Skip to content

Commit

Permalink
Issue 52: Add more cases to access check and improve docs.
Browse files Browse the repository at this point in the history
  • Loading branch information
@AaronGilMartinez
AaronGilMartinez committed Nov 22, 2024
1 parent 9d90827 commit 2b735cc
Show file tree
Hide file tree
Showing 2 changed files with 110 additions and 22 deletions.
9 changes: 6 additions & 3 deletions modules/collabora_online_group/src/Plugin/Group/RelationHandler/CollaboraAccessControl.php
View file
Original file line number Diff line number Diff line change
@@ -1,7 +1,10 @@
<?php

declare(strict_types=1);

namespace Drupal\collabora_online_group\Plugin\Group\RelationHandler;

use Drupal\Core\Access\AccessResultInterface;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Session\AccountInterface;
use Drupal\group\Plugin\Group\RelationHandler\AccessControlInterface;
Expand All @@ -16,7 +19,7 @@ class CollaboraAccessControl extends AccessControl {
use AccessControlTrait;

/**
* Constructs a new GroupAccessControllProvider.
* Constructs a new CollaboraAccessControl.
*
* @param \Drupal\group\Plugin\Group\RelationHandler\AccessControlInterface $parent
* The default access control.
Expand All @@ -28,8 +31,8 @@ public function __construct(AccessControlInterface $parent) {
/**
* {@inheritdoc}
*/
public function entityAccess(EntityInterface $entity, $operation, AccountInterface $account, $return_as_object = FALSE) {
// Add support for unpublished vs published for "preview in collabora".
public function entityAccess(EntityInterface $entity, $operation, AccountInterface $account, $return_as_object = FALSE): AccessResultInterface|bool {
// Add support for unpublished operation: preview in collabora.
$check_published = $operation === 'preview in collabora' && $this->implementsPublishedInterface;

if ($check_published && !$entity->isPublished()) {
Expand Down
123 changes: 104 additions & 19 deletions modules/collabora_online_group/tests/src/Kernel/AccessTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -105,22 +105,43 @@ protected function getTestScenarios(): array {
// The scenario keys contains values used for each scenario:
// 'operation:status:scope:global_permission:group_permission'.
return [
'preview:published:any:::' => [
// Preview no permissions cases.
'preview:published:any::' => [
'result' => FALSE,
'permissions' => [],
'group_permissions' => [],
'operation' => 'preview in collabora',
'status' => 1,
'scope' => 'any',
],
'preview:published:any:preview::' => [
'preview:published:own::' => [
'result' => FALSE,
'permissions' => [],
'group_permissions' => [],
'operation' => 'preview in collabora',
'status' => 1,
'scope' => 'own',
],
// The global permissions that would allow to preview, doesn't work
// in a media related to a group.
'preview:published:any:preview:' => [
'result' => FALSE,
'permissions' => ['preview document in collabora'],
'group_permissions' => [],
'operation' => 'preview in collabora',
'status' => 1,
'scope' => 'any',
],
'preview:published:own:preview:' => [
'result' => FALSE,
'permissions' => ['preview document in collabora'],
'group_permissions' => [],
'operation' => 'preview in collabora',
'status' => 1,
'scope' => 'own',
],
// User can only see published entities with the group preview
// permission.
'preview:published:any::preview' => [
'result' => TRUE,
'permissions' => [],
Expand Down Expand Up @@ -153,46 +174,93 @@ protected function getTestScenarios(): array {
'status' => 0,
'scope' => 'own',
],
'preview:unpublished:own:preview_own::' => [
// The global preview unpublished doesn't affect to medias related
// to a group.
'preview:unpublished:own:preview_own_unpublished:' => [
'result' => FALSE,
'permissions' => ['preview own unpublished document in collabora'],
'group_permissions' => [],
'operation' => 'preview in collabora',
'status' => 0,
'scope' => 'own',
],
'preview:unpublished:own::preview_own' => [
// The group permission to preview own unpublished permission allows
// to see only entities with such properties.
'preview:published:any::preview_own_unpublished' => [
'result' => FALSE,
'permissions' => [],
'group_permissions' => ['preview own unpublished group_media:document in collabora'],
'operation' => 'preview in collabora',
'status' => 1,
'scope' => 'any',
],
'preview:published:own::preview_own_unpublished' => [
'result' => FALSE,
'permissions' => [],
'group_permissions' => ['preview own unpublished group_media:document in collabora'],
'operation' => 'preview in collabora',
'status' => 1,
'scope' => 'own',
],
'preview:unpublished:own::preview_own_unpublished' => [
'result' => TRUE,
'permissions' => [],
'group_permissions' => ['preview own unpublished group_media:document in collabora'],
'operation' => 'preview in collabora',
'status' => 0,
'scope' => 'own',
],
'preview:published:own::preview_own' => [
'preview:unpublished:any::preview_own_unpublished' => [
'result' => FALSE,
'permissions' => [],
'group_permissions' => ['preview own unpublished group_media:document in collabora'],
'operation' => 'preview in collabora',
'status' => 1,
'scope' => 'own',
'status' => 0,
'scope' => 'any',
],
'edit:published:any:::' => [
// Edit no permissions cases.
'edit:published:any::' => [
'result' => FALSE,
'permissions' => [],
'group_permissions' => [],
'operation' => 'edit in collabora',
'status' => 1,
'scope' => 'any',
],
'edit:published:any:edit_any::' => [
'edit:published:own::' => [
'result' => FALSE,
'permissions' => [],
'group_permissions' => [],
'operation' => 'edit in collabora',
'status' => 1,
'scope' => 'own',
],
// The global permission doesn't grant access to edit in a group.
'edit:published:any:edit_any:' => [
'result' => FALSE,
'permissions' => ['edit any document in collabora'],
'group_permissions' => [],
'operation' => 'edit in collabora',
'status' => 1,
'scope' => 'any',
],
'edit:published:own:edit_any:' => [
'result' => FALSE,
'permissions' => ['edit any document in collabora'],
'group_permissions' => [],
'operation' => 'edit in collabora',
'status' => 1,
'scope' => 'own',
],
'edit:published:own:edit_own:' => [
'result' => FALSE,
'permissions' => ['edit own document in collabora'],
'group_permissions' => [],
'operation' => 'edit in collabora',
'status' => 1,
'scope' => 'own',
],
// Only users with edit any permission in a group can edit all.
'edit:published:any::edit_any' => [
'result' => TRUE,
'permissions' => [],
Expand All @@ -209,22 +277,23 @@ protected function getTestScenarios(): array {
'status' => 1,
'scope' => 'own',
],
'edit:published:own::' => [
'result' => FALSE,
'edit:unpublished:any::edit_any' => [
'result' => TRUE,
'permissions' => [],
'group_permissions' => [],
'group_permissions' => ['edit any group_media:document in collabora'],
'operation' => 'edit in collabora',
'status' => 1,
'scope' => 'own',
'status' => 0,
'scope' => 'any',
],
'edit:published:own:edit_own:' => [
'result' => FALSE,
'permissions' => ['edit own document in collabora'],
'group_permissions' => [],
'edit:unpublished:own::edit_any' => [
'result' => TRUE,
'permissions' => [],
'group_permissions' => ['edit any group_media:document in collabora'],
'operation' => 'edit in collabora',
'status' => 1,
'status' => 0,
'scope' => 'own',
],
// Or edit own permission for the entities the user owns.
'edit:published:own::edit_own' => [
'result' => TRUE,
'permissions' => [],
Expand All @@ -233,6 +302,14 @@ protected function getTestScenarios(): array {
'status' => 1,
'scope' => 'own',
],
'edit:unpublished:own::edit_own' => [
'result' => TRUE,
'permissions' => [],
'group_permissions' => ['edit own group_media:document in collabora'],
'operation' => 'edit in collabora',
'status' => 0,
'scope' => 'own',
],
'edit:published:any::edit_own' => [
'result' => FALSE,
'permissions' => [],
Expand All @@ -241,6 +318,14 @@ protected function getTestScenarios(): array {
'status' => 1,
'scope' => 'any',
],
'edit:unpublished:any::edit_own' => [
'result' => FALSE,
'permissions' => [],
'group_permissions' => ['edit own group_media:document in collabora'],
'operation' => 'edit in collabora',
'status' => 0,
'scope' => 'any',
],
];
}

Expand Down

0 comments on commit 2b735cc

Please sign in to comment.