Add the page permission voters

[aschempp]

This was hell of a ride… which resulted in #6670, #6669, #6668, #6659, #6658 but I hope this is now working as intended.

I'd love to get someone to test this manually, maybe by comparing demo.contao.org settings to a local setup. I did that for several days now but my brain feels muddy.

This now essentially does the following:

1. Add a voter on page permissions (chmod) for tl_article and tl_page. Since the permissions are identical and all managed in tl_page, one voter can handle both cases.
2. Add a voter to limit access to page types
3. Add a voter to deny articles on pages without content composition or the article module in layout
4. Add a voter to deny access to tl_content if the parent article is not editable

Since we now have correct permissions

• we don't need a paste button callback on tl_article and tl_page
• also don't need any button callbacks and can therefore use automatically generated operations
• Voter no. 2 will make sure root pages are only added/pasted to the root node
• Voter no. 2 will also make sure only one of the error pages exist per root page. This will e.g. automatically disallow moving a 404 page type from one root to another, if the other root already has a 404 page 😎
• Because we have voters for page types, we don't need the FilterPageTypeEvent anymore (it is now deprecated).

There are some (intentional) behaviour changes and bug fixes:

• deleteAll does not work on tl_page for non-admins #6666 is fixed automatically
• Permission denied to show action if user does not have access to a page type #6667 is fixed automatically
• Permission error when pasting article into page without edit access #6674 is fixed automatically
• A user can now copy articles if they have either hierarchy or edit permission. New or copies can only be pasted if a user has both permissions (see Permission error when pasting article into page without edit access #6674).
• The new global operation will automatically disappear if the user does not have access to create a page/article anywhere in the tree

[Toflar]

Great work!! I haven't tested the permissions manually yet (because tbh I never really understood them anyway) but the code looks correct to me.
However, the new voters will require tests. Otherwise the codecov check will never pass.

[leofeyer]

There is a behavior change in how article permissions are applied:

Now if I log in as j.wilson, the copy icon is active (it was not before):

But when I try to copy an article, all the paste buttons are inactive:

[aschempp]

That is exactly what I explained in my initial description, section 3 point 4 😉

[leofeyer]

If we already know that a user does not have permission to paste a duplicated article, what is the point of enabling the "copy" icon? It is completely useless for them and should therefore remain disabled.

[aschempp]

If we already know that a user does not have permission to paste a duplicated article, what is the point of enabling the "copy" icon? It is completely useless for them and should therefore remain disabled.

That's correct, fixed in 9ebbfb8

[aschempp]

Tests done with ~300 assertions! 🙈 This should be RTM now 🙃

[aschempp]

Btw, @zoglo volunteered (without a timing) to have a look at frontend tests (Cypress) for the page and article permissions 🎉

[leofeyer]

Thank you @aschempp.