Element Permissions

add permissionProvider for Elements and related classes fixes non-admins not being able to publish pages
dynamic · Feb 2, 2018 · 2021f50 · 2021f50
1 parent 894b37c
commit 2021f50
Show file tree

Hide file tree

Showing 16 changed files with 289 additions and 474 deletions.
diff --git a/src/Elements/ElementCustomerService.php b/src/Elements/ElementCustomerService.php
@@ -7,12 +7,10 @@
 use SilverStripe\Forms\FieldList;
 
 /**
- * Class ElementCustomerService
- * @package Dynamic\Elements\Elements
+ * Class ElementCustomerService.
  */
 class ElementCustomerService extends BaseElement
 {
-
     /**
      * @var string
      */

diff --git a/src/Elements/ElementPromos.php b/src/Elements/ElementPromos.php
@@ -8,16 +8,13 @@
 use SilverStripe\Forms\GridField\GridFieldAddExistingAutocompleter;
 use SilverStripe\ORM\FieldType\DBField;
 use SilverStripe\ORM\FieldType\DBHTMLText;
-use SilverStripe\Security\Permission;
-use SilverStripe\Security\PermissionProvider;
-use SilverStripe\Security\Security;
 use Symbiote\GridFieldExtensions\GridFieldAddExistingSearchButton;
 use Symbiote\GridFieldExtensions\GridFieldOrderableRows;
 
 /**
  * Class PromosElement.
  */
-class ElementPromos extends BaseElement implements PermissionProvider
+class ElementPromos extends BaseElement
 {
     /**
      * @var string
@@ -116,100 +113,4 @@ public function getType()
     {
         return _t(__CLASS__.'.BlockType', 'Promos');
     }
-
-    /**
-     * @return array
-     */
-    public function providePermissions()
-    {
-        return array(
-            'EDIT_PROMOS_ELEMENT' => array(
-                'name' => _t(
-                    'ElementPromos.EDIT_PROMOS_ELEMENT_PERMISSION',
-                    'Manage Promos Elements'
-                ),
-                'category' => _t(
-                    'Permissions.PERMISSIONS_PROMOS_ELEMENT',
-                    'Elements'
-                ),
-                'help' => _t(
-                    'ElementPromos.EDIT_PERMISSION_PROMOS_ELEMENT',
-                    'Ability to edit Promos Elements.'
-                ),
-                'sort' => 400,
-            ),
-        );
-    }
-
-    /**
-     * Set permissions, allow all users to access by default.
-     * Override in descendant classes, or use PermissionProvider.
-     */
-
-    /**
-     * @param null $member
-     *
-     * @return bool
-     */
-    public function canCreate($member = null, $context = [])
-    {
-        if (!$member) {
-            $member = Security::getCurrentUser();
-        }
-
-        $extended = $this->extendedCan('canCreate', $member);
-        if ($extended !== null) {
-            return $extended;
-        }
-
-        return Permission::checkMember($member, 'EDIT_PROMOS_ELEMENT_PERMISSION', 'any');
-    }
-
-    /**
-     * @param null $member
-     *
-     * @return bool
-     */
-    public function canView($member = null, $context = [])
-    {
-        return true;
-    }
-
-    /**
-     * @param null $member
-     *
-     * @return bool
-     */
-    public function canEdit($member = null, $context = [])
-    {
-        if (!$member) {
-            $member = Security::getCurrentUser();
-        }
-
-        $extended = $this->extendedCan('canEdit', $member);
-        if ($extended !== null) {
-            return $extended;
-        }
-
-        return Permission::checkMember($member, 'EDIT_PROMOS_ELEMENT_PERMISSION', 'any');
-    }
-
-    /**
-     * @param null $member
-     *
-     * @return bool
-     */
-    public function canDelete($member = null, $context = [])
-    {
-        if (!$member) {
-            $member = Security::getCurrentUser();
-        }
-
-        $extended = $this->extendedCan('canDelete', $member);
-        if ($extended !== null) {
-            return $extended;
-        }
-
-        return Permission::checkMember($member, 'EDIT_PROMOS_ELEMENT_PERMISSION', 'any');
-    }
 }
diff --git a/src/Extensions/ElementPermissions.php b/src/Extensions/ElementPermissions.php
@@ -0,0 +1,81 @@
+<?php
+
+namespace Dynamic\Elements\ORM;
+
+use SilverStripe\ORM\DataExtension;
+use SilverStripe\Security\PermissionProvider;
+
+/**
+ * Class ElementPermissions.
+ */
+class ElementPermissions extends DataExtension implements PermissionProvider
+{
+    /**
+     * @return array
+     */
+    public function providePermissions()
+    {
+        return [
+            'Create_Element' => [
+                'name' => _t(
+                    'ELEMENT.CREATE_ELEMENT',
+                    'Create Elemental Blocks'
+                ),
+                'category' => _t(
+                    'Permissions.PERMISSIONS_ELEMENT_PERMISSION',
+                    'Elemental'
+                ),
+                'help' => _t(
+                    'Element.CREATE_PERMISSION_ELEMENT_PERMISSION',
+                    'Ability to create new Elemental Blocks.'
+                ),
+                'sort' => 400,
+            ],
+            'Edit_Element' => [
+                'name' => _t(
+                    'ELEMENT.EDIT_ELEMENT',
+                    'Edit Elemental Blocks'
+                ),
+                'category' => _t(
+                    'Permissions.PERMISSIONS_ELEMENT_PERMISSION',
+                    'Elemental'
+                ),
+                'help' => _t(
+                    'Element.EDIT_PERMISSION_ELEMENT_PERMISSION',
+                    'Ability to update Elemental Blocks.'
+                ),
+                'sort' => 400,
+            ],
+            'Delete_Element' => [
+                'name' => _t(
+                    'ELEMENT.PUBLISH_ELEMENT',
+                    'Delete Elemental Blocks'
+                ),
+                'category' => _t(
+                    'Permissions.PERMISSIONS_ELEMENT_PERMISSION',
+                    'Elemental'
+                ),
+                'help' => _t(
+                    'Element.PUBLISH_PERMISSION_ELEMENT_PERMISSION',
+                    'Ability to delete Elemental Blocks.'
+                ),
+                'sort' => 400,
+            ],
+            'Publish_Element' => [
+                'name' => _t(
+                    'ELEMENT.PUBLISH_ELEMENT',
+                    'Publish Elemental Blocks'
+                ),
+                'category' => _t(
+                    'Permissions.PERMISSIONS_ELEMENT_PERMISSION',
+                    'Elemental'
+                ),
+                'help' => _t(
+                    'Element.PUBLISH_PERMISSION_ELEMENT_PERMISSION',
+                    'Ability to publish Elemental Blocks.'
+                ),
+                'sort' => 400,
+            ],
+        ];
+    }
+}
diff --git a/src/Extensions/ElementalPermissions.php b/src/Extensions/ElementalPermissions.php
@@ -0,0 +1,48 @@
+<?php
+
+namespace Dynamic\Elements\ORM;
+
+use SilverStripe\ORM\DataExtension;
+use SilverStripe\Security\Permission;
+
+/**
+ * Class ElementalAreaPermissions.
+ */
+class ElementalPermissions extends DataExtension
+{
+    /**
+     * @param null $member
+     * @return bool|int|void
+     */
+    public function canCreate($member = null)
+    {
+        return Permission::check('Create_Element', 'any', $member);
+    }
+
+    /**
+     * @param null $member
+     * @return bool|int|void
+     */
+    public function canEdit($member = null)
+    {
+        return Permission::check('Edit_Element', 'any', $member);
+    }
+
+    /**
+     * @param null $member
+     * @return bool|int|void
+     */
+    public function canDelete($member = null)
+    {
+        return Permission::check('Delete_Element', 'any', $member);
+    }
+
+    /**
+     * @param null $member
+     * @return bool|int
+     */
+    public function canPublish($member = null)
+    {
+        return Permission::check('Publish_Element', 'any', $member);
+    }
+}
diff --git a/src/Model/AccordionPanel.php b/src/Model/AccordionPanel.php
@@ -64,44 +64,4 @@ public function getCMSFields()
 
         return parent::getCMSFields();
     }
-
-    /**
-     * @param null $member
-     *
-     * @return bool
-     */
-    public function canCreate($member = null, $context = [])
-    {
-        return true;
-    }
-
-    /**
-     * @param null $member
-     *
-     * @return bool
-     */
-    public function canView($member = null, $context = [])
-    {
-        return true;
-    }
-
-    /**
-     * @param null $member
-     *
-     * @return bool
-     */
-    public function canEdit($member = null, $context = [])
-    {
-        return true;
-    }
-
-    /**
-     * @param null $member
-     *
-     * @return bool
-     */
-    public function canDelete($member = null, $context = [])
-    {
-        return true;
-    }
 }
diff --git a/src/Model/BaseElementObject.php b/src/Model/BaseElementObject.php
@@ -6,12 +6,13 @@
 use Sheadawson\Linkable\Models\Link;
 use SilverStripe\Assets\Image;
 use SilverStripe\Forms\FieldList;
-use SilverStripe\Forms\HTMLEditor\TinyMCEConfig;
 use SilverStripe\ORM\DataObject;
 use SilverStripe\ORM\ValidationResult;
 use SilverStripe\Versioned\Versioned;
-use SilverStripe\View\Requirements;
 
+/**
+ * Class BaseElementObject.
+ */
 class BaseElementObject extends DataObject
 {
     /**

diff --git a/src/Model/FeatureObject.php b/src/Model/FeatureObject.php
@@ -66,49 +66,4 @@ public function getCMSFields()
 
         return parent::getCMSFields();
     }
-
-    /**
-     * Set permissions, allow all users to access by default.
-     * Override in descendant classes, or use PermissionProvider.
-     */
-
-    /**
-     * @param null $member
-     *
-     * @return bool
-     */
-    public function canCreate($member = null, $context = [])
-    {
-        return true;
-    }
-
-    /**
-     * @param null $member
-     *
-     * @return bool
-     */
-    public function canView($member = null, $context = [])
-    {
-        return true;
-    }
-
-    /**
-     * @param null $member
-     *
-     * @return bool
-     */
-    public function canEdit($member = null, $context = [])
-    {
-        return true;
-    }
-
-    /**
-     * @param null $member
-     *
-     * @return bool
-     */
-    public function canDelete($member = null, $context = [])
-    {
-        return true;
-    }
 }