vendor/ibexa/permissions/src/lib/EventSubscriber/FieldPermissionCheckSubscriber.php line 60

Open in your IDE?
  1. <?php
  3. /**
  4. * @copyright Copyright (C) Ibexa AS. All rights reserved.
  5. * @license For full copyright and license information view LICENSE file distributed with this source code.
  6. */
  7. declare(strict_types=1);
  9. namespace Ibexa\Permissions\EventSubscriber;
  11. use Ibexa\ContentForms\Event\ContentCreateFieldOptionsEvent;
  12. use Ibexa\ContentForms\Event\ContentFormEvents;
  13. use Ibexa\ContentForms\Event\ContentUpdateFieldOptionsEvent;
  14. use Ibexa\ContentForms\Event\UserCreateFieldOptionsEvent;
  15. use Ibexa\ContentForms\Event\UserUpdateFieldOptionsEvent;
  16. use Ibexa\Contracts\Core\FieldType\Value;
  17. use Ibexa\Contracts\Core\Limitation\Target;
  18. use Ibexa\Contracts\Core\Repository\ContentService;
  19. use Ibexa\Contracts\Core\Repository\LocationService;
  20. use Ibexa\Contracts\Core\Repository\PermissionResolver;
  21. use Ibexa\Contracts\Core\Repository\Values\Content\Field;
  22. use Ibexa\Core\FieldType\User;
  23. use Symfony\Component\EventDispatcher\EventSubscriberInterface;
  25. class FieldPermissionCheckSubscriber implements EventSubscriberInterface
  26. {
  27. /** @var \Ibexa\Contracts\Core\Repository\ContentService */
  28. private $contentService;
  30. /** @var \Ibexa\Contracts\Core\Repository\LocationService */
  31. private $locationService;
  33. /** @var \Ibexa\Contracts\Core\Repository\PermissionResolver */
  34. private $permissionResolver;
  36. private User\Type $userType;
  38. public function __construct(
  39. ContentService $contentService,
  40. LocationService $locationService,
  41. PermissionResolver $permissionResolver,
  42. User\Type $userType
  43. ) {
  44. $this->contentService = $contentService;
  45. $this->locationService = $locationService;
  46. $this->permissionResolver = $permissionResolver;
  47. $this->userType = $userType;
  48. }
  50. public static function getSubscribedEvents(): array
  51. {
  52. return [
  53. ContentFormEvents::CONTENT_EDIT_FIELD_OPTIONS => 'onContentEditFieldOptions',
  54. ContentFormEvents::CONTENT_CREATE_FIELD_OPTIONS => 'onContentCreateFieldOptions',
  55. ContentFormEvents::USER_EDIT_FIELD_OPTIONS => 'onUserEditFieldOptions',
  56. ContentFormEvents::USER_CREATE_FIELD_OPTIONS => 'onUserCreateFieldOptions',
  57. ];
  58. }
  60. public function onContentCreateFieldOptions(ContentCreateFieldOptionsEvent $event)
  61. {
  62. $contentCreateStruct = clone $event->getContentCreateStruct();
  63. $contentField = $event->getFieldData()->field;
  65. $contentCreateStruct->fields = [
  66. new Field([
  67. 'id' => $contentField->id,
  68. 'fieldDefIdentifier' => $contentField->fieldDefIdentifier,
  69. 'fieldTypeIdentifier' => $contentField->fieldTypeIdentifier,
  70. 'languageCode' => $contentField->languageCode,
  71. 'value' => new class() implements Value {
  72. public function __get(string $property)
  73. {
  74. return uniqid($property);
  75. }
  77. public function __toString(): string
  78. {
  79. return 'non-empty-value';
  80. }
  81. },
  82. ]),
  83. ];
  85. $locationCreateStructs = $contentCreateStruct->getLocationStructs();
  87. if (empty($contentCreateStruct->sectionId)) {
  88. if (isset($locationCreateStructs[0])) {
  89. $location = $this->locationService->loadLocation(
  90. $locationCreateStructs[0]->parentLocationId
  91. );
  92. $contentCreateStruct->sectionId = $location->contentInfo->sectionId;
  93. } else {
  94. $contentCreateStruct->sectionId = 1;
  95. }
  96. }
  98. if (!$this->permissionResolver->canUser('content', 'create', $contentCreateStruct, $locationCreateStructs)) {
  99. $event->setOption('disabled', true);
  100. }
  101. }
  103. public function onContentEditFieldOptions(ContentUpdateFieldOptionsEvent $event): void
  104. {
  105. $updatedFields = [
  106. $event->getFieldData()->field,
  107. ];
  109. $content = $event->getContent();
  110. $contentUpdateStruct = clone $event->getContentUpdateStruct();
  111. $contentUpdateStruct->fields = $updatedFields;
  113. if (!$this->permissionResolver->canUser(
  114. 'content',
  115. 'edit',
  116. $content,
  117. [
  118. (new Target\Builder\VersionBuilder())
  119. ->updateFields($updatedFields)
  120. ->updateFieldsTo(
  121. $contentUpdateStruct->initialLanguageCode,
  122. $contentUpdateStruct->fields
  123. )
  124. ->build(),
  125. ]
  126. )) {
  127. $event->setOption('disabled', true);
  128. }
  129. }
  131. /**
  132. * @throws \Ibexa\Contracts\Core\Repository\Exceptions\InvalidArgumentException
  133. * @throws \Ibexa\Contracts\Core\Repository\Exceptions\BadStateException
  134. */
  135. public function onUserCreateFieldOptions(UserCreateFieldOptionsEvent $event): void
  136. {
  137. $userCreateStruct = clone $event->getUserCreateStruct();
  138. $contentField = $event->getFieldData()->field;
  139. $parentGroups = $userCreateStruct->getParentGroups();
  140. $locationCreateStructs = [];
  141. /** @var \Ibexa\Contracts\Core\Repository\Values\User\UserGroup $parentGroup */
  142. foreach ($parentGroups as $parentGroup) {
  143. $locationCreateStructs[] = $this->locationService->newLocationCreateStruct(
  144. $parentGroup->getContentInfo()->getMainLocationId()
  145. );
  146. }
  148. $userCreateStruct->fields = [
  149. new Field([
  150. 'id' => $contentField->id,
  151. 'fieldDefIdentifier' => $contentField->fieldDefIdentifier,
  152. 'fieldTypeIdentifier' => $contentField->fieldTypeIdentifier,
  153. 'languageCode' => $contentField->languageCode,
  154. 'value' => $this->userType->getEmptyValue(),
  155. ]),
  156. ];
  158. if (!$this->permissionResolver->canUser('content', 'create', $userCreateStruct, $locationCreateStructs)) {
  159. $event->setOption('disabled', true);
  160. }
  161. }
  163. /**
  164. * @throws \Ibexa\Contracts\Core\Repository\Exceptions\InvalidArgumentException
  165. * @throws \Ibexa\Contracts\Core\Repository\Exceptions\BadStateException
  166. */
  167. public function onUserEditFieldOptions(UserUpdateFieldOptionsEvent $event): void
  168. {
  169. $updatedFields = [
  170. $event->getFieldData()->field,
  171. ];
  173. if (!$this->userCanEditContentField($event, $updatedFields)) {
  174. $event->setOption('disabled', true);
  175. }
  176. }
  178. /**
  179. * @param array<\Ibexa\Contracts\Core\Repository\Values\Content\Field> $fields
  180. *
  181. * @throws \Ibexa\Contracts\Core\Repository\Exceptions\InvalidArgumentException
  182. * @throws \Ibexa\Contracts\Core\Repository\Exceptions\BadStateException
  183. */
  184. private function userCanEditContentField(UserUpdateFieldOptionsEvent $event, array $fields): bool
  185. {
  186. return $this->permissionResolver->canUser(
  187. 'content',
  188. 'edit',
  189. $event->getContent(),
  190. [
  191. (new Target\Builder\VersionBuilder())
  192. ->updateFields($fields)
  193. ->updateFieldsTo(
  194. $event->getOption('languageCode'),
  195. $fields,
  196. )
  197. ->build(),
  198. ]
  199. );
  200. }
  201. }
  203. class_alias(FieldPermissionCheckSubscriber::class, 'Ibexa\Platform\Permissions\EventSubscriber\FieldPermissionCheckSubscriber');