New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add the page permission voters #6675
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Great work!! I haven't tested the permissions manually yet (because tbh I never really understood them anyway) but the code looks correct to me.
However, the new voters will require tests. Otherwise the codecov check will never pass.
core-bundle/src/Security/Voter/DataContainer/ArticleContentVoter.php
Outdated
Show resolved
Hide resolved
core-bundle/src/Security/Voter/DataContainer/ContentCompositionVoter.php
Outdated
Show resolved
Hide resolved
core-bundle/src/Security/Voter/DataContainer/PagePermissionVoter.php
Outdated
Show resolved
Hide resolved
core-bundle/src/Security/Voter/DataContainer/PagePermissionVoter.php
Outdated
Show resolved
Hide resolved
That is exactly what I explained in my initial description, section 3 point 4 😉 |
If we already know that a user does not have permission to paste a duplicated article, what is the point of enabling the "copy" icon? It is completely useless for them and should therefore remain disabled. |
That's correct, fixed in 9ebbfb8 |
…er.php Co-authored-by: Leo Feyer <1192057+leofeyer@users.noreply.github.com>
Tests done with ~300 assertions! 🙈 This should be RTM now 🙃 |
Btw, @zoglo volunteered (without a timing) to have a look at frontend tests (Cypress) for the page and article permissions 🎉 |
5336d85
to
ea9d70d
Compare
core-bundle/src/EventListener/DataContainer/DefaultOperationsListener.php
Show resolved
Hide resolved
Thank you @aschempp. |
This was hell of a ride… which resulted in #6670, #6669, #6668, #6659, #6658 but I hope this is now working as intended.
I'd love to get someone to test this manually, maybe by comparing demo.contao.org settings to a local setup. I did that for several days now but my brain feels muddy.
This now essentially does the following:
chmod
) fortl_article
andtl_page
. Since the permissions are identical and all managed intl_page
, one voter can handle both cases.tl_content
if the parent article is not editableSince we now have correct permissions
tl_article
andtl_page
FilterPageTypeEvent
anymore (it is now deprecated).There are some (intentional) behaviour changes and bug fixes:
deleteAll
does not work ontl_page
for non-admins #6666 is fixed automaticallyshow
action if user does not have access to a page type #6667 is fixed automaticallyhierarchy
oredit
permission. New or copies can only be pasted if a user has both permissions (see Permission error when pasting article into page without edit access #6674).new
global operation will automatically disappear if the user does not have access to create a page/article anywhere in the tree