Refactor Config for more granular permissions control.

Author: dadish

src/Config.php

@@ -4,6 +4,7 @@
 
 use ProcessWire\WireData;
 use ProcessWire\ProcessGraphQL;
+use ProcessWire\GraphQL\Utils;
 
 class Config extends WireData {
 
@@ -13,20 +14,12 @@ public function __construct(ProcessGraphQL $module)
   {
     $this->module = $module;
 
-    // cache reference for useful ProcessWire API variables
-    $apiVars = [
-      'templates',
-      'fields',
-      'roles',
-      'users',
-      'pages',
-    ];
-    foreach ($apiVars as $varName) {
-      $this->$varName = \ProcessWire\wire($varName);
-    }
-
     // Assign Config to module so we can access it easily accross the module codebase.
     $module->Config = $this;
+
+    // Wierd behavior with ProcessWire. $user->hasPermission() does not
+    // work if you do not load the required roles beforehand.
+    Utils::roles()->find("");
   }
 
   public function get($key)
@@ -39,8 +32,18 @@ public function get($key)
         return $this->module->$key;
       case 'legalTemplates':
         return $this->getLegalTemplates();
+      case 'legalViewTemplates':
+        return $this->getLegalTemplatesForPermission('page-view');
+      case 'legalCreateTemplates':
+        return $this->getLegalTemplatesForPermission('page-create');
+      case 'legalEditTemplates':
+        return $this->getLegalTemplatesForPermission('page-edit');
       case 'legalFields':
         return $this->getLegalFields();
+      case 'legalViewFields':
+        return $this->getLegalFieldsForPermission('view');
+      case 'legalEditFields':
+        return $this->getLegalFieldsForPermission('edit');
       default:
         return parent::get($key);
     }
@@ -49,28 +52,48 @@ public function get($key)
   protected function getLegalTemplates()
   {
     $legalTemplates = $this->module->legalTemplates;
-    $templates = \ProcessWire\wire('templates')->find("name=" . implode('|', $legalTemplates));
-    $user = \ProcessWire\wire('user');
-
-    // Wierd behavior with ProcessWire. $user->hasPermission() does not
-    // work if you do not load the required roles beforehand.
-    \ProcessWire\wire('roles')->find("");
+    $templates = Utils::templates()->find("name=" . implode('|', $legalTemplates));
+    return $templates;
+  }
 
+  protected function getLegalTemplatesForPermission($permission = 'page-view')
+  {
+    $templates = $this->getLegalTemplates();
     foreach ($templates as $template) {
-      // We serve only those that user has permission to view
-      if (!$user->hasTemplatePermission('page-view', $template)) {
+      if (!Utils::user()->hasTemplatePermission($permission, $template)) {
         $templates->remove($template);
       }
     }
-
     return $templates;
   }
 
   protected function getLegalFields()
   {
     $legalFields = $this->module->legalFields;
-    $fields = \ProcessWire\wire('fields')->find("name=" . implode('|', $legalFields));
+    $fields = Utils::fields()->find("name=" . implode('|', $legalFields));
+    if (Utils::user()->isSuperuser()) return $fields;
+    return $fields->find("useRoles=1");
+  }
+
+  protected function getLegalFieldsForPermission($permission = 'view')
+  {
+    $fields = $this->getLegalFields();
+    $rolesType = $permission . "Roles";
+    foreach ($fields as $field) {
+      if (!$this->userHasPermission($field->$rolesType)) {
+        $fields->remove($field);
+      }
+    }
     return $fields;
   }
 
+  protected function userHasPermission($rolesID)
+  {
+    $userRolesID = Utils::user()->roles->explode('id');
+    foreach ($userRolesID as $userRoleID) {
+      if (in_array($userRoleID, $rolesID)) return true;
+    }
+    return false;
+  }
+
 }

src/Schema.php

@@ -27,7 +27,7 @@ public function build(SchemaConfig $config)
     $query->addField(new PagesField());
 
     // $templates
-    foreach (Utils::moduleConfig()->legalTemplates as $template) {
+    foreach (Utils::moduleConfig()->legalViewTemplates as $template) {
       $query->addField(new TemplatedPageArrayField($template));
     }
 
@@ -54,7 +54,7 @@ public function build(SchemaConfig $config)
     $mutation = $config->getMutation();
 
     // CreatePage
-    foreach (Utils::moduleConfig()->legalTemplates as $template) {
+    foreach (Utils::moduleConfig()->legalCreateTemplates as $template) {
       $mutation->addField(new CreateTemplatedPage($template));
     }
 

src/Type/InterfaceType/PaginatedArrayType.php

@@ -68,7 +68,7 @@ public function resolveType($pageArray)
 
     // if there is only one template selected then we can assume it is a TemplatedPageArray
     if (count($templateSelector->values) === 1) {
-      $template = Utils::moduleConfig()->legalTemplates->get($templateSelector->values[0]);
+      $template = Utils::moduleConfig()->legalViewTemplates->get($templateSelector->values[0]);
       return new TemplatedPageArrayType($template);
     }
     return new PageArrayType();

src/Type/Scalar/SelectorType.php

@@ -40,7 +40,7 @@ public function serialize($selectors)
 
     // make sure to limit the search to legal templates only
     $templateSelector = self::findSelectorByField($selectors, 'template');
-    $legalTemplates = Utils::moduleConfig()->legalTemplates;
+    $legalTemplates = Utils::moduleConfig()->legalViewTemplates;
     $names = [];
 
     if ($templateSelector instanceof Selector) {

src/Utils.php

@@ -50,6 +50,15 @@ public static function modules()
     return self::wire('modules');
   }
 
+ /**
+  * Shortcut for wire('templates')
+  * @return \ProcessWire\Fields The ProcessWire $templates API variable.
+  */
+  public static function templates()
+  {
+    return self::wire('templates');
+  }
+
  /**
   * Shortcut for wire('fields')
   * @return \ProcessWire\Fields The ProcessWire $fields API variable.