Skip to content

[4.3] Add Create and Edit Own permissions for tours #40220

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
joomdonation wants to merge 2 commits into from
Closed

[4.3] Add Create and Edit Own permissions for tours #40220

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
de8daf2
Add Create and Edit Own permissions for tours
joomdonation Mar 27, 2023
e210979
Optimize permissions checking
joomdonation Mar 28, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions administrator/components/com_guidedtours/access.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,10 @@
<action name="core.edit.own" title="JACTION_EDITOWN" />
</section>
<section name="tour">
<action name="core.create" title="JACTION_CREATE" />
<action name="core.delete" title="JACTION_DELETE" />
<action name="core.edit" title="JACTION_EDIT" />
<action name="core.edit.state" title="JACTION_EDITSTATE" />
<action name="core.edit.own" title="JACTION_EDITOWN" />
</section>
</access>
64 changes: 64 additions & 0 deletions administrator/components/com_guidedtours/src/Controller/StepController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
namespace Joomla\Component\Guidedtours\Administrator\Controller;

use Joomla\CMS\MVC\Controller\FormController;
use Joomla\Utilities\ArrayHelper;

// phpcs:disable PSR1.Files.SideEffects
\defined('_JEXEC') or die;
Expand All @@ -23,4 +24,67 @@
*/
class StepController extends FormController
{
/**
* Method override to check if you can add a new record.
*
* @param array $data An array of input data.
*
* @return boolean
*
* @since __DEPLOY_VERSION__
*/
protected function allowAdd($data = [])
{
$tourId = ArrayHelper::getValue($data, 'tour_id', $this->app->getUserState('com_guidedtours.tour_id', 0), 'int');

if ($tourId) {
// If the category has been passed in the data or URL check it.
return $this->app->getIdentity()->authorise('core.create', 'com_guidedtours.tour.' . $tourId);
}

// In the absence of better information, revert to the component permissions.
return parent::allowAdd();
}

/**
* Method override to check if you can edit an existing record.
*
* @param array $data An array of input data.
* @param string $key The name of the key for the primary key.
*
* @return boolean
*
* @since __DEPLOY_VERSION__
*/
protected function allowEdit($data = [], $key = 'id')
{
$recordId = (int)$data[$key] ?? 0;
$user = $this->app->getIdentity();
$tourId = (int)$data['tour_id'] ?? $this->app->getUserState('com_guidedtours.tour_id', 0);

// Zero record (id:0), return component edit permission by calling parent controller method
if (!$recordId) {
return parent::allowEdit($data, $key);
}

// Check edit on the record asset
if ($user->authorise('core.edit', 'com_guidedtours.tour.' . $tourId)) {
return true;
}

// Check edit own on the record asset
if ($user->authorise('core.edit.own', 'com_guidedtours.tour.' . $tourId)) {
// Existing record already has an owner, get it
$record = $this->getModel()->getItem($recordId);

if (empty($record)) {
return false;
}

// Grant if current user is owner of the record
return $user->id == $record->created_by;
}

return false;
}
}
50 changes: 50 additions & 0 deletions administrator/components/com_guidedtours/src/Controller/TourController.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,4 +23,54 @@
*/
class TourController extends FormController
{
/**
* Method to check if you can add a new record.
*
* @param array $data An array of input data.
*
* @return boolean
*
* @since __DEPLOY_VERSION__
*/
protected function allowAdd($data = [])
{
return $this->app->getIdentity()->authorise('core.create', $this->option);
}

/**
* Method to check if you can edit a record.
*
* @param array $data An array of input data.
* @param string $key The name of the key for the primary key.
*
* @return boolean
*
* @since __DEPLOY_VERSION__
*/
protected function allowEdit($data = [], $key = 'id')
{
$recordId = (int)$data[$key] ?? 0;
$user = $this->app->getIdentity();

// Check "edit" permission on record asset
if ($user->authorise('core.edit', 'com_guidedtours.tour.' . $recordId)) {
return true;
}

// Check "edit own" permission on record asset
if ($user->authorise('core.edit.own', 'com_guidedtours.tour.' . $recordId)) {
// Need to do a lookup from the model to get the owner
$record = $this->getModel()->getItem($recordId);

if (empty($record)) {
return false;
}

if ($record->created_by == $user->id) {
return true;
}
}

return false;
}
}
2 changes: 1 addition & 1 deletion administrator/components/com_guidedtours/src/View/Step/HtmlView.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -97,7 +97,7 @@ protected function addToolbar()
$userId = $user->id;
$isNew = empty($this->item->id);

$canDo = ContentHelper::getActions('com_guidedtours');
$canDo = ContentHelper::getActions('com_guidedtours', 'tour', $this->item->tour_id);

ToolbarHelper::title(Text::_('COM_GUIDEDTOURS') . ' - ' . ($isNew ? Text::_('COM_GUIDEDTOURS_MANAGER_STEP_NEW') : Text::_('COM_GUIDEDTOURS_MANAGER_STEP_EDIT')), 'map-signs');

Expand Down
2 changes: 1 addition & 1 deletion administrator/components/com_guidedtours/src/View/Steps/HtmlView.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -122,7 +122,7 @@ protected function addToolbar()
// Get the toolbar object instance
$toolbar = Toolbar::getInstance('toolbar');

$canDo = ContentHelper::getActions('com_guidedtours');
$canDo = ContentHelper::getActions('com_guidedtours', 'tour', $this->state->get('filter.tour_id', 0));
$app = Factory::getApplication();
$user = $app->getIdentity();

Expand Down
6 changes: 2 additions & 4 deletions administrator/components/com_guidedtours/src/View/Tour/HtmlView.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,13 +94,11 @@ protected function addToolbar()
{
Factory::getApplication()->input->set('hidemainmenu', true);

$user = Factory::getUser();
$user = Factory::getApplication()->getIdentity();
$userId = $user->id;
$isNew = empty($this->item->id);

$canDo = ContentHelper::getActions('com_guidedtours');

$toolbar = Toolbar::getInstance();
$canDo = ContentHelper::getActions('com_guidedtours', 'tour', $this->item->id);

ToolbarHelper::title(Text::_('COM_GUIDEDTOURS') . ' - ' . ($isNew ? Text::_('COM_GUIDEDTOURS_MANAGER_TOUR_NEW') : Text::_('COM_GUIDEDTOURS_MANAGER_TOUR_EDIT')), 'map-signs');

Expand Down
20 changes: 12 additions & 8 deletions administrator/components/com_guidedtours/tmpl/steps/default.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,23 +27,27 @@
$wa->useScript('table.columns')
->useScript('multiselect');

$app = Factory::getApplication();
$user = $app->getIdentity();
$user = Factory::getApplication()->getIdentity();
$userId = $user->get('id');
$listOrder = $this->escape($this->state->get('list.ordering'));
$listDirn = $this->escape($this->state->get('list.direction'));
$saveOrder = $listOrder == 'a.ordering';
$section = null;
$mode = false;
$tour_id = $this->state->get('filter.tour_id');
$tourId = $this->state->get('filter.tour_id');

$canEdit = $user->authorise('core.edit', 'com_guidedtours.tour.' . $tourId);
$canEditOwnTour = $user->authorise('core.edit.own', 'com_guidedtours.tour.' . $tourId);
$canEditStateTour = $user->authorise('core.edit.state', 'com_guidedtours.tour.' . $tourId);
$hasCheckinPermission = $user->authorise('core.manage', 'com_checkin');

if ($saveOrder && !empty($this->items)) {
$saveOrderingUrl = 'index.php?option=com_guidedtours&task=steps.saveOrderAjax&tmpl=component&' . Session::getFormToken() . '=1';
HTMLHelper::_('draggablelist.draggable');
}
?>

<form action="<?php echo Route::_('index.php?option=com_guidedtours&view=steps&tour_id=' . $tour_id); ?>"
<form action="<?php echo Route::_('index.php?option=com_guidedtours&view=steps&tour_id=' . $tourId); ?>"
method="post" name="adminForm" id="adminForm">
<div id="j-main-container" class="j-main-container">
<?php
Expand Down Expand Up @@ -136,9 +140,9 @@
class="js-draggable" data-url="<?php echo $saveOrderingUrl; ?>" data-direction="<?php echo strtolower($listDirn); ?>" data-nested="true" <?php
endif; ?>>
<?php foreach ($this->items as $i => $item) :
$canEdit = $user->authorise('core.edit', 'com_guidedtours' . '.step.' . $item->id);
$canCheckin = $user->authorise('core.manage', 'com_checkin') || $item->checked_out == $userId || is_null($item->checked_out);
$canChange = $user->authorise('core.edit.state', 'com_guidedtours' . '.step.' . $item->id) && $canCheckin;
$canEditOwn = $canEditOwnTour && $item->created_by == $userId;
$canCheckin = $hasCheckinPermission || $item->checked_out == $userId || is_null($item->checked_out);
$canChange = $canEditStateTour && $canCheckin;
?>

<!-- Row begins -->
Expand Down Expand Up @@ -186,7 +190,7 @@ class="js-draggable" data-url="<?php echo $saveOrderingUrl; ?>" data-direction="
<?php if ($item->checked_out) : ?>
<?php echo HTMLHelper::_('jgrid.checkedout', $i, $item->editor, $item->checked_out_time, 'steps.', $canCheckin); ?>
<?php endif; ?>
<?php if ($canEdit) : ?>
<?php if ($canEdit || $canEditOwn) : ?>
<a href="<?php echo Route::_('index.php?option=com_guidedtours&task=step.edit&id=' . $item->id); ?> " title="<?php echo Text::_('JACTION_EDIT'); ?> <?php echo $this->escape($item->title); ?>">
<?php echo $this->escape($item->title); ?>
</a>
Expand Down
7 changes: 4 additions & 3 deletions administrator/components/com_guidedtours/tmpl/tours/default.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -148,9 +148,10 @@
class="js-draggable" data-url="<?php echo $saveOrderingUrl; ?>" data-direction="<?php echo strtolower($listDirn); ?>" data-nested="true" <?php
endif; ?>>
<?php foreach ($this->items as $i => $item) :
$canEdit = $user->authorise('core.edit', 'com_guidedtours' . '.tour.' . $item->id);
$canEdit = $user->authorise('core.edit', 'com_guidedtours.tour.' . $item->id);
$canEditOwn = $user->authorise('core.edit.own', 'com_guidedtours.tour.' . $item->id) && $item->created_by == $userId;
$canCheckin = $user->authorise('core.manage', 'com_checkin') || $item->checked_out == $userId || is_null($item->checked_out);
$canChange = $user->authorise('core.edit.state', 'com_guidedtours' . '.tour.' . $item->id) && $canCheckin;
$canChange = $user->authorise('core.edit.state', 'com_guidedtours.tour.' . $item->id) && $canCheckin;
?>

<!-- Row begins -->
Expand Down Expand Up @@ -197,7 +198,7 @@ class="js-draggable" data-url="<?php echo $saveOrderingUrl; ?>" data-direction="
<?php if ($item->checked_out) : ?>
<?php echo HTMLHelper::_('jgrid.checkedout', $i, $item->editor, $item->checked_out_time, 'tours.', $canCheckin); ?>
<?php endif; ?>
<?php if ($canEdit) : ?>
<?php if ($canEdit || $canEditOwn) : ?>
<a href="<?php echo Route::_('index.php?option=com_guidedtours&task=tour.edit&id=' . $item->id); ?>" title="<?php echo Text::_('JACTION_EDIT'); ?> <?php echo $this->escape($item->title); ?>">
<?php echo $this->escape($item->title); ?>
</a>
Expand Down