roles
::
FLAG_DELETE_COMMENT
)
->
shouldEqual
(
true
);
$role
->
hasPermission
(
Roles
::
FLAG_REMIND
)
->
shouldEqual
(
true
);
$role
->
hasPermission
(
Roles
::
FLAG_WIRE
)
->
shouldEqual
(
true
);
$role
->
hasPermission
(
Roles
::
FLAG_MESSAGE
)
->
shouldEqual
(
true
);
$role
->
hasPermission
(
Roles
::
FLAG_INVITE
)
->
shouldEqual
(
true
);
$role
->
hasPermission
(
Roles
::
FLAG_CREATE_GROUP
)
->
shouldEqual
(
false
);
$role
->
hasPermission
(
Roles
::
FLAG_EDIT_GROUP
)
->
shouldEqual
(
false
);
$role
->
hasPermission
(
Roles
::
FLAG_DELETE_GROUP
)
->
shouldEqual
(
false
);
$role
->
hasPermission
(
Roles
::
FLAG_JOIN
)
->
shouldEqual
(
false
);
$role
->
hasPermission
(
Roles
::
FLAG_JOIN_GATHERING
)
->
shouldEqual
(
false
);
}
public
function
it_should_have_logged_out_permissions
()
{
$role
=
$this
->
getRole
(
Roles
::
ROLE_LOGGED_OUT
);
$role
->
hasPermission
(
Roles
::
FLAG_APPOINT_ADMIN
)
->
shouldEqual
(
false
);
$role
->
hasPermission
(
Roles
::
FLAG_CREATE_POST
)
->
shouldEqual
(
false
);
$role
->
hasPermission
(
Roles
::
FLAG_EDIT_CHANNEL
)
->
shouldEqual
(
false
);
$role
->
hasPermission
(
Roles
::
FLAG_EDIT_POST
)
->
shouldEqual
(
false
);
$role
->
hasPermission
(
Roles
::
FLAG_DELETE_CHANNEL
)
->
shouldEqual
(
false
);
$role
->
hasPermission
(
Roles
::
FLAG_DELETE_POST
)
->
shouldEqual
(
false
);
$role
->
hasPermission
(
Roles
::
FLAG_APPOINT_MODERATOR
)
->
shouldEqual
(
false
);
$role
->
hasPermission
(
Roles
::
FLAG_APPROVE_SUBSCRIBER
)
->
shouldEqual
(
false
);
$role
->
hasPermission
(
Roles
::
FLAG_SUBSCRIBE
)
->
shouldEqual
(
false
);
$role
->
hasPermission
(
Roles
::
FLAG_VIEW
)
->
shouldEqual
(
true
);
$role
->
hasPermission
(
Roles
::
FLAG_VOTE
)
->
shouldEqual
(
false
);
$role
->
hasPermission
(
Roles
::
FLAG_CREATE_COMMENT
)
->
shouldEqual
(
false
);
$role
->
hasPermission
(
Roles
::
FLAG_EDIT_COMMENT
)
->
shouldEqual
(
false
);
$role
->
hasPermission
(
Roles
::
FLAG_DELETE_COMMENT
)
->
shouldEqual
(
false
);
$role
->
hasPermission
(
Roles
::
FLAG_REMIND
)
->
shouldEqual
(
false
);
$role
->
hasPermission
(
Roles
::
FLAG_WIRE
)
->
shouldEqual
(
false
);
$role
->
hasPermission
(
Roles
::
FLAG_MESSAGE
)
->
shouldEqual
(
false
);
$role
->
hasPermission
(
Roles
::
FLAG_INVITE
)
->
shouldEqual
(
false
);
$role
->
hasPermission
(
Roles
::
FLAG_CREATE_GROUP
)
->
shouldEqual
(
false
);
$role
->
hasPermission
(
Roles
::
FLAG_EDIT_GROUP
)
->
shouldEqual
(
false
);
$role
->
hasPermission
(
Roles
::
FLAG_DELETE_GROUP
)
->
shouldEqual
(
false
);
$role
->
hasPermission
(
Roles
::
FLAG_JOIN
)
->
shouldEqual
(
false
);
$role
->
hasPermission
(
Roles
::
FLAG_JOIN_GATHERING
)
->
shouldEqual
(
false
);
}
}
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
