From e043fee7a2b2f0631c9098c0380abb14432904c4 Mon Sep 17 00:00:00 2001 From: mgbaybay Date: Wed, 28 Aug 2024 17:54:12 +0800 Subject: [PATCH 1/3] Display: Allow limited view access to non-destructive edit-only features --- lib/Controller/Display.php | 130 ++++++++++++++++--------------- lib/Controller/DisplayGroup.php | 82 ++++++++++--------- lib/Factory/UserGroupFactory.php | 5 ++ 3 files changed, 121 insertions(+), 96 deletions(-) diff --git a/lib/Controller/Display.php b/lib/Controller/Display.php index e26fbe94cb..2c6f0911e5 100644 --- a/lib/Controller/Display.php +++ b/lib/Controller/Display.php @@ -1005,33 +1005,36 @@ public function grid(Request $request, Response $response) ); } - if ($this->getUser()->featureEnabled('displays.modify') - && $this->getUser()->checkEditable($display) + // Check if limited view access is allowed + if (($this->getUser()->featureEnabled('displays.modify') && $this->getUser()->checkEditable($display)) + || $this->getUser()->featureEnabled('displays.limitedView') ) { - if ($this->getUser()->featureEnabled('layout.view')) { - $display->buttons[] = [ - 'id' => 'display_button_layouts_jump', - 'linkType' => '_self', - 'external' => true, - 'url' => $this->urlFor($request, 'layout.view') - . '?activeDisplayGroupId=' . $display->displayGroupId, - 'text' => __('Jump to Scheduled Layouts') - ]; - } + if ($this->getUser()->checkEditable($display)) { + if ($this->getUser()->featureEnabled('layout.view')) { + $display->buttons[] = [ + 'id' => 'display_button_layouts_jump', + 'linkType' => '_self', + 'external' => true, + 'url' => $this->urlFor($request, 'layout.view') + . '?activeDisplayGroupId=' . $display->displayGroupId, + 'text' => __('Jump to Scheduled Layouts') + ]; + } - // File Associations - $display->buttons[] = array( - 'id' => 'displaygroup_button_fileassociations', - 'url' => $this->urlFor($request, 'displayGroup.media.form', ['id' => $display->displayGroupId]), - 'text' => __('Assign Files') - ); + // File Associations + $display->buttons[] = array( + 'id' => 'displaygroup_button_fileassociations', + 'url' => $this->urlFor($request, 'displayGroup.media.form', ['id' => $display->displayGroupId]), + 'text' => __('Assign Files') + ); - // Layout Assignments - $display->buttons[] = array( - 'id' => 'displaygroup_button_layout_associations', - 'url' => $this->urlFor($request, 'displayGroup.layout.form', ['id' => $display->displayGroupId]), - 'text' => __('Assign Layouts') - ); + // Layout Assignments + $display->buttons[] = array( + 'id' => 'displaygroup_button_layout_associations', + 'url' => $this->urlFor($request, 'displayGroup.layout.form', ['id' => $display->displayGroupId]), + 'text' => __('Assign Layouts') + ); + } // Screen Shot $display->buttons[] = [ @@ -1085,43 +1088,45 @@ public function grid(Request $request, Response $response) ] ]; - // Trigger webhook - $display->buttons[] = [ - 'id' => 'display_button_trigger_webhook', - 'url' => $this->urlFor( - $request, - 'displayGroup.trigger.webhook.form', - ['id' => $display->displayGroupId] - ), - 'text' => __('Trigger a web hook'), - 'multi-select' => true, - 'dataAttributes' => [ - [ - 'name' => 'commit-url', - 'value' => $this->urlFor( - $request, - 'displayGroup.action.trigger.webhook', - ['id' => $display->displayGroupId] - ) - ], - ['name' => 'commit-method', 'value' => 'post'], - ['name' => 'id', 'value' => 'display_button_trigger_webhook'], - ['name' => 'sort-group', 'value' => 3], - ['name' => 'text', 'value' => __('Trigger a web hook')], - ['name' => 'rowtitle', 'value' => $display->display], - ['name' => 'form-callback', 'value' => 'triggerWebhookMultiSelectFormOpen'] - ] - ]; - - if ($this->getUser()->isSuperAdmin()) { + if ($this->getUser()->checkEditable($display)) { + // Trigger webhook $display->buttons[] = [ - 'id' => 'display_button_purgeAll', - 'url' => $this->urlFor($request, 'display.purge.all.form', ['id' => $display->displayId]), - 'text' => __('Purge All') + 'id' => 'display_button_trigger_webhook', + 'url' => $this->urlFor( + $request, + 'displayGroup.trigger.webhook.form', + ['id' => $display->displayGroupId] + ), + 'text' => __('Trigger a web hook'), + 'multi-select' => true, + 'dataAttributes' => [ + [ + 'name' => 'commit-url', + 'value' => $this->urlFor( + $request, + 'displayGroup.action.trigger.webhook', + ['id' => $display->displayGroupId] + ) + ], + ['name' => 'commit-method', 'value' => 'post'], + ['name' => 'id', 'value' => 'display_button_trigger_webhook'], + ['name' => 'sort-group', 'value' => 3], + ['name' => 'text', 'value' => __('Trigger a web hook')], + ['name' => 'rowtitle', 'value' => $display->display], + ['name' => 'form-callback', 'value' => 'triggerWebhookMultiSelectFormOpen'] + ] ]; - } - $display->buttons[] = ['divider' => true]; + if ($this->getUser()->isSuperAdmin()) { + $display->buttons[] = [ + 'id' => 'display_button_purgeAll', + 'url' => $this->urlFor($request, 'display.purge.all.form', ['id' => $display->displayId]), + 'text' => __('Purge All') + ]; + } + + $display->buttons[] = ['divider' => true]; + } } if ($this->getUser()->featureEnabled('displays.modify') @@ -2187,7 +2192,8 @@ public function screenShot(Request $request, Response $response, $id) { $display = $this->displayFactory->getById($id); - if (!$this->getUser()->checkViewable($display)) { + // Allow limited view access + if (!$this->getUser()->checkViewable($display) && !$this->getUser()->featureEnabled('displays.limitedView')) { throw new AccessDeniedException(); } @@ -2247,7 +2253,8 @@ public function requestScreenShotForm(Request $request, Response $response, $id) { $display = $this->displayFactory->getById($id); - if (!$this->getUser()->checkViewable($display)) { + // Allow limited view access + if (!$this->getUser()->checkViewable($display) && !$this->getUser()->featureEnabled('displays.limitedView')) { throw new AccessDeniedException(); } @@ -2305,7 +2312,8 @@ public function requestScreenShot(Request $request, Response $response, $id) { $display = $this->displayFactory->getById($id); - if (!$this->getUser()->checkViewable($display)) { + // Allow limited view access + if (!$this->getUser()->checkViewable($display) && !$this->getUser()->featureEnabled('displays.limitedView')) { throw new AccessDeniedException(); } diff --git a/lib/Controller/DisplayGroup.php b/lib/Controller/DisplayGroup.php index 33eb4735e1..af8441475c 100644 --- a/lib/Controller/DisplayGroup.php +++ b/lib/Controller/DisplayGroup.php @@ -399,11 +399,11 @@ public function grid(Request $request, Response $response) ]; } - $group->buttons[] = ['divider' => true]; - if ($this->getUser()->featureEnabled('displaygroup.modify') && $this->getUser()->checkEditable($group) ) { + $group->buttons[] = ['divider' => true]; + // File Associations $group->buttons[] = [ 'id' => 'displaygroup_button_fileassociations', @@ -460,11 +460,16 @@ public function grid(Request $request, Response $response) ]; } - if ($this->getUser()->featureEnabled('displaygroup.modify') - && $this->getUser()->checkEditable($group) + // Check if limited view access is allowed + if (($this->getUser()->featureEnabled('displaygroup.modify') && $this->getUser()->checkEditable($group)) + || $this->getUser()->featureEnabled('displays.limitedView') ) { - $group->buttons[] = ['divider' => true]; + if ($this->getUser()->checkEditable($group)) { + $group->buttons[] = ['divider' => true]; + } + + // Send command $group->buttons[] = [ 'id' => 'displaygroup_button_command', 'url' => $this->urlFor($request, 'displayGroup.command.form', ['id' => $group->displayGroupId]), @@ -488,6 +493,7 @@ public function grid(Request $request, Response $response) ] ]; + // Collect Now $group->buttons[] = [ 'id' => 'displaygroup_button_collectNow', 'url' => $this->urlFor($request, 'displayGroup.collectNow.form', ['id' => $group->displayGroupId]), @@ -505,32 +511,34 @@ public function grid(Request $request, Response $response) ] ]; - // Trigger webhook - $group->buttons[] = [ - 'id' => 'displaygroup_button_trigger_webhook', - 'url' => $this->urlFor( - $request, - 'displayGroup.trigger.webhook.form', - ['id' => $group->displayGroupId] - ), - 'text' => __('Trigger a web hook'), - 'multi-select' => true, - 'dataAttributes' => [ - [ - 'name' => 'commit-url', - 'value' => $this->urlFor( - $request, - 'displayGroup.action.trigger.webhook', - ['id' => $group->displayGroupId] - ) - ], - ['name' => 'commit-method', 'value' => 'post'], - ['name' => 'id', 'value' => 'displaygroup_button_trigger_webhook'], - ['name' => 'text', 'value' => __('Trigger a web hook')], - ['name' => 'rowtitle', 'value' => $group->displayGroup], - ['name' => 'form-callback', 'value' => 'triggerWebhookMultiSelectFormOpen'] - ] - ]; + if ($this->getUser()->checkEditable($group)) { + // Trigger webhook + $group->buttons[] = [ + 'id' => 'displaygroup_button_trigger_webhook', + 'url' => $this->urlFor( + $request, + 'displayGroup.trigger.webhook.form', + ['id' => $group->displayGroupId] + ), + 'text' => __('Trigger a web hook'), + 'multi-select' => true, + 'dataAttributes' => [ + [ + 'name' => 'commit-url', + 'value' => $this->urlFor( + $request, + 'displayGroup.action.trigger.webhook', + ['id' => $group->displayGroupId] + ) + ], + ['name' => 'commit-method', 'value' => 'post'], + ['name' => 'id', 'value' => 'displaygroup_button_trigger_webhook'], + ['name' => 'text', 'value' => __('Trigger a web hook')], + ['name' => 'rowtitle', 'value' => $group->displayGroup], + ['name' => 'form-callback', 'value' => 'triggerWebhookMultiSelectFormOpen'] + ] + ]; + } } } @@ -1949,7 +1957,8 @@ public function collectNowForm(Request $request, Response $response, $id) { $displayGroup = $this->displayGroupFactory->getById($id); - if (!$this->getUser()->checkEditable($displayGroup)) { + // Non-destructive edit-only feature; allow limited view access + if (!$this->getUser()->checkEditable($displayGroup) && !$this->getUser()->featureEnabled('displays.limitedView')) { throw new AccessDeniedException(); } @@ -1995,7 +2004,8 @@ public function collectNow(Request $request, Response $response, $id) { $displayGroup = $this->displayGroupFactory->getById($id); - if (!$this->getUser()->checkEditable($displayGroup)) { + // Non-destructive edit-only feature; allow limited view access + if (!$this->getUser()->checkEditable($displayGroup) && !$this->getUser()->featureEnabled('displays.limitedView')) { throw new AccessDeniedException(); } @@ -2423,7 +2433,8 @@ public function commandForm(Request $request, Response $response, $id) { $displayGroup = $this->displayGroupFactory->getById($id); - if (!$this->getUser()->checkEditable($displayGroup)) { + // Non-destructive edit-only feature; allow limited view access + if (!$this->getUser()->checkEditable($displayGroup) || !$this->getUser()->featureEnabled('displays.limitedView')) { throw new AccessDeniedException(); } @@ -2484,7 +2495,8 @@ public function command(Request $request, Response $response, $id) $displayGroup = $this->displayGroupFactory->getById($id); $sanitizedParams = $this->getSanitizer($request->getParams()); - if (!$this->getUser()->checkEditable($displayGroup)) { + // Non-destructive edit-only feature; allow limited view access + if (!$this->getUser()->checkEditable($displayGroup) && !$this->getUser()->featureEnabled('displays.limitedView')) { throw new AccessDeniedException(); } diff --git a/lib/Factory/UserGroupFactory.php b/lib/Factory/UserGroupFactory.php index 1cb7dd8d2b..6a09bce0c1 100644 --- a/lib/Factory/UserGroupFactory.php +++ b/lib/Factory/UserGroupFactory.php @@ -760,6 +760,11 @@ public function getFeatures() 'group' => 'displays', 'title' => __('Allow edits including deletion for all added Displays') ], + 'displays.limitedView' => [ + 'feature' => 'displays.limitedView', + 'group' => 'displays', + 'title' => __('Allow access to non-destructive edit-only features') + ], 'displaygroup.view' => [ 'feature' => 'displaygroup.view', 'group' => 'displays', From 121df6765aa17f661e704e6e30d4ecbb6c548805 Mon Sep 17 00:00:00 2001 From: mgbaybay Date: Wed, 28 Aug 2024 17:57:35 +0800 Subject: [PATCH 2/3] Display: Updated validation on showing command form --- lib/Controller/DisplayGroup.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Controller/DisplayGroup.php b/lib/Controller/DisplayGroup.php index af8441475c..373de2c8e1 100644 --- a/lib/Controller/DisplayGroup.php +++ b/lib/Controller/DisplayGroup.php @@ -2434,7 +2434,7 @@ public function commandForm(Request $request, Response $response, $id) $displayGroup = $this->displayGroupFactory->getById($id); // Non-destructive edit-only feature; allow limited view access - if (!$this->getUser()->checkEditable($displayGroup) || !$this->getUser()->featureEnabled('displays.limitedView')) { + if (!$this->getUser()->checkEditable($displayGroup) && !$this->getUser()->featureEnabled('displays.limitedView')) { throw new AccessDeniedException(); } From 30095c0a731a2a1a3c645dbbaf36e317764dc4ab Mon Sep 17 00:00:00 2001 From: mgbaybay Date: Wed, 28 Aug 2024 22:02:52 +0800 Subject: [PATCH 3/3] Displays: Add limited view access to display group --- lib/Controller/DisplayGroup.php | 24 +++++++++++++++++++----- lib/Factory/UserGroupFactory.php | 5 +++++ 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/lib/Controller/DisplayGroup.php b/lib/Controller/DisplayGroup.php index 373de2c8e1..7de67df679 100644 --- a/lib/Controller/DisplayGroup.php +++ b/lib/Controller/DisplayGroup.php @@ -462,7 +462,7 @@ public function grid(Request $request, Response $response) // Check if limited view access is allowed if (($this->getUser()->featureEnabled('displaygroup.modify') && $this->getUser()->checkEditable($group)) - || $this->getUser()->featureEnabled('displays.limitedView') + || $this->getUser()->featureEnabled('displaygroup.limitedView') ) { if ($this->getUser()->checkEditable($group)) { @@ -1958,7 +1958,11 @@ public function collectNowForm(Request $request, Response $response, $id) $displayGroup = $this->displayGroupFactory->getById($id); // Non-destructive edit-only feature; allow limited view access - if (!$this->getUser()->checkEditable($displayGroup) && !$this->getUser()->featureEnabled('displays.limitedView')) { + if ( + !$this->getUser()->checkEditable($displayGroup) + && !$this->getUser()->featureEnabled('displays.limitedView') + && !$this->getUser()->featureEnabled('displaygroup.limitedView') + ) { throw new AccessDeniedException(); } @@ -2005,7 +2009,11 @@ public function collectNow(Request $request, Response $response, $id) $displayGroup = $this->displayGroupFactory->getById($id); // Non-destructive edit-only feature; allow limited view access - if (!$this->getUser()->checkEditable($displayGroup) && !$this->getUser()->featureEnabled('displays.limitedView')) { + if ( + !$this->getUser()->checkEditable($displayGroup) + && !$this->getUser()->featureEnabled('displays.limitedView') + && !$this->getUser()->featureEnabled('displaygroup.limitedView') + ) { throw new AccessDeniedException(); } @@ -2434,7 +2442,10 @@ public function commandForm(Request $request, Response $response, $id) $displayGroup = $this->displayGroupFactory->getById($id); // Non-destructive edit-only feature; allow limited view access - if (!$this->getUser()->checkEditable($displayGroup) && !$this->getUser()->featureEnabled('displays.limitedView')) { + if ( + !$this->getUser()->checkEditable($displayGroup) + && !$this->getUser()->featureEnabled('displaygroup.limitedView') + ) { throw new AccessDeniedException(); } @@ -2496,7 +2507,10 @@ public function command(Request $request, Response $response, $id) $sanitizedParams = $this->getSanitizer($request->getParams()); // Non-destructive edit-only feature; allow limited view access - if (!$this->getUser()->checkEditable($displayGroup) && !$this->getUser()->featureEnabled('displays.limitedView')) { + if ( + !$this->getUser()->checkEditable($displayGroup) + && !$this->getUser()->featureEnabled('displaygroup.limitedView') + ) { throw new AccessDeniedException(); } diff --git a/lib/Factory/UserGroupFactory.php b/lib/Factory/UserGroupFactory.php index 6a09bce0c1..8151560095 100644 --- a/lib/Factory/UserGroupFactory.php +++ b/lib/Factory/UserGroupFactory.php @@ -780,6 +780,11 @@ public function getFeatures() 'group' => 'displays', 'title' => __('Allow edits including deletion for all created Display Groups') ], + 'displaygroup.limitedView' => [ + 'feature' => 'displaygroup.limitedView', + 'group' => 'displays', + 'title' => __('Allow access to non-destructive edit-only features in a Display Group') + ], 'displayprofile.view' => [ 'feature' => 'displayprofile.view', 'group' => 'displays',