-
Notifications
You must be signed in to change notification settings - Fork 62
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
EZP-31783: Fixed embedding Content with read permissions #1441
Changes from 2 commits
81f57b4
b3d9ac4
d064c1a
0e3c6cf
502ce9c
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change | ||||
---|---|---|---|---|---|---|
@@ -0,0 +1,98 @@ | ||||||
<?php | ||||||
|
||||||
/** | ||||||
* @copyright Copyright (C) eZ Systems AS. All rights reserved. | ||||||
* @license For full copyright and license information view LICENSE file distributed with this source code. | ||||||
*/ | ||||||
declare(strict_types=1); | ||||||
|
||||||
namespace EzSystems\EzPlatformAdminUi\UniversalDiscovery\Event\Subscriber; | ||||||
|
||||||
use eZ\Publish\API\Repository\ContentTypeService; | ||||||
use eZ\Publish\API\Repository\PermissionResolver; | ||||||
use eZ\Publish\API\Repository\Values\ContentType\ContentType; | ||||||
use eZ\Publish\API\Repository\Values\User\Limitation\ContentTypeLimitation; | ||||||
use EzSystems\EzPlatformAdminUi\Permission\PermissionCheckerInterface; | ||||||
use EzSystems\EzPlatformAdminUi\UniversalDiscovery\Event\ConfigResolveEvent; | ||||||
use Symfony\Component\EventDispatcher\EventSubscriberInterface; | ||||||
|
||||||
class RichTextEmbedAllowedContentTypes implements EventSubscriberInterface | ||||||
{ | ||||||
/** @var string[] */ | ||||||
private $restrictedContentTypesIdentifiers; | ||||||
|
||||||
/** | ||||||
* @param \eZ\Publish\API\Repository\PermissionResolver $permissionResolver | ||||||
* @param \EzSystems\EzPlatformAdminUi\Permission\PermissionCheckerInterface $permissionChecker | ||||||
* @param \eZ\Publish\API\Repository\ContentTypeService $contentTypeService | ||||||
* | ||||||
* @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException | ||||||
*/ | ||||||
public function __construct( | ||||||
PermissionResolver $permissionResolver, | ||||||
PermissionCheckerInterface $permissionChecker, | ||||||
ContentTypeService $contentTypeService | ||||||
) { | ||||||
$this->restrictedContentTypesIdentifiers = $this->getRestrictedContentTypesIdentifiers( | ||||||
$permissionResolver, | ||||||
$permissionChecker, | ||||||
$contentTypeService | ||||||
); | ||||||
} | ||||||
|
||||||
/** | ||||||
* @param \eZ\Publish\API\Repository\PermissionResolver $permissionResolver | ||||||
* @param \EzSystems\EzPlatformAdminUi\Permission\PermissionCheckerInterface $permissionChecker | ||||||
* @param \eZ\Publish\API\Repository\ContentTypeService $contentTypeService | ||||||
* | ||||||
* @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException | ||||||
*/ | ||||||
private function getRestrictedContentTypesIdentifiers( | ||||||
PermissionResolver $permissionResolver, | ||||||
PermissionCheckerInterface $permissionChecker, | ||||||
ContentTypeService $contentTypeService | ||||||
): array { | ||||||
$access = $permissionResolver->hasAccess('content', 'read'); | ||||||
if (!\is_array($access)) { | ||||||
return []; | ||||||
} | ||||||
|
||||||
$restrictedContentTypesIds = $permissionChecker->getRestrictions($access, ContentTypeLimitation::class); | ||||||
|
||||||
if (empty($restrictedContentTypesIds)) { | ||||||
return []; | ||||||
} | ||||||
|
||||||
$restrictedContentTypes = $contentTypeService->loadContentTypeList($restrictedContentTypesIds); | ||||||
|
||||||
return array_values(array_map(function (ContentType $contentType): string { | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I don't see any reason not to:
Suggested change
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Done in 0e3c6cf. |
||||||
return $contentType->identifier; | ||||||
}, (array)$restrictedContentTypes)); | ||||||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. please re-format this code, it's not readable There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Sorry, can you please suggest a more readable option? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Done: 502ce9c |
||||||
} | ||||||
|
||||||
/** | ||||||
* {@inheritdoc} | ||||||
*/ | ||||||
public static function getSubscribedEvents(): array | ||||||
{ | ||||||
return [ | ||||||
ConfigResolveEvent::NAME => ['onUdwConfigResolve', -10], | ||||||
]; | ||||||
} | ||||||
|
||||||
/** | ||||||
* @param \EzSystems\EzPlatformAdminUi\UniversalDiscovery\Event\ConfigResolveEvent $event | ||||||
*/ | ||||||
public function onUdwConfigResolve(ConfigResolveEvent $event): void | ||||||
{ | ||||||
$config = $event->getConfig(); | ||||||
|
||||||
if (!in_array($event->getConfigName(), ['richtext_embed', 'richtext_embed_image'])) { | ||||||
return; | ||||||
} | ||||||
|
||||||
$config['allowed_content_types'] = !empty($this->restrictedContentTypesIdentifiers) ? $this->restrictedContentTypesIdentifier : null; | ||||||
|
||||||
$event->setConfig($config); | ||||||
} | ||||||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Have you tested this with weak user with no permissions to
content type/read
(orclass/read
legacy speaking)?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This PR is deployed on a few large projects. And no issues were reported there. But I`m not sure exactly this case was tested. I hope your QA will check all edge cases (like this).