AVSDev/sprinkle-uf-tweaks
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Added user admin role

Browse Source
This commit is contained in:
Craig Williams
2023-10-06 09:54:45 +01:00
parent aa923dbe52
commit 275de8c6fe
3 changed files with 145 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
routes/roles.php Normal file
View File

@@ -0,0 +1,17 @@
<?php
/*
* AVSDev UF Tweaks (https://avsdev.uk)
*
* @link https://git.avsdev.uk/avsdev/sprinkle-uf-tweaks
* @license https://git.avsdev.uk/avsdev/sprinkle-uf-tweaks/blob/master/LICENSE.md (LGPL-3.0 License)
*/
use UserFrosting\Sprinkle\Core\Util\NoCache;
/*
* Routes for administrative role management.
*/
$app->group('/api/roles', function () {
$this->get('/', 'UserFrosting\Sprinkle\UFTweaks\Controller\RoleController:getList');
})->add('authGuard')->add(new NoCache());

73
src/Controller/RoleController.php Normal file
View File

@@ -0,0 +1,73 @@
<?php
/*
* AVSDev UF Tweaks (https://avsdev.uk)
*
* @link https://git.avsdev.uk/avsdev/sprinkle-uf-tweaks
* @license https://git.avsdev.uk/avsdev/sprinkle-uf-tweaks/blob/master/LICENSE.md (LGPL-3.0 License)
*/
namespace UserFrosting\Sprinkle\UFTweaks\Controller;
use Psr\Http\Message\ResponseInterface as Response;
use Psr\Http\Message\ServerRequestInterface as Request;
use UserFrosting\Sprinkle\Account\Database\Models\Role;
use UserFrosting\Sprinkle\Core\Controller\SimpleController;
use UserFrosting\Support\Exception\ForbiddenException;
/**
* Override role controller class to tweak the list of available user roles
*
* @author Craig Williams (craig@avsdev.uk)
*/
class RoleController extends SimpleController
{
/**
* Returns a list of Roles.
*
* Generates a list of roles, optionally paginated, sorted and/or filtered.
* This page requires authentication.
*
* Request type: GET
*
* @param Request $request
* @param Response $response
* @param array $args
*
* @throws ForbiddenException If user is not authorized to access page
*/
public function getList(Request $request, Response $response, $args)
{
// GET parameters
$params = $request->getQueryParams();
/** @var \UserFrosting\Sprinkle\Account\Authorize\AuthorizationManager $authorizer */
$authorizer = $this->ci->authorizer;
/** @var \UserFrosting\Sprinkle\Core\Util\ClassMapper $classMapper */
$classMapper = $this->ci->classMapper;
/** @var \UserFrosting\Sprinkle\Account\Database\Models\Interfaces\UserInterface $currentUser */
$currentUser = $this->ci->currentUser;
// Access-controlled page
$adminRole = $authorizer->checkAccess($currentUser, 'uri_roles');
$userRole = $authorizer->checkAccess($currentUser, 'role_list');
if (!$adminRole && !$userRole) {
throw new ForbiddenException();
}
$sprunje = $classMapper->createInstance('role_sprunje', $classMapper, $params);
if ($userRole) {
$siteAdminId = Role::where('slug', 'site-admin')->first()->id;
$sprunje->extendQuery(function($query) {
$query->where('role_id', '!=', $siteAdminId);
});
}
// Be careful how you consume this data - it has not been escaped and contains untrusted user-supplied content.
// For example, if you plan to insert it into an HTML DOM, you must escape it on the client side (or use client-side templating).
return $sprunje->toResponse($response);
}
}

56
src/Database/Seeds/CreateUserAdmin.php
View File

@@ -30,9 +30,11 @@ class CreateUserAdmin extends BaseSeed
$roles = $this->getRoles(); $roles = $this->getRoles();
$this->saveRoles($roles); $this->saveRoles($roles);
$newPermissions = $this->getNewPermissions();
$this->savePermissions($newPermissions);
$permissions = $this->getPermissions(); $permissions = $this->getPermissions();
$this->syncPermissionsRole($roles, $permissions); $this->syncPermissionsRole($roles, array_merge($newPermissions, $permissions));
} }
/** /**
@@ -70,6 +72,55 @@ class CreateUserAdmin extends BaseSeed
} }
} }
/**
* Save permissions.
*
* @param array $permissions
*/
protected function savePermissions(array &$permissions)
{
foreach ($permissions as $slug => $permission) {
// Trying to find if the permission already exist
$existingPermission = Permission::where(['slug' => $permission->slug, 'conditions' => $permission->conditions])->first();
// Don't save if already exist, use existing permission reference
// otherwise to re-sync permissions and roles
if ($existingPermission == null) {
$permission->save();
} else {
$permissions[$slug] = $existingPermission;
}
}
}
/**
* @return array Permissions to seed
*/
protected function getNewPermissions()
{
$defaultRoleIds = [
'user' => Role::where('slug', 'user')->first()->id,
'group-admin' => Role::where('slug', 'group-admin')->first()->id,
'site-admin' => Role::where('slug', 'site-admin')->first()->id,
'user-admin' => Role::where('slug', 'user-admin')->first()->id,
];
return [
'update_user_roles' => new Permission([
'slug' => 'update_user_field',
'name' => 'Edit user',
'conditions' => "!has_role(user.id,{$defaultRoleIds['site-admin']}) && subset(fields,['roles'])",
'description' => 'Edit role for users who are not Site Administrators.',
]),
'role_list' => new Permission([
'slug' => 'role_list',
'name' => 'List of roles',
'conditions' => "has_role(self.id,{$defaultRoleIds['user-admin']})",
'description' => 'Retrieve the list of roles.',
]),
];
}
/** /**
* @return array Permissions to seed * @return array Permissions to seed
*/ */
@@ -125,6 +176,9 @@ class CreateUserAdmin extends BaseSeed
$permissions['uri_user']->id, $permissions['uri_user']->id,
$permissions['uri_users']->id, $permissions['uri_users']->id,
$permissions['role_list']->id,
$permissions['update_user_roles']->id,
$permissions['create_user']->id, $permissions['create_user']->id,
$permissions['view_user_field']->id, $permissions['view_user_field']->id,
$permissions['update_user_field']->id, $permissions['update_user_field']->id,