Merge branch '6.12'

doc/specifications/rest/REST-API-V2.rst

@@ -2074,6 +2074,8 @@ Move Subtree
 :Resource: /content/locations/<path>
 :Method: MOVE or POST with header X-HTTP-Method-Override: MOVE
 :Description: moves the location to another parent. The destination can also be /content/trash where the location is put into the trash.
+    *(NOTE: Be aware that the user might not have access to the item any longer after it has been moved,
+    for example when read access is limited by subtree)*
 :Headers:
     :Destination: A parent location resource to which the location is moved
 :Response:
@@ -2083,7 +2085,9 @@ Move Subtree
         HTTP/1.1 201 Created
         Location: /content/locations/<newPath>
 
-or if destination is /content/trash and content only has one location
+or if destination is /content/trash and content only has one location *(NOTE: Like on normal subtree
+moves, be aware that the user might not have access to the item any longer after it has been moved
+to trash)*
 
 .. code:: http
 

eZ/Bundle/EzPublishCoreBundle/Resources/config/cache.yml

@@ -27,7 +27,11 @@ services:
 
     ezpublish.http_cache.purger.instant:
         class: "%ezpublish.http_cache.purger.instant.class%"
-        arguments: ["@ezpublish.http_cache.purge_client", "@ezpublish.api.service.inner_content", "@ezpublish.http_cache.event_dispatcher"]
+        arguments:
+            - '@ezpublish.http_cache.purge_client'
+            - '@ezpublish.api.service.inner_content'
+            - '@ezpublish.http_cache.event_dispatcher'
+            - '@ezpublish.api.repository'
         tags:
             - { name: kernel.cache_clearer }
 

eZ/Bundle/EzPublishCoreBundle/Tests/Cache/Http/InstantCachePurgerTest.php

@@ -20,7 +20,7 @@ public function testClear()
             ->expects($this->once())
             ->method('purgeAll');
 
-        $purger = new InstantCachePurger($this->purgeClient, $this->contentService, $this->eventDispatcher);
+        $purger = new InstantCachePurger($this->purgeClient, $this->contentService, $this->eventDispatcher, $this->repository);
         $purger->clear('cache/dir/');
     }
 }

eZ/Publish/API/Repository/TrashService.php

@@ -34,6 +34,7 @@ public function loadTrashItem($trashItemId);
     /**
      * Sends $location and all its children to trash and returns the corresponding trash item.
      *
+     * The current user may not have access to the returned trash item, check before using it.
      * Content is left untouched.
      *
      * @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the user is not allowed to trash the given location

eZ/Publish/Core/MVC/Symfony/Cache/Http/InstantCachePurger.php

@@ -9,6 +9,7 @@
 namespace eZ\Publish\Core\MVC\Symfony\Cache\Http;
 
 use eZ\Publish\API\Repository\ContentService;
+use eZ\Publish\API\Repository\Repository as RepositoryInterface;
 use eZ\Publish\Core\MVC\Symfony\Cache\GatewayCachePurger;
 use eZ\Publish\Core\MVC\Symfony\Cache\PurgeClientInterface;
 use eZ\Publish\Core\MVC\Symfony\Event\ContentCacheClearEvent;
@@ -37,14 +38,21 @@ class InstantCachePurger implements GatewayCachePurger
      */
     private $eventDispatcher;
 
+    /**
+     * @var \eZ\Publish\API\Repository\Repository|\eZ\Publish\Core\Repository\Repository
+     */
+    protected $repository;
+
     public function __construct(
         PurgeClientInterface $purgeClient,
         ContentService $contentService,
-        EventDispatcherInterface $eventDispatcher
+        EventDispatcherInterface $eventDispatcher,
+        RepositoryInterface $repository
     ) {
         $this->purgeClient = $purgeClient;
         $this->contentService = $contentService;
         $this->eventDispatcher = $eventDispatcher;
+        $this->repository = $repository;
     }
 
     /**
@@ -70,7 +78,12 @@ public function purgeAll()
      */
     public function purgeForContent($contentId, $locationIds = [])
     {
-        $contentInfo = $this->contentService->loadContentInfo($contentId);
+        // Use sudo as cache clearing should happen regardless of user permissions.
+        $contentInfo = $this->repository->sudo(
+            function () use ($contentId) {
+                return $this->contentService->loadContentInfo($contentId);
+            }
+        );
 
         // Can only gather relevant locations using ContentCacheClearEvent on published content
         if ($contentInfo->published) {

eZ/Publish/Core/MVC/Symfony/Cache/Tests/Http/InstantCachePurgerTest.php

@@ -8,40 +8,70 @@
  */
 namespace eZ\Publish\Core\MVC\Symfony\Cache\Tests\Http;
 
-use eZ\Publish\API\Repository\Values\Content\ContentInfo;
 use eZ\Publish\API\Repository\ContentService;
+use eZ\Publish\API\Repository\Values\Content\ContentInfo;
+use eZ\Publish\API\Repository\Values\User\UserReference;
+use eZ\Publish\Core\Base\Tests\PHPUnit5CompatTrait;
 use eZ\Publish\Core\MVC\Symfony\Cache\Http\InstantCachePurger;
 use eZ\Publish\Core\MVC\Symfony\Cache\PurgeClientInterface;
 use eZ\Publish\Core\MVC\Symfony\Event\ContentCacheClearEvent;
 use eZ\Publish\Core\MVC\Symfony\MVCEvents;
+use eZ\Publish\Core\Repository\Helper\LimitationService;
+use eZ\Publish\Core\Repository\Helper\RoleDomainMapper;
+use eZ\Publish\Core\Repository\Permission\PermissionResolver;
+use eZ\Publish\Core\Repository\Repository;
 use eZ\Publish\Core\Repository\Values\Content\Location;
+use eZ\Publish\SPI\Persistence\User\Handler as UserHandler;
 use PHPUnit\Framework\TestCase;
-use Symfony\Component\EventDispatcher\EventDispatcher;
 use Symfony\Component\EventDispatcher\EventDispatcherInterface;
+use Symfony\Component\EventDispatcher\EventDispatcher;
 
 class InstantCachePurgerTest extends TestCase
 {
+    use PHPUnit5CompatTrait;
+
     /**
-     * @var \PHPUnit_Framework_MockObject_MockObject
+     * @var \eZ\Publish\Core\MVC\Symfony\Cache\PurgeClientInterface|\PHPUnit_Framework_MockObject_MockObject
      */
     protected $purgeClient;
 
     /**
-     * @var \PHPUnit_Framework_MockObject_MockObject
+     * @var \eZ\Publish\API\Repository\ContentService|\PHPUnit_Framework_MockObject_MockObject
      */
     protected $contentService;
 
     /**
-     * @var \PHPUnit_Framework_MockObject_MockObject
+     * @var \Symfony\Component\EventDispatcher\EventDispatcherInterface|\PHPUnit_Framework_MockObject_MockObject
      */
     protected $eventDispatcher;
 
+    /**
+     * @var \eZ\Publish\Core\Repository\Repository|\PHPUnit_Framework_MockObject_MockObject
+     */
+    protected $repository;
+
     protected function setUp()
     {
         parent::setUp();
         $this->purgeClient = $this->createMock(PurgeClientInterface::class);
         $this->contentService = $this->createMock(ContentService::class);
         $this->eventDispatcher = $this->createMock(EventDispatcherInterface::class);
+
+        $this->repository = $this
+            ->getMockBuilder(Repository::class)
+            ->disableOriginalConstructor()
+            ->setMethods(
+                array_diff(
+                    get_class_methods(Repository::class),
+                    array('sudo')
+                )
+            )
+            ->getMock();
+
+        $this->repository
+            ->expects($this->any())
+            ->method('getPermissionResolver')
+            ->will($this->returnValue($this->getPermissionResolverMock()));
     }
 
     public function testPurge()
@@ -53,7 +83,7 @@ public function testPurge()
             ->with($locationIds)
             ->will($this->returnArgument(0));
 
-        $purger = new InstantCachePurger($this->purgeClient, $this->contentService, $this->eventDispatcher);
+        $purger = new InstantCachePurger($this->purgeClient, $this->contentService, $this->eventDispatcher, $this->repository);
         $this->assertSame($locationIds, $purger->purge($locationIds));
     }
 
@@ -63,7 +93,7 @@ public function testPurgeAll()
             ->expects($this->once())
             ->method('purgeAll');
 
-        $purger = new InstantCachePurger($this->purgeClient, $this->contentService, $this->eventDispatcher);
+        $purger = new InstantCachePurger($this->purgeClient, $this->contentService, $this->eventDispatcher, $this->repository);
         $purger->purgeAll();
     }
 
@@ -100,7 +130,35 @@ function (ContentCacheClearEvent $event) use ($locationIds) {
             ->method('purge')
             ->with($locationIds);
 
-        $purger = new InstantCachePurger($this->purgeClient, $this->contentService, $eventDispatcher);
+        $purger = new InstantCachePurger($this->purgeClient, $this->contentService, $eventDispatcher, $this->repository);
         $purger->purgeForContent($contentId);
     }
+
+    /**
+     * @return \eZ\Publish\Core\Repository\Permission\PermissionResolver|\PHPUnit_Framework_MockObject_MockObject
+     */
+    private function getPermissionResolverMock()
+    {
+        return $this
+            ->getMockBuilder(PermissionResolver::class)
+            ->setMethods(null)
+            ->setConstructorArgs(
+                [
+                    $this
+                        ->getMockBuilder(RoleDomainMapper::class)
+                        ->disableOriginalConstructor()
+                        ->getMock(),
+                    $this
+                        ->getMockBuilder(LimitationService::class)
+                        ->getMock(),
+                    $this
+                        ->getMockBuilder(UserHandler::class)
+                        ->getMock(),
+                    $this
+                        ->getMockBuilder(UserReference::class)
+                        ->getMock(),
+                ]
+            )
+            ->getMock();
+    }
 }

eZ/Publish/Core/REST/Client/TrashService.php

@@ -109,6 +109,7 @@ public function loadTrashItem($trashItemId)
     /**
      * Sends $location and all its children to trash and returns the corresponding trash item.
      *
+     * The current user may not have access to the returned trash item, check before using it.
      * Content is left untouched.
      *
      * @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the user is not allowed to trash the given location

eZ/Publish/Core/Repository/TrashService.php

@@ -30,7 +30,7 @@
 class TrashService implements TrashServiceInterface
 {
     /**
-     * @var \eZ\Publish\API\Repository\Repository
+     * @var \eZ\Publish\Core\Repository\Repository
      */
     protected $repository;
 
@@ -102,6 +102,7 @@ public function loadTrashItem($trashItemId)
     /**
      * Sends $location and all its children to trash and returns the corresponding trash item.
      *
+     * The current user may not have access to the returned trash item, check before using it.
      * Content is left untouched.
      *
      * @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the user is not allowed to trash the given location
@@ -130,9 +131,18 @@ public function trash(Location $location)
             throw $e;
         }
 
-        return isset($spiTrashItem)
-            ? $this->buildDomainTrashItemObject($spiTrashItem)
-            : null;
+        // Use sudo as we want a trash item regardless of user access to the trash.
+        try {
+            return isset($spiTrashItem)
+                ? $this->repository->sudo(
+                    function () use ($spiTrashItem) {
+                        return $this->buildDomainTrashItemObject($spiTrashItem);
+                    }
+                )
+                : null;
+        } catch (Exception $e) {
+            return null;
+        }
     }
 
     /**

eZ/Publish/Core/SignalSlot/TrashService.php

@@ -71,6 +71,7 @@ public function loadTrashItem($trashItemId)
     /**
      * Sends $location and all its children to trash and returns the corresponding trash item.
      *
+     * The current user may not have access to the returned trash item, check before using it.
      * Content is left untouched.
      *
      * @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the user is not allowed to trash the given location