Skip to content

Commit

Permalink
add security check to content-view-builder factory
Browse files Browse the repository at this point in the history
  • Loading branch information
@wachterjohannes
wachterjohannes committed Apr 29, 2020
1 parent c0e6a25 commit 3c899e4
Show file tree
Hide file tree
Showing 5 changed files with 244 additions and 45 deletions.
102 changes: 73 additions & 29 deletions Content/Infrastructure/Sulu/Admin/ContentViewBuilderFactory.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@
use Sulu\Bundle\ContentBundle\Content\Domain\Model\SeoInterface;
use Sulu\Bundle\ContentBundle\Content\Domain\Model\TemplateInterface;
use Sulu\Bundle\PreviewBundle\Preview\Object\PreviewObjectProviderRegistryInterface;
use Sulu\Component\Security\Authorization\PermissionTypes;
use Sulu\Component\Security\Authorization\SecurityCheckerInterface;

class ContentViewBuilderFactory implements ContentViewBuilderFactoryInterface
{
Expand All @@ -42,14 +44,21 @@ class ContentViewBuilderFactory implements ContentViewBuilderFactoryInterface
*/
private $entityManager;

/**
* @var SecurityCheckerInterface
*/
private $securityChecker;

public function __construct(
ViewBuilderFactoryInterface $viewBuilderFactory,
PreviewObjectProviderRegistryInterface $objectProviderRegistry,
EntityManagerInterface $entityManager
EntityManagerInterface $entityManager,
SecurityCheckerInterface $securityChecker
) {
$this->viewBuilderFactory = $viewBuilderFactory;
$this->objectProviderRegistry = $objectProviderRegistry;
$this->entityManager = $entityManager;
$this->securityChecker = $securityChecker;
}

public function getDefaultToolbarActions(): array
Expand Down Expand Up @@ -97,10 +106,10 @@ public function getDefaultToolbarActions(): array

public function createContentRichViews(
string $entityClass,
string $templateFormKey,
string $editParentView,
?string $addParentView = null,
?array $toolbarActions = null
?array $toolbarActions = null,
?string $securityContext = null
): array {
$classMetadata = $this->entityManager->getClassMetadata($entityClass);
$associationMapping = $classMetadata->getAssociationMapping('dimensionContents');
Expand All @@ -109,48 +118,74 @@ public function createContentRichViews(
/** @var callable $callable */
$callable = [$entityClass, 'getResourceKey'];
$resourceKey = \call_user_func($callable);

/** @var callable $callable */
$callable = [$dimensionContentClass, 'getTemplateType'];
$templateFormKey = \call_user_func($callable);

$previewEnabled = $this->objectProviderRegistry->hasPreviewObjectProvider($resourceKey);

$toolbarActions = $toolbarActions ?: $this->getDefaultToolbarActions();
$addToolbarActions = $toolbarActions;
$seoAndExcerptToolbarActions = ['save' => $toolbarActions['save']];

if (!$this->hasPermission($securityContext, PermissionTypes::EDIT)) {
unset($toolbarActions['save']);
unset($seoAndExcerptToolbarActions['save']);
}

if (!$this->hasPermission($securityContext, PermissionTypes::LIVE)) {
unset($toolbarActions['edit']);
unset($addToolbarActions['edit']);
}

if (!$this->hasPermission($securityContext, PermissionTypes::DELETE)) {
unset($toolbarActions['delete']);
unset($addToolbarActions['delete']);
}

$views = [];

if (is_subclass_of($dimensionContentClass, TemplateInterface::class)) {
if ($addParentView) {
if ($this->hasPermission($securityContext, PermissionTypes::ADD)) {
if ($addParentView && is_subclass_of($dimensionContentClass, TemplateInterface::class)) {
$views[] = $this->createTemplateFormView(
$addParentView,
false,
$resourceKey,
$templateFormKey,
$addToolbarActions
);
}
}

if ($this->hasPermission($securityContext, PermissionTypes::EDIT)) {
if (is_subclass_of($dimensionContentClass, TemplateInterface::class)) {
$views[] = $this->createTemplateFormView(
$editParentView,
$previewEnabled,
$resourceKey,
$templateFormKey,
$toolbarActions
);
}

$views[] = $this->createTemplateFormView(
$editParentView,
$previewEnabled,
$resourceKey,
$templateFormKey,
$toolbarActions
);
}

if (is_subclass_of($dimensionContentClass, SeoInterface::class)) {
$views[] = $this->createSeoFormView(
$editParentView,
$previewEnabled,
$resourceKey,
['save' => $toolbarActions['save']]
);
}
if (is_subclass_of($dimensionContentClass, SeoInterface::class)) {
$views[] = $this->createSeoFormView(
$editParentView,
$previewEnabled,
$resourceKey,
$seoAndExcerptToolbarActions
);
}

if (is_subclass_of($dimensionContentClass, ExcerptInterface::class)) {
$views[] = $this->createExcerptFormView(
$editParentView,
$previewEnabled,
$resourceKey,
['save' => $toolbarActions['save']]
);
if (is_subclass_of($dimensionContentClass, ExcerptInterface::class)) {
$views[] = $this->createExcerptFormView(
$editParentView,
$previewEnabled,
$resourceKey,
$seoAndExcerptToolbarActions
);
}
}

return $views;
Expand Down Expand Up @@ -217,4 +252,13 @@ protected function createFormViewBuilder(string $name, string $path, bool $previ

return $formViewBuilder;
}

protected function hasPermission(?string $securityContext, string $permissionType): bool
{
if (!$securityContext) {
return true;
}

return $this->securityChecker->hasPermission($securityContext, $permissionType);
}
}
4 changes: 2 additions & 2 deletions Content/Infrastructure/Sulu/Admin/ContentViewBuilderFactoryInterface.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,10 +30,10 @@ public function getDefaultToolbarActions(): array;
*/
public function createContentRichViews(
string $entityClass,
string $templateFormKey,
string $editParentView,
?string $addParentView = null,
?array $toolbarActions = null
?array $toolbarActions = null,
?string $securityContext = null
): array;

/**
Expand Down
3 changes: 3 additions & 0 deletions Resources/config/services.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,9 @@
<argument type="service" id="sulu_admin.view_builder_factory"/>
<argument type="service" id="sulu_preview.preview_object_provider_registry"/>
<argument type="service" id="doctrine.orm.entity_manager"/>
<argument type="service" id="sulu_security.security_checker"/>

<tag name="sulu.context" context="admin"/>
</service>

<service id="Sulu\Bundle\ContentBundle\Content\Infrastructure\Sulu\Admin\ContentViewBuilderFactoryInterface" alias="sulu_content.content_view_builder_factory"/>
Expand Down
6 changes: 4 additions & 2 deletions Tests/Application/ExampleTestBundle/Admin/ExampleAdmin.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -134,9 +134,10 @@ public function configureViews(ViewCollection $viewCollection): void

$viewBuilders = $this->contentViewBuilderFactory->createContentRichViews(
Example::class,
Example::TEMPLATE_TYPE,
static::EDIT_TABS_VIEW,
static::ADD_TABS_VIEW
static::ADD_TABS_VIEW,
null,
static::SECURITY_CONTEXT
);

foreach ($viewBuilders as $viewBuilder) {
Expand All @@ -158,6 +159,7 @@ public function getSecurityContexts()
PermissionTypes::ADD,
PermissionTypes::EDIT,
PermissionTypes::DELETE,
PermissionTypes::LIVE,
],
],
],
Expand Down
Loading

0 comments on commit 3c899e4

Please sign in to comment.