Skip to content

Commit

Permalink
Merge branch 'site-permissions'
Browse files Browse the repository at this point in the history
  • Loading branch information
@jimsafley
jimsafley committed Feb 14, 2024
2 parents c25233e + 9cbb5da commit 3385f24
Show file tree
Hide file tree
Showing 6 changed files with 44 additions and 14 deletions.
29 changes: 26 additions & 3 deletions Module.php
View file
Expand Up @@ -2,8 +2,10 @@
namespace Datavis;

use Omeka\Module\AbstractModule;
use Omeka\Permissions\Assertion as OmekaAssertion;
use Laminas\EventManager\SharedEventManagerInterface;
use Laminas\Mvc\MvcEvent;
use Laminas\Permissions\Acl\Assertion as LaminasAssertion;
use Laminas\ServiceManager\ServiceLocatorInterface;

class Module extends AbstractModule
Expand All @@ -18,10 +20,31 @@ public function onBootstrap(MvcEvent $event)
parent::onBootstrap($event);

$acl = $this->getServiceLocator()->get('Omeka\Acl');
// Allow all users to view visualizations.

$acl->allow(null, 'Datavis\Controller\Site\Index', ['dataset', 'diagram']);
$acl->allow(null, 'Datavis\Api\Adapter\DatavisVisAdapter', ['search', 'read']);
$acl->allow(null, 'Datavis\Entity\DatavisVis', 'read');
$acl->allow(null, 'Datavis\Controller\SiteAdmin\Index', ['index', 'browse', 'add', 'edit', 'delete', 'add-dataset-type', 'get-diagram-fieldset', 'dataset', 'diagram']);
$acl->allow(null, 'Datavis\Api\Adapter\DatavisVisAdapter', ['search', 'read', 'create', 'update', 'delete']);

// Provide the site-specific "add-visualization" privilege for creating
// visualizations.
$acl->allow(null, 'Omeka\Entity\Site', 'add-visualization', new OmekaAssertion\HasSitePermissionAssertion('admin'));

// We give "create" privilege to every role so permission checks fall to
// the site-specific "add-visualization" privilege (checked in the
// DatavisVisAdapter API adapter). We do this instead of using a
// HasSitePermissionAssertion because Omeka checks permissions before
// the adapter hydrates the site.
$acl->allow(null, 'Datavis\Entity\DatavisVis', ['read', 'create']);

// Users who are not global admins or supervisors (site_admin) must be
// site managers (admin) and must own the visualization they intend to
// update or delete.
$adminAssertion = new LaminasAssertion\AssertionAggregate;
$adminAssertion->addAssertions([
new OmekaAssertion\OwnsEntityAssertion,
new OmekaAssertion\HasSitePermissionAssertion('admin'),
]);
$acl->allow(null, 'Datavis\Entity\DatavisVis', ['update', 'delete'], $adminAssertion);
}

public function install(ServiceLocatorInterface $services)
Expand Down
1 change: 1 addition & 0 deletions config/module.config.php
View file
Expand Up @@ -109,6 +109,7 @@
'action' => 'index',
'useRouteMatch' => true,
'resource' => 'Datavis\Controller\SiteAdmin\Index',
'privilege' => 'index',
'pages' => [
[
'route' => 'admin/site/slug/datavis',
Expand Down
1 change: 1 addition & 0 deletions src/Api/Adapter/DatavisVisAdapter.php
View file
Expand Up @@ -77,6 +77,7 @@ public function hydrate(Request $request, EntityInterface $entity, ErrorStore $e
if (Request::CREATE === $request->getOperation()) {
$siteData = $request->getValue('o:site');
$site = $this->getAdapter('sites')->findEntity($siteData['o:id']);
$this->authorize($site, 'add-visualization');
$entity->setSite($site);

$datasetType = $request->getValue('o-module-datavis:dataset_type');
Expand Down
17 changes: 11 additions & 6 deletions src/Controller/SiteAdmin/IndexController.php
View file
Expand Up @@ -29,6 +29,7 @@ public function browseAction()

$view = new ViewModel;
$view->setVariable('vises', $vises);
$view->setVariable('site', $this->currentSite());
return $view;
}

Expand Down Expand Up @@ -193,14 +194,18 @@ protected function dispatchDatasetGeneration(DatavisVisRepresentation $vis)
GenerateDataset::class,
['datavis_vis_id' => $vis->id()]
);
$message = new Message(
'Generating dataset. This may take a while. %s', // @translate
sprintf(
'<a href="%s">%s</a>',
$message = 'Generating dataset. This may take a while.'; // @translate
if ($this->userIsAllowed('Omeka\Controller\Admin\Job', 'show')) {
$message = new Message(
'%s <a href="%s">%s</a>',
$message,
htmlspecialchars($this->url()->fromRoute('admin/id', ['controller' => 'job', 'id' => $job->getId()])),
$this->translate('See this job for progress.')
));
$message->setEscapeHtml(false);
);
$message->setEscapeHtml(false);
} else {

}
$this->messenger()->addSuccess($message);
}
}
4 changes: 2 additions & 2 deletions view/datavis/site-admin/index/add-dataset-type.phtml
View file
@@ -1,4 +1,4 @@
<?php
<?php
$this->headLink()->appendStylesheet($this->assetUrl('css/admin/vis-form.css', 'Datavis'));
echo $this->pageTitle($this->translate('Add visualization'), 1, $this->translate('Data Visualization'));
?>
Expand All @@ -16,7 +16,7 @@ echo $this->pageTitle($this->translate('Add visualization'), 1, $this->translate
<?php $datasetType = $this->datavis()->getDatasetType($datasetTypeName); ?>
<div class="dataset-type">
<label>
<input type="radio" name="<?php echo $this->escapeHtml('o-module-datavis:dataset_type'); ?>" value="<?php echo $this->escapeHtml($datasetTypeName); ?>">
<input type="radio" name="<?php echo $this->escapeHtml('o-module-datavis:dataset_type'); ?>" value="<?php echo $this->escapeHtml($datasetTypeName); ?>" required>
<?php echo $this->escapeHtml($this->translate($datasetType->getLabel())); ?>
</label>
<?php if ($datasetType->getDescription()): ?>
Expand Down
6 changes: 3 additions & 3 deletions view/datavis/site-admin/index/browse.phtml
View file
Expand Up @@ -4,7 +4,7 @@ $this->htmlElement('body')->appendAttribute('class', 'datavis vis browse');

<?php echo $this->pageTitle($this->translate('Visualizations'), 1, $this->translate('Data Visualization')); ?>

<?php if ($this->userIsAllowed('Datavis\Api\Adapter\DatavisVisAdapter', 'create')): ?>
<?php if ($site->userIsAllowed('add-visualization')): ?>
<div id="page-actions">
<div id="page-action-menu">
<?php echo $this->hyperlink($this->translate('Add new visualization'), $this->url(null, ['action' => 'add-dataset-type'], true), ['class' => 'button']); ?>
Expand Down Expand Up @@ -45,13 +45,13 @@ $this->htmlElement('body')->appendAttribute('class', 'datavis vis browse');
<td>
<?php echo $vis->title(); ?>
<ul class="actions">
<?php if ($vis->userIsAllowed('update')): ?>
<?php if ($vis->datasetModified() && $vis->diagramType()): ?>
<li><?php echo $this->hyperlink('', $vis->diagramUrl(), ['class' => 'fa fa-chart-pie', 'title' => $this->translate('View diagram'), 'target' => '_blank']); ?></li>
<?php endif; ?>
<?php if ($vis->datasetModified()): ?>
<li><?php echo $this->hyperlink('', $vis->datasetUrl(['pretty_print' => true]), ['class' => 'fa fa-table', 'title' => $this->translate('View dataset'), 'target' => '_blank']); ?></li>
<?php endif; ?>
<?php if ($vis->userIsAllowed('update')): ?>
<li><?php echo $vis->link('', 'edit', ['class' => 'fa fa-pencil-alt', 'title' => $this->translate('Edit')]) ?></li>
<?php endif; ?>
</ul>
Expand Down Expand Up @@ -79,7 +79,7 @@ $this->htmlElement('body')->appendAttribute('class', 'datavis vis browse');

<?php else: ?>
<div class="no-resources">
<?php if ($this->userIsAllowed('Datavis\Api\Adapter\DatavisVisAdapter', 'create')): ?>
<?php if ($site->userIsAllowed('add-visualization')): ?>
<p><?php echo sprintf(
$this->translate('No visualizations found. %s'),
$this->hyperlink($this->translate('Add a new visualization.'), $this->url(null, ['action' => 'add-dataset-type'], true))
Expand Down

0 comments on commit 3385f24

Please sign in to comment.