Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Display: Allow limited view access to non-destructive edit-only features #2718

Merged
merged 3 commits into from
Aug 29, 2024
Merged

Display: Allow limited view access to non-destructive edit-only features #2718

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
e043fee
Display: Allow limited view access to non-destructive edit-only features
mgbaybay Aug 28, 2024
121df67
Display: Updated validation on showing command form
mgbaybay Aug 28, 2024
30095c0
Displays: Add limited view access to display group
mgbaybay Aug 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
130 changes: 69 additions & 61 deletions lib/Controller/Display.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1005,33 +1005,36 @@ public function grid(Request $request, Response $response)
);
}

if ($this->getUser()->featureEnabled('displays.modify')
&& $this->getUser()->checkEditable($display)
// Check if limited view access is allowed
if (($this->getUser()->featureEnabled('displays.modify') && $this->getUser()->checkEditable($display))
|| $this->getUser()->featureEnabled('displays.limitedView')
) {
if ($this->getUser()->featureEnabled('layout.view')) {
$display->buttons[] = [
'id' => 'display_button_layouts_jump',
'linkType' => '_self',
'external' => true,
'url' => $this->urlFor($request, 'layout.view')
. '?activeDisplayGroupId=' . $display->displayGroupId,
'text' => __('Jump to Scheduled Layouts')
];
}
if ($this->getUser()->checkEditable($display)) {
if ($this->getUser()->featureEnabled('layout.view')) {
$display->buttons[] = [
'id' => 'display_button_layouts_jump',
'linkType' => '_self',
'external' => true,
'url' => $this->urlFor($request, 'layout.view')
. '?activeDisplayGroupId=' . $display->displayGroupId,
'text' => __('Jump to Scheduled Layouts')
];
}

// File Associations
$display->buttons[] = array(
'id' => 'displaygroup_button_fileassociations',
'url' => $this->urlFor($request, 'displayGroup.media.form', ['id' => $display->displayGroupId]),
'text' => __('Assign Files')
);
// File Associations
$display->buttons[] = array(
'id' => 'displaygroup_button_fileassociations',
'url' => $this->urlFor($request, 'displayGroup.media.form', ['id' => $display->displayGroupId]),
'text' => __('Assign Files')
);

// Layout Assignments
$display->buttons[] = array(
'id' => 'displaygroup_button_layout_associations',
'url' => $this->urlFor($request, 'displayGroup.layout.form', ['id' => $display->displayGroupId]),
'text' => __('Assign Layouts')
);
// Layout Assignments
$display->buttons[] = array(
'id' => 'displaygroup_button_layout_associations',
'url' => $this->urlFor($request, 'displayGroup.layout.form', ['id' => $display->displayGroupId]),
'text' => __('Assign Layouts')
);
}

// Screen Shot
$display->buttons[] = [
Expand Down Expand Up @@ -1085,43 +1088,45 @@ public function grid(Request $request, Response $response)
]
];

// Trigger webhook
$display->buttons[] = [
'id' => 'display_button_trigger_webhook',
'url' => $this->urlFor(
$request,
'displayGroup.trigger.webhook.form',
['id' => $display->displayGroupId]
),
'text' => __('Trigger a web hook'),
'multi-select' => true,
'dataAttributes' => [
[
'name' => 'commit-url',
'value' => $this->urlFor(
$request,
'displayGroup.action.trigger.webhook',
['id' => $display->displayGroupId]
)
],
['name' => 'commit-method', 'value' => 'post'],
['name' => 'id', 'value' => 'display_button_trigger_webhook'],
['name' => 'sort-group', 'value' => 3],
['name' => 'text', 'value' => __('Trigger a web hook')],
['name' => 'rowtitle', 'value' => $display->display],
['name' => 'form-callback', 'value' => 'triggerWebhookMultiSelectFormOpen']
]
];

if ($this->getUser()->isSuperAdmin()) {
if ($this->getUser()->checkEditable($display)) {
// Trigger webhook
$display->buttons[] = [
'id' => 'display_button_purgeAll',
'url' => $this->urlFor($request, 'display.purge.all.form', ['id' => $display->displayId]),
'text' => __('Purge All')
'id' => 'display_button_trigger_webhook',
'url' => $this->urlFor(
$request,
'displayGroup.trigger.webhook.form',
['id' => $display->displayGroupId]
),
'text' => __('Trigger a web hook'),
'multi-select' => true,
'dataAttributes' => [
[
'name' => 'commit-url',
'value' => $this->urlFor(
$request,
'displayGroup.action.trigger.webhook',
['id' => $display->displayGroupId]
)
],
['name' => 'commit-method', 'value' => 'post'],
['name' => 'id', 'value' => 'display_button_trigger_webhook'],
['name' => 'sort-group', 'value' => 3],
['name' => 'text', 'value' => __('Trigger a web hook')],
['name' => 'rowtitle', 'value' => $display->display],
['name' => 'form-callback', 'value' => 'triggerWebhookMultiSelectFormOpen']
]
];
}

$display->buttons[] = ['divider' => true];
if ($this->getUser()->isSuperAdmin()) {
$display->buttons[] = [
'id' => 'display_button_purgeAll',
'url' => $this->urlFor($request, 'display.purge.all.form', ['id' => $display->displayId]),
'text' => __('Purge All')
];
}

$display->buttons[] = ['divider' => true];
}
}

if ($this->getUser()->featureEnabled('displays.modify')
Expand Down Expand Up @@ -2187,7 +2192,8 @@ public function screenShot(Request $request, Response $response, $id)
{
$display = $this->displayFactory->getById($id);

if (!$this->getUser()->checkViewable($display)) {
// Allow limited view access
if (!$this->getUser()->checkViewable($display) && !$this->getUser()->featureEnabled('displays.limitedView')) {
throw new AccessDeniedException();
}

Expand Down Expand Up @@ -2247,7 +2253,8 @@ public function requestScreenShotForm(Request $request, Response $response, $id)
{
$display = $this->displayFactory->getById($id);

if (!$this->getUser()->checkViewable($display)) {
// Allow limited view access
if (!$this->getUser()->checkViewable($display) && !$this->getUser()->featureEnabled('displays.limitedView')) {
throw new AccessDeniedException();
}

Expand Down Expand Up @@ -2305,7 +2312,8 @@ public function requestScreenShot(Request $request, Response $response, $id)
{
$display = $this->displayFactory->getById($id);

if (!$this->getUser()->checkViewable($display)) {
// Allow limited view access
if (!$this->getUser()->checkViewable($display) && !$this->getUser()->featureEnabled('displays.limitedView')) {
throw new AccessDeniedException();
}

Expand Down
96 changes: 61 additions & 35 deletions lib/Controller/DisplayGroup.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -399,11 +399,11 @@ public function grid(Request $request, Response $response)
];
}

$group->buttons[] = ['divider' => true];

if ($this->getUser()->featureEnabled('displaygroup.modify')
&& $this->getUser()->checkEditable($group)
) {
$group->buttons[] = ['divider' => true];

// File Associations
$group->buttons[] = [
'id' => 'displaygroup_button_fileassociations',
Expand Down Expand Up @@ -460,11 +460,16 @@ public function grid(Request $request, Response $response)
];
}

if ($this->getUser()->featureEnabled('displaygroup.modify')
&& $this->getUser()->checkEditable($group)
// Check if limited view access is allowed
if (($this->getUser()->featureEnabled('displaygroup.modify') && $this->getUser()->checkEditable($group))
|| $this->getUser()->featureEnabled('displaygroup.limitedView')
) {
$group->buttons[] = ['divider' => true];

if ($this->getUser()->checkEditable($group)) {
$group->buttons[] = ['divider' => true];
}

// Send command
$group->buttons[] = [
'id' => 'displaygroup_button_command',
'url' => $this->urlFor($request, 'displayGroup.command.form', ['id' => $group->displayGroupId]),
Expand All @@ -488,6 +493,7 @@ public function grid(Request $request, Response $response)
]
];

// Collect Now
$group->buttons[] = [
'id' => 'displaygroup_button_collectNow',
'url' => $this->urlFor($request, 'displayGroup.collectNow.form', ['id' => $group->displayGroupId]),
Expand All @@ -505,32 +511,34 @@ public function grid(Request $request, Response $response)
]
];

// Trigger webhook
$group->buttons[] = [
'id' => 'displaygroup_button_trigger_webhook',
'url' => $this->urlFor(
$request,
'displayGroup.trigger.webhook.form',
['id' => $group->displayGroupId]
),
'text' => __('Trigger a web hook'),
'multi-select' => true,
'dataAttributes' => [
[
'name' => 'commit-url',
'value' => $this->urlFor(
$request,
'displayGroup.action.trigger.webhook',
['id' => $group->displayGroupId]
)
],
['name' => 'commit-method', 'value' => 'post'],
['name' => 'id', 'value' => 'displaygroup_button_trigger_webhook'],
['name' => 'text', 'value' => __('Trigger a web hook')],
['name' => 'rowtitle', 'value' => $group->displayGroup],
['name' => 'form-callback', 'value' => 'triggerWebhookMultiSelectFormOpen']
]
];
if ($this->getUser()->checkEditable($group)) {
// Trigger webhook
$group->buttons[] = [
'id' => 'displaygroup_button_trigger_webhook',
'url' => $this->urlFor(
$request,
'displayGroup.trigger.webhook.form',
['id' => $group->displayGroupId]
),
'text' => __('Trigger a web hook'),
'multi-select' => true,
'dataAttributes' => [
[
'name' => 'commit-url',
'value' => $this->urlFor(
$request,
'displayGroup.action.trigger.webhook',
['id' => $group->displayGroupId]
)
],
['name' => 'commit-method', 'value' => 'post'],
['name' => 'id', 'value' => 'displaygroup_button_trigger_webhook'],
['name' => 'text', 'value' => __('Trigger a web hook')],
['name' => 'rowtitle', 'value' => $group->displayGroup],
['name' => 'form-callback', 'value' => 'triggerWebhookMultiSelectFormOpen']
]
];
}
}
}

Expand Down Expand Up @@ -1949,7 +1957,12 @@ public function collectNowForm(Request $request, Response $response, $id)
{
$displayGroup = $this->displayGroupFactory->getById($id);

if (!$this->getUser()->checkEditable($displayGroup)) {
// Non-destructive edit-only feature; allow limited view access
if (
!$this->getUser()->checkEditable($displayGroup)
&& !$this->getUser()->featureEnabled('displays.limitedView')
&& !$this->getUser()->featureEnabled('displaygroup.limitedView')
) {
throw new AccessDeniedException();
}

Expand Down Expand Up @@ -1995,7 +2008,12 @@ public function collectNow(Request $request, Response $response, $id)
{
$displayGroup = $this->displayGroupFactory->getById($id);

if (!$this->getUser()->checkEditable($displayGroup)) {
// Non-destructive edit-only feature; allow limited view access
if (
!$this->getUser()->checkEditable($displayGroup)
&& !$this->getUser()->featureEnabled('displays.limitedView')
&& !$this->getUser()->featureEnabled('displaygroup.limitedView')
) {
throw new AccessDeniedException();
}

Expand Down Expand Up @@ -2423,7 +2441,11 @@ public function commandForm(Request $request, Response $response, $id)
{
$displayGroup = $this->displayGroupFactory->getById($id);

if (!$this->getUser()->checkEditable($displayGroup)) {
// Non-destructive edit-only feature; allow limited view access
if (
!$this->getUser()->checkEditable($displayGroup)
&& !$this->getUser()->featureEnabled('displaygroup.limitedView')
) {
throw new AccessDeniedException();
}

Expand Down Expand Up @@ -2484,7 +2506,11 @@ public function command(Request $request, Response $response, $id)
$displayGroup = $this->displayGroupFactory->getById($id);
$sanitizedParams = $this->getSanitizer($request->getParams());

if (!$this->getUser()->checkEditable($displayGroup)) {
// Non-destructive edit-only feature; allow limited view access
if (
!$this->getUser()->checkEditable($displayGroup)
&& !$this->getUser()->featureEnabled('displaygroup.limitedView')
) {
throw new AccessDeniedException();
}

Expand Down
10 changes: 10 additions & 0 deletions lib/Factory/UserGroupFactory.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -760,6 +760,11 @@ public function getFeatures()
'group' => 'displays',
'title' => __('Allow edits including deletion for all added Displays')
],
'displays.limitedView' => [
'feature' => 'displays.limitedView',
'group' => 'displays',
'title' => __('Allow access to non-destructive edit-only features')
],
'displaygroup.view' => [
'feature' => 'displaygroup.view',
'group' => 'displays',
Expand All @@ -775,6 +780,11 @@ public function getFeatures()
'group' => 'displays',
'title' => __('Allow edits including deletion for all created Display Groups')
],
'displaygroup.limitedView' => [
'feature' => 'displaygroup.limitedView',
'group' => 'displays',
'title' => __('Allow access to non-destructive edit-only features in a Display Group')
],
'displayprofile.view' => [
'feature' => 'displayprofile.view',
'group' => 'displays',
Expand Down
Loading