Skip to content

Commit fdda5e1

Browse files
dadishdadish
committed
Fix the template override Access rules.
1 parent 99db6e4 commit fdda5e1

File tree

5 files changed

+34
-53
lines changed

5 files changed

+34
-53
lines changed

src/Config.php

Lines changed: 2 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -43,12 +43,8 @@ public function get($key)
4343
return $this->getLegalCreateTemplates();
4444
case 'legalEditTemplates':
4545
return $this->getLegalTemplatesForPermission('page-edit');
46-
case 'legalViewFields':
47-
return $this->getLegalFieldsForPermission('view');
48-
case 'legalCreateFields':
49-
return $this->getLegalFields();
50-
case 'legalEditFields':
51-
return $this->getLegalFieldsForPermission('edit');
46+
case 'legalFields':
47+
return $this->getLegalFields();
5248
default:
5349
return parent::get($key);
5450
}
@@ -126,38 +122,4 @@ protected function getLegalFields()
126122
return Utils::fields()->getAll()->find("name=" . implode('|', $legalFields));
127123
}
128124

129-
protected function getLegalFieldsForPermission($permission = 'view')
130-
{
131-
$fields = $this->getLegalFields();
132-
$roles = $permission . "Roles";
133-
// if superuser give access to everything
134-
if (Utils::user()->isSuperuser()) return $fields;
135-
136-
if (Utils::moduleConfig()->grantFieldsAccess) {
137-
foreach ($fields as $field) {
138-
if ($field->useRoles && !$this->userHasRoleIn($field->$roles)) {
139-
$fields->remove($field);
140-
}
141-
}
142-
} else {
143-
$fields->find("useRoles=1");
144-
foreach ($fields as $field) {
145-
if (!$this->userHasRoleIn($field->$roles)) {
146-
$fields->remove($field);
147-
}
148-
}
149-
}
150-
151-
return $fields;
152-
}
153-
154-
protected function userHasRoleIn($rolesID)
155-
{
156-
$userRolesID = Utils::user()->roles->explode('id');
157-
foreach ($userRolesID as $userRoleID) {
158-
if (in_array($userRoleID, $rolesID)) return true;
159-
}
160-
return false;
161-
}
162-
163125
}

src/Type/Input/TemplatedPageInputType.php

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -52,7 +52,7 @@ public function build($config)
5252
'FieldtypeImage',
5353
];
5454

55-
$legalFieldsName = Utils::moduleConfig()->legalCreateFields->implode('|', 'name');
55+
$legalFieldsName = Utils::moduleConfig()->legalFields->implode('|', 'name');
5656
// the template fields
5757
foreach ($this->template->fields->find("name=$legalFieldsName") as $field) {
5858
$className = $field->type->className();

src/Type/InterfaceType/PageInterfaceType.php

Lines changed: 0 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -29,16 +29,6 @@ public function build($config)
2929
$className = "ProcessWire\\GraphQL\\Field\\Page\\$fieldClassName";
3030
$config->addField(new $className());
3131
}
32-
33-
// add global fields too
34-
$legalFields = Utils::moduleConfig()->legalViewFields;
35-
foreach ($legalFields as $field) {
36-
if ($field->flags & Field::flagGlobal) {
37-
$className = "\\ProcessWire\\GraphQL\\Field\\Page\\Fieldtype\\" . $field->type->className();
38-
if (!class_exists($className)) continue;
39-
$config->addField(new $className($field));
40-
}
41-
}
4232
}
4333

4434
public function resolveType($page)

src/Type/Object/TemplatedPageType.php

Lines changed: 5 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -37,11 +37,14 @@ public function getDescription()
3737

3838
public function build($config)
3939
{
40-
$legalFields = Utils::moduleConfig()->legalViewFields;
40+
$legalFields = Utils::moduleConfig()->legalFields;
4141
$config->applyInterface(new PageInterfaceType());
4242
foreach ($this->template->fields as $field) {
43+
// skip illigal fields
4344
if (!$legalFields->has($field)) continue;
44-
if ($field->flags & Field::flagGlobal) continue; // global fields are already added via PageInterfaceType
45+
// check if user has permission to view this field
46+
if (!Utils::hasFieldPermission('view', $field, $this->template)) continue;
47+
// skip if the field type is not supported
4548
$className = "\\ProcessWire\\GraphQL\\Field\\Page\\Fieldtype\\" . $field->type->className();
4649
if (!class_exists($className)) continue;
4750
$config->addField(new $className($field));

src/Utils.php

Lines changed: 26 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,6 +9,8 @@
99
namespace ProcessWire\GraphQL;
1010

1111
use ProcessWire\Languages;
12+
use ProcessWire\Field;
13+
use ProcessWire\Template;
1214
use ProcessWire\GraphQL\Config;
1315

1416
class Utils {
@@ -189,4 +191,28 @@ public static function getReservedWords()
189191
];
190192
}
191193

194+
/**
195+
* Determines whether the current user has given permission on $field within
196+
* $template's context.
197+
* @param string $permission The permission type. Either 'view' or 'edit'
198+
* @param Field $field The field against the check is performed
199+
* @param Template $template The context of the field.
200+
* @return boolean Returns true if user has rights and false otherwise
201+
*/
202+
public static function hasFieldPermission($permission = 'view', Field $field, Template $template)
203+
{
204+
$field = $template->fields->getFieldContext($field);
205+
if ($field->useRoles) {
206+
$roles = $permission . 'Roles';
207+
foreach (Utils::user()->roles as $role) {
208+
if (in_array($role->id, $field->$roles)) return true;
209+
}
210+
return false;
211+
} else if (Utils::moduleConfig()->grantFieldsAccess) {
212+
return true;
213+
} else {
214+
return false;
215+
}
216+
}
217+
192218
}

0 commit comments

Comments
 (0)