[Community] fixes team directory rights

claroline · Apr 20, 2023 · 039d2e9 · 039d2e9
1 parent 04d4f9d
commit 039d2e9
Show file tree

Hide file tree

Showing 5 changed files with 78 additions and 18 deletions.
diff --git a/src/main/community/Manager/TeamManager.php b/src/main/community/Manager/TeamManager.php
@@ -112,46 +112,68 @@ public function deleteTeamRoles(Team $team): void
     public function createTeamDirectory(Team $team, User $user, ?ResourceNode $resource = null, ?array $creatableResources = []): Directory
     {
         $workspace = $team->getWorkspace();
+
         $teamRole = $team->getRole();
         $teamManagerRole = $team->getManagerRole();
-        $rootDirectory = $this->resourceManager->getWorkspaceRoot($workspace);
-        $directoryType = $this->resourceManager->getResourceTypeByName('directory');
-        $resourceTypes = $this->resourceManager->getAllResourceTypes();
-
-        $directory = new Directory();
-        $directory->setName($team->getName());
+        $wsManagerRole = $workspace->getManagerRole();
 
         $teamRoleName = $teamRole->getName();
         $teamManagerRoleName = $teamManagerRole->getName();
+
         $rights = [];
         $rights[$teamRoleName] = [];
         $rights[$teamRoleName]['role'] = $teamRole;
         $rights[$teamRoleName]['create'] = [];
+
         $rights[$teamManagerRoleName] = [];
         $rights[$teamManagerRoleName]['role'] = $teamManagerRole;
         $rights[$teamManagerRoleName]['create'] = [];
 
+        if ($wsManagerRole) {
+            $rights[$wsManagerRole->getName()] = [];
+            $rights[$wsManagerRole->getName()]['role'] = $wsManagerRole;
+            $rights[$wsManagerRole->getName()]['create'] = [];
+        }
+
+        $resourceTypes = $this->resourceManager->getAllResourceTypes();
         foreach ($resourceTypes as $resourceType) {
             $rights[$teamManagerRoleName]['create'][] = ['name' => $resourceType->getName()];
+
+            // because we don't copy the root rights, we need to correctly initialize the workspace manager rights
+            if ($wsManagerRole) {
+                $rights[$wsManagerRole->getName()]['create'][] = ['name' => $resourceType->getName()];
+            }
         }
 
         foreach ($creatableResources as $creatableResource) {
             $rights[$teamRoleName]['create'][] = ['name' => $creatableResource];
         }
-        $decoders = $directoryType->getMaskDecoders();
 
+        $directoryType = $this->resourceManager->getResourceTypeByName('directory');
+        $decoders = $directoryType->getMaskDecoders();
         foreach ($decoders as $decoder) {
             $decoderName = $decoder->getName();
 
             if ('create' !== $decoderName) {
                 $rights[$teamManagerRoleName][$decoderName] = true;
-            }
-            if ('administrate' !== $decoderName && 'delete' !== $decoderName && 'create' !== $decoderName) {
-                $rights[$teamRoleName][$decoderName] = true;
+
+                if ('administrate' !== $decoderName && 'delete' !== $decoderName) {
+                    $rights[$teamRoleName][$decoderName] = true;
+                }
+
+                // because we don't copy the root rights, we need to correctly initialize the workspace manager rights
+                if ($wsManagerRole) {
+                    $rights[$wsManagerRole->getName()][$decoderName] = true;
+                }
             }
         }
 
         // TODO : use crud
+        $rootDirectory = $this->resourceManager->getWorkspaceRoot($workspace);
+
+        $directory = new Directory();
+        $directory->setName($team->getName());
+
         $this->resourceManager->create(
             $directory,
             $directoryType,
@@ -161,8 +183,10 @@ public function createTeamDirectory(Team $team, User $user, ?ResourceNode $resou
             $rights
         );
 
+        // ATTENTION : because rights are pushed into DB in plain SQL we need to reload the entity to get the correct data
+        $this->om->refresh($directory->getResourceNode());
+
         if (!is_null($resource)) {
-            // TODO : manage rights
             $this->crud->copy($resource, [Options::NO_RIGHTS, Crud::NO_PERMISSIONS], ['user' => $user, 'parent' => $directory->getResourceNode()]);
         }
 
@@ -195,25 +219,25 @@ public function initializeTeamRights(Team $team): void
         $teamRole = $team->getRole();
         $teamManagerRole = $team->getManagerRole();
 
-        if (!empty($team->getDirectory())) {
+        if (!empty($team->getDirectory()) && $team->isPublic()) {
             $workspaceRoles = $this->roleManager->getWorkspaceRoles($workspace);
             $rights = [];
 
             foreach ($workspaceRoles as $role) {
                 if (!in_array($role->getUuid(), [$teamRole->getUuid(), $teamManagerRole->getUuid()])) {
                     $rights[$role->getName()] = [
                         'role' => $role,
-                        'create' => [],
                         'open' => $team->isPublic(),
                     ];
                 }
             }
+
             $this->applyRightsToResourceNode($team->getDirectory(), $rights);
         }
     }
 
     /**
-     * Updates permissions of team directory..
+     * Updates permissions of team directory.
      */
     public function updateTeamDirectoryPerms(Team $team): void
     {

diff --git a/src/main/community/Subscriber/Crud/TeamSubscriber.php b/src/main/community/Subscriber/Crud/TeamSubscriber.php
@@ -138,9 +138,7 @@ private function createDirectoryAndRoles(Team $team, array $data)
                 $defaultResource = isset($data['defaultResource']['id']) ?
                     $this->om->getRepository(ResourceNode::class)->findOneBy(['uuid' => $data['defaultResource']['id']]) :
                     null;
-                $creatableResources = isset($data['creatableResources']) ?
-                    $data['creatableResources'] :
-                    [];
+                $creatableResources = isset($data['creatableResources']) ? $data['creatableResources'] : [];
                 $directory = $this->manager->createTeamDirectory(
                     $team,
                     $this->tokenStorage->getToken()->getUser(),

diff --git a/src/main/core/Installation/Migrations/pdo_mysql/Version20230420110000.php b/src/main/core/Installation/Migrations/pdo_mysql/Version20230420110000.php
@@ -0,0 +1,34 @@
+<?php
+
+namespace Claroline\CoreBundle\Installation\Migrations\pdo_mysql;
+
+use Doctrine\DBAL\Schema\Schema;
+use Doctrine\Migrations\AbstractMigration;
+
+/**
+ * Auto-generated migration based on mapping information: modify it with caution.
+ *
+ * Generation date: 2023/04/15 07:09:30
+ */
+class Version20230420110000 extends AbstractMigration
+{
+    public function up(Schema $schema): void
+    {
+        // For performances reason, we will set the same mask for all resources,
+        // this is the maximum rights found in platform atm, which is 255.
+        // It is the mask for the resource which has the more custom actions (eg. quiz, blog)
+        // For other resources extra bits will just be ignored by the decoder manager so it's ok to do it.
+        $mask = 255;
+
+        $this->addSql("
+            UPDATE claro_resource_rights AS r
+            LEFT JOIN claro_role AS ro ON (r.role_id = ro.id)
+            SET r.mask = {$mask}
+            WHERE ro.name LIKE 'ROLE_WS_MANAGER_%'
+        ");
+    }
+
+    public function down(Schema $schema): void
+    {
+    }
+}
diff --git a/src/main/core/Manager/ResourceManager.php b/src/main/core/Manager/ResourceManager.php
@@ -153,7 +153,11 @@ public function create(
     public function createRights(ResourceNode $node, array $rights = [], bool $withDefault = true, bool $log = true)
     {
         foreach ($rights as $data) {
-            $resourceTypes = $this->checkResourceTypes($data['create']);
+            $resourceTypes = [];
+            if (isset($data['create'])) {
+                $resourceTypes = $this->checkResourceTypes($data['create']);
+            }
+
             $this->rightsManager->create($data, $data['role'], $node, false, $resourceTypes, $log);
         }
 

diff --git a/src/main/core/Resources/config/workspace.zip b/src/main/core/Resources/config/workspace.zip