Merge 75e0187 into b0386c4

alterphp · Aug 30, 2018 · db529cf · db529cf
2 parents b0386c4 + 75e0187
commit db529cf
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -203,6 +203,20 @@ easy_admin:
 
 Entity _role_prefix_ defines all actions required roles by appending the action name to the prefix.
 
+#### Per entity field role permissions in form
+
+You can also define role permissions per entity field in form:
+
+```yaml
+easy_admin:
+    entities:
+        Product:
+            class: App\Entity\Product
+            form:
+                fields:
+                    - { property: enabled, role: ROLE_ADMIN }
+```
+
 ### Confirmation modal for custom POST actions without form
 
 A generic confirmation modal asks for confirmation (or any custom message) for links with `data-confirm` attribute (that may contain the custom message) and URL in `data-href` attribute.

diff --git a/src/Controller/AdminController.php b/src/Controller/AdminController.php
@@ -44,4 +44,29 @@ protected function isActionAllowed($actionName)
 
         return parent::isActionAllowed($actionName);
     }
+
+    /**
+     * Creates the form object used to create or edit the given entity.
+     * Control role of the field
+     *
+     * @param object $entity
+     * @param array  $entityProperties
+     * @param string $view
+     *
+     * @return FormInterface
+     *
+     * @throws \Exception
+     */
+    protected function createEntityForm($entity, array $entityProperties, $view)
+    {
+        $adminAuthorizationChecker = $this->container->get('alterphp.easyadmin_extension.admin_authorization_checker');
+        $removeEntityProperties = $adminAuthorizationChecker->getRemovePropertiesRequiredRole($entityProperties);
+
+        $entityForm = parent::createEntityForm($entity, $entityProperties, $view);
+
+        foreach ($removeEntityProperties as $key => $value) {
+            $entityForm->remove($value);
+        }
+        return $entityForm;
+    }
 }
diff --git a/src/Security/AdminAuthorizationChecker.php b/src/Security/AdminAuthorizationChecker.php
@@ -41,7 +41,7 @@ public function checksUserAccess(array $entityConfig, string $actionName, $subje
     }
 
     /**
-     * Returns user access as oolean, no exception thrown.
+     * Returns user access as boolean, no exception thrown.
      *
      * @param array  $entityConfig
      * @param string $actionName
@@ -70,4 +70,22 @@ protected function getRequiredRole(array $entityConfig, string $actionName)
 
         return $entityConfig['role'] ?? null;
     }
+
+    /**
+     * Returns array contain entity properties remove.
+     *
+     * @param array  $entityProperties
+     *
+     * @return array
+     */
+    public function getRemovePropertiesRequiredRole(array $entityProperties)
+    {
+        $removePropertiesRequiredRole = [];
+        foreach ($entityProperties as $key => $value) {
+            if (isset($value['role']) && !$this->authorizationChecker->isGranted($value['role'])) {
+                array_push($removePropertiesRequiredRole, $key);
+            }
+        }
+        return $removePropertiesRequiredRole;
+    }
 }