Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

MBS-13108: Require relationship editor, not admin, privs for attributes #3116

Draft
wants to merge 9 commits into
base: master
Choose a base branch
from
Draft

MBS-13108: Require relationship editor, not admin, privs for attributes #3116

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
24db07e
Clarify function names
reosarevok Apr 8, 2022
648fb54
MBS-11178: Make attribute lists visible to all users
reosarevok Apr 8, 2022
55e3af5
Move generic attributes form to the same folder as others
reosarevok Apr 8, 2022
75978e1
Move attributes code out of admin folders
reosarevok Apr 8, 2022
9675365
Generalize attribute layout
reosarevok Apr 8, 2022
f7c8eaa
Make list of attribute types more usable
reosarevok Apr 8, 2022
204ed2b
Rename attributes/Index to AttributesList
reosarevok Apr 8, 2022
9c2ff90
MBS-12217: Add admin interface for editing alias types
reosarevok Apr 8, 2022
dae4f44
MBS-13108: Require relationship editor, not admin, privs for attributes
reosarevok Apr 8, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
90 changes: 57 additions & 33 deletions ...inz/Server/Controller/Admin/Attributes.pm → ...sicBrainz/Server/Controller/Attributes.pm
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package MusicBrainz::Server::Controller::Admin::Attributes;
package MusicBrainz::Server::Controller::Attributes;
use Moose;
use namespace::autoclean;
use utf8;
Expand All @@ -8,57 +8,81 @@ use MusicBrainz::Server::Entity::Util::JSON qw( to_json_array );

BEGIN { extends 'MusicBrainz::Server::Controller' }

my @models = qw(
my @entity_type_models = qw(
AreaType
ArtistType
CollectionType
CoverArtType
EventType
Gender
InstrumentType
LabelType
Language
MediumFormat
PlaceType
ReleaseGroupType
ReleaseGroupSecondaryType
SeriesType
WorkType
);

my @alias_type_models = qw(
AreaAliasType
ArtistAliasType
EventAliasType
GenreAliasType
InstrumentAliasType
LabelAliasType
PlaceAliasType
RecordingAliasType
ReleaseAliasType
ReleaseGroupAliasType
SeriesAliasType
WorkAliasType
);

my @other_models = qw(
CoverArtType
Gender
Language
MediumFormat
ReleaseStatus
ReleasePackaging
Script
SeriesType
WorkType
WorkAttributeType
);
# Missing: Alias types, WorkAttributeTypeAllowedValue

sub index : Path('/admin/attributes') Args(0) RequireAuth(account_admin) {
my @all_models = (@entity_type_models, @alias_type_models, @other_models);
# Missing: WorkAttributeTypeAllowedValue

sub index : Path('/attributes') Args(0) {
my ($self, $c) = @_;

$c->stash(
current_view => 'Node',
component_path => 'admin/attributes/Index',
component_props => {models => \@models},
component_path => 'attributes/AttributesList',
component_props => {
aliasTypeModels => \@alias_type_models,
entityTypeModels => \@entity_type_models,
otherModels => \@other_models,
},
);
}

sub attribute_base : Chained('/') PathPart('admin/attributes') CaptureArgs(1) RequireAuth(account_admin) {
sub attribute_base : Chained('/') PathPart('attributes') CaptureArgs(1) {
my ($self, $c, $model) = @_;

$c->detach('/error_404') unless contains_string(\@models, $model);
$c->detach('/error_404') unless contains_string(\@all_models, $model);

$c->stash->{model} = $model;
}

sub attribute_index : Chained('attribute_base') PathPart('') RequireAuth(account_admin) {
sub attribute_index : Chained('attribute_base') PathPart('') {
my ($self, $c) = @_;
my $model = $c->stash->{model};
my @attr = $c->model($model)->get_all();

my %component_paths = (
Language => 'admin/attributes/Language',
Script => 'admin/attributes/Script',
Language => 'attributes/Language',
Script => 'attributes/Script',
);
my $component_path = $component_paths{$model} // 'admin/attributes/Attribute';
my $component_path = $component_paths{$model} // 'attributes/Attribute';

$c->stash(
current_view => 'Node',
Expand All @@ -70,50 +94,50 @@ sub attribute_index : Chained('attribute_base') PathPart('') RequireAuth(account
);
}

sub create : Chained('attribute_base') RequireAuth(account_admin) SecureForm {
sub create : Chained('attribute_base') RequireAuth(relationship_editor) SecureForm {
my ($self, $c) = @_;
my $model = $c->stash->{model};

my %forms = (
Language => 'Admin::Attributes::Language',
Script => 'Admin::Attributes::Script',
Language => 'Attributes::Language',
Script => 'Attributes::Script',
);
my $form_name = $forms{$model} // 'Admin::Attributes';
my $form_name = $forms{$model} // 'Attributes::Generic';
my $form = $c->form( form => $form_name );

if ($c->form_posted_and_valid($form)) {
$c->model('MB')->with_transaction(sub {
$c->model($model)->insert({ map { $_->name => $_->value } $form->edit_fields });
});

$c->response->redirect($c->uri_for('/admin/attributes', $model));
$c->response->redirect($c->uri_for('/attributes', $model));
$c->detach;
}
}

sub edit : Chained('attribute_base') Args(1) RequireAuth(account_admin) SecureForm {
sub edit : Chained('attribute_base') Args(1) RequireAuth(relationship_editor) SecureForm {
my ($self, $c, $id) = @_;
my $model = $c->stash->{model};
my $attr = $c->model($model)->get_by_id($id);

my %forms = (
Language => 'Admin::Attributes::Language',
Script => 'Admin::Attributes::Script',
Language => 'Attributes::Language',
Script => 'Attributes::Script',
);
my $form_name = $forms{$model} // 'Admin::Attributes';
my $form_name = $forms{$model} // 'Attributes::Generic';
my $form = $c->form( form => $form_name, init_object => $attr );

if ($c->form_posted_and_valid($form)) {
$c->model('MB')->with_transaction(sub {
$c->model($model)->update($id, { map { $_->name => $_->value } $form->edit_fields });
});

$c->response->redirect($c->uri_for('/admin/attributes', $model));
$c->response->redirect($c->uri_for('/attributes', $model));
$c->detach;
}
}

sub delete : Chained('attribute_base') Args(1) RequireAuth(account_admin) SecureForm {
sub delete : Chained('attribute_base') Args(1) RequireAuth(relationship_editor) SecureForm {
my ($self, $c, $id) = @_;
my $model = $c->stash->{model};
my $attr = $c->model($model)->get_by_id($id)
Expand All @@ -130,7 +154,7 @@ sub delete : Chained('attribute_base') Args(1) RequireAuth(account_admin) Secure

$c->stash(
current_view => 'Node',
component_path => 'admin/attributes/CannotRemoveAttribute',
component_path => 'attributes/CannotRemoveAttribute',
component_props => {message => $error_message},
);

Expand All @@ -143,15 +167,15 @@ sub delete : Chained('attribute_base') Args(1) RequireAuth(account_admin) Secure

$c->stash(
current_view => 'Node',
component_path => 'admin/attributes/CannotRemoveAttribute',
component_path => 'attributes/CannotRemoveAttribute',
component_props => {message => $error_message},
);

$c->detach;
}

$c->stash(
component_path => 'admin/attributes/DeleteAttribute',
component_path => 'attributes/DeleteAttribute',
component_props => {
attribute => $attr->TO_JSON,
form => $form->TO_JSON,
Expand All @@ -168,7 +192,7 @@ sub delete : Chained('attribute_base') Args(1) RequireAuth(account_admin) Secure
});
}

$c->response->redirect($c->uri_for('/admin/attributes', $model));
$c->response->redirect($c->uri_for('/attributes', $model));
$c->detach;
}
}
Expand Down
14 changes: 11 additions & 3 deletions lib/MusicBrainz/Server/Data/Role/AliasType.pm
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,16 +5,24 @@ use namespace::autoclean;
use MusicBrainz::Server::Entity::AliasType;
use MusicBrainz::Server::Data::Utils qw( load_subobjects );

with 'MusicBrainz::Server::Data::Role::OptionsTree';

sub _columns { 'id, gid, name, parent AS parent_id, child_order, description' }
with 'MusicBrainz::Server::Data::Role::OptionsTree',
'MusicBrainz::Server::Data::Role::Attribute';

sub load {
my ($self, @objs) = @_;

load_subobjects($self, 'type', @objs);
}

sub in_use {
my ($self, $id) = @_;
# We can get the alias table by just dropping "_type" from the type table
my $alias_table = $self->_table =~ s/_type$//r;
return $self->sql->select_single_value(
"SELECT 1 FROM $alias_table WHERE type = ? LIMIT 1",
$id);
}

1;

=head1 COPYRIGHT AND LICENSE
Expand Down
2 changes: 1 addition & 1 deletion ...sicBrainz/Server/Form/Admin/Attributes.pm → ...cBrainz/Server/Form/Attributes/Generic.pm
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package MusicBrainz::Server::Form::Admin::Attributes;
package MusicBrainz::Server::Form::Attributes::Generic;
use strict;
use warnings;

Expand Down
2 changes: 1 addition & 1 deletion .../Server/Form/Admin/Attributes/Language.pm → ...Brainz/Server/Form/Attributes/Language.pm
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package MusicBrainz::Server::Form::Admin::Attributes::Language;
package MusicBrainz::Server::Form::Attributes::Language;
use strict;
use warnings;

Expand Down
2 changes: 1 addition & 1 deletion ...nz/Server/Form/Admin/Attributes/Script.pm → ...icBrainz/Server/Form/Attributes/Script.pm
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
package MusicBrainz::Server::Form::Admin::Attributes::Script;
package MusicBrainz::Server::Form::Attributes::Script;
use strict;
use warnings;

Expand Down
122 changes: 0 additions & 122 deletions root/admin/attributes/Attribute.js
View file
Open in desktop

This file was deleted.