[ReUp] Add wizard for User Group creation to speed up ACL workflow

- Also add Context policy for proper managing of access to non-mgr Contexts
modxcms · Apr 13, 2012 · 5ddbd03 · 5ddbd03
1 parent e5369e4
commit 5ddbd03
Show file tree

Hide file tree

Showing 11 changed files with 465 additions and 15 deletions.
diff --git a/_build/data/permissions/transport.policy.tpl.context.php b/_build/data/permissions/transport.policy.tpl.context.php
@@ -0,0 +1,45 @@
+<?php
+/**
+ * The default Context Policy Template Permission scheme.
+ *
+ * @var modX|xPDO $xpdo
+ * @package modx
+ */
+$permissions = array();
+$permissions[] = $xpdo->newObject('modAccessPermission',array(
+    'name' => 'load',
+    'description' => 'perm.load_desc',
+    'value' => true,
+));
+$permissions[] = $xpdo->newObject('modAccessPermission',array(
+    'name' => 'list',
+    'description' => 'perm.list_desc',
+    'value' => true,
+));
+$permissions[] = $xpdo->newObject('modAccessPermission',array(
+    'name' => 'view',
+    'description' => 'perm.view_desc',
+    'value' => true,
+));
+$permissions[] = $xpdo->newObject('modAccessPermission',array(
+    'name' => 'save',
+    'description' => 'perm.save_desc',
+    'value' => true,
+));
+$permissions[] = $xpdo->newObject('modAccessPermission',array(
+    'name' => 'remove',
+    'description' => 'perm.remove_desc',
+    'value' => true,
+));
+$permissions[] = $xpdo->newObject('modAccessPermission',array(
+    'name' => 'view_unpublished',
+    'description' => 'perm.view_unpublished_desc',
+    'value' => true,
+));
+$permissions[] = $xpdo->newObject('modAccessPermission',array(
+    'name' => 'copy',
+    'description' => 'perm.copy_desc',
+    'value' => true,
+));
+
+return $permissions;
diff --git a/_build/data/transport.core.accesspolicies.php b/_build/data/transport.core.accesspolicies.php
@@ -117,4 +117,15 @@
   'lexicon' => 'permissions',
 ), '', true, true);
 
+$policies['11']= $xpdo->newObject('modAccessPolicy');
+$policies['11']->fromArray(array (
+  'id' => 11,
+  'name' => 'Context',
+  'description' => 'A standard Context policy that you can apply when creating Context ACLs for basic read/write and view_unpublished access within a Context.',
+  'parent' => 0,
+  'class' => '',
+  'data' => '{"load":true,"list":true,"view":true,"save":true,"remove":true,"copy":true,"view_unpublished":true}',
+  'lexicon' => 'permissions',
+), '', true, true);
+
 return $policies;
diff --git a/_build/data/transport.core.accesspolicytemplates.php b/_build/data/transport.core.accesspolicytemplates.php
@@ -70,4 +70,17 @@
     $templates['5']->addMany($permissions);
 } else { $xpdo->log(xPDO::LOG_LEVEL_ERROR,'Could not load Media Source Template Permissions.'); }
 
+/* context template policies */
+$templates['6']= $xpdo->newObject('modAccessPolicyTemplate');
+$templates['6']->fromArray(array(
+    'id' => 6,
+    'name' => 'ContextTemplate',
+    'description' => 'Context Policy Template with all attributes.',
+    'lexicon' => 'permissions',
+));
+$permissions = include dirname(__FILE__).'/permissions/transport.policy.tpl.context.php';
+if (is_array($permissions)) {
+    $templates['6']->addMany($permissions);
+} else { $xpdo->log(xPDO::LOG_LEVEL_ERROR,'Could not load Context Template Permissions.'); }
+
 return $templates;
diff --git a/_build/resolvers/resolve.policies.php b/_build/resolvers/resolve.policies.php
@@ -12,6 +12,7 @@
     'Load Only' => 'ObjectTemplate',
     'Load, List and View' => 'ObjectTemplate',
     'Object' => 'ObjectTemplate',
+    'Context' => 'ContextTemplate',
     'Element' => 'ElementTemplate',
     'Media Source Admin' => 'MediaSourceTemplate',
     'Media Source User' => 'MediaSourceTemplate',

diff --git a/_build/resolvers/resolve.policytemplates.php b/_build/resolvers/resolve.policytemplates.php
@@ -12,6 +12,7 @@
     'ResourceTemplate' => 'Resource',
     'AdministratorTemplate' => 'Admin',
     'ObjectTemplate' => 'Object',
+    'ContextTemplate' => 'Object',
     'ElementTemplate' => 'Element',
     'MediaSourceTemplate' => 'MediaSource',
 );

diff --git a/core/docs/changelog.txt b/core/docs/changelog.txt
@@ -2,6 +2,8 @@
 This file shows the changes in recent releases of MODX. The most current release is usually the
 development release, and is only shown to give an idea of what's currently in the pipeline.
 
+- Add wizard for User Group creation to speed up ACL workflow
+- Add Context policy for proper managing of access to non-mgr Contexts
 - Add wizard for Resource Group creation to speed up ACL workflow
 
 MODX Revolution 2.2.1-pl (April 3, 2012)

diff --git a/core/docs/version.inc.php b/core/docs/version.inc.php
@@ -2,7 +2,7 @@
 $v= array ();
 $v['version']= '2'; // Current version.
 $v['major_version']= '2'; // Current major version.
-$v['minor_version']= '1'; // Current minor version.
+$v['minor_version']= '2'; // Current minor version.
 $v['patch_level']= 'pl'; // Current patch level.
 $v['code_name']= 'Revolution'; // Current codename.
 $v['distro']= '@git@';

diff --git a/core/lexicon/en/access.inc.php b/core/lexicon/en/access.inc.php
@@ -107,6 +107,23 @@
 $_lang['resource_group_access_ugs_desc'] = 'A comma-separated list of User Group names. If non-blank, will give the User Groups specified here view access to this Resource Group for the above contexts.';
 $_lang['roles_msg'] = 'A role is, by definition, a position or status one holds within a certain situation. They can be used to group Users into a position or status within a User Group. Roles in MODX also have what is called "Authority". This is a number value that can be any valid integer. Authority levels are "inheritable downward", in the sense that a Role with Authority 1 will inherit any and all Group Policies assigned to itself, and to any Roles with higher Authority level than 1.';
 $_lang['source_add'] = 'Add Media Source';
+
+$_lang['user_group_aw'] = 'Access Wizard';
+$_lang['user_group_aw_desc'] = 'Note: You may have to flush sessions after adding the User Group if you check any of the options below.';
+$_lang['user_group_aw_contexts'] = 'Contexts';
+$_lang['user_group_aw_contexts_desc'] = 'A comma-separated list of Contexts that this User Group should be able to view.';
+$_lang['user_group_aw_manager_policy'] = 'Manager Policy';
+$_lang['user_group_aw_manager_policy_desc'] = 'The Policy to give the User Group for editing in the manager. Select (no policy) if you do not want to grant manager access.';
+$_lang['user_group_aw_users'] = 'Users';
+$_lang['user_group_aw_users_desc'] = 'A comma-separated list of usernames to add to this User Group. You can use the format username:role to set the role; otherwise, Member will be assumed.';
+$_lang['user_group_aw_resource_groups'] = 'Resource Groups';
+$_lang['user_group_aw_resource_groups_desc'] = 'A comma-separated list of Resource Groups to give access to in the Contexts specified above.';
+$_lang['user_group_aw_categories'] = 'Element Categories';
+$_lang['user_group_aw_categories_desc'] = 'A comma-separated list of Element Categories to give access to in the Contexts specified above.';
+$_lang['user_group_aw_parallel'] = 'Create Parallel Resource Group';
+$_lang['user_group_aw_parallel_desc'] = 'If checked, will automatically create a Resource Group with the same name, and give this User Group view access to it in the Contexts specified above.';
+
+
 $_lang['user_group_category_access'] = 'Element Category Access';
 $_lang['user_group_category_access_msg'] = 'Here you can set which Elements this User Group can access by the Categories the Elements are in.';
 $_lang['user_group_category_authority_desc'] = 'The minimum Role that will have access to the Permissions in the selected Policy for this context. Roles with stronger Authority (lower numbers) will inherit this access as well. Most situations can leave this at "Member".';