-
-
Notifications
You must be signed in to change notification settings - Fork 173
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Panel\Field::role()
allow passing $roles
#6654
Conversation
ee6c42b
to
54481de
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm not entirely sure why, but when I test this PR in the sandbox lab, I can only add users with admin roles. The other roles vanish from the field.
40a079a
to
045da6b
Compare
@bastianallgeier It's because of this https://github.com/getkirby/kirby/blob/develop-minor/src/Cms/User.php#L588-L591 - for the last admin we exit here too early. That's fine for changing the role, but not creating. Maybe we need to first merge #6657 and then can remove that check. |
3e86173
to
803c1b0
Compare
While testing this, I saw that we still have some kind of logic issue when the permissions to change the role of any user is set to false, but the permission of the own account is set to true. permissions:
users:
changeRole: false When you go to the account view, the Role button is active (which is already wrong), but the dialog will show without the role field. |
@bastianallgeier Do you have more context of your setup for me to reproduce? I have two users. One
permissions:
users:
changeRole: false But account view seems right: Can change role, because EDIT: correction: the button in the user profile is enabled, the dropdown button is disabled 😑 |
I've used the lab setup in the sandbox and added: title: Editor
permissions:
users:
changeRole: false to the editor blueprint |
and then created an |
Oh, yes forgot to mention that. I've created a new editor and logged in as them. |
30d7946
to
b5db86a
Compare
@bastianallgeier what do you think about this b5db86a to solve the UI state for the user profile button? Alternatively, we could simplify it a lot if we just look at the permissions and allow the button to be enabled/the dialog to open but then just show one available role (the current one). There still is a harder problem with |
I have reworked the logic. Going with |
As the last admin case is already covered by the permissions check as well
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Despite the remaining conversation on Discord, I consider this PR done. If we decide to extend the permission dependencies, it would need to be done in a separate step anyway.
Description
Summary of changes
User::roles()
action parameter, that was a turn in the wrong direction$kirby->roles()->canBeCreated()
for when creating a user,$user->roles()
when changing the role of a userUser::roles()
with simplified logic forchangeRole
permission checkingPanel\Field::role()
:UsersView
: use newcanCreate
prop that also takes available roles count into consideration, not just permissionUserView
andUserProfile
: newcanChangeEmail
,canChangeRole
,canChangeName
andcanChangeLanguage
props instead of working with permissions arraycanChangeRole
Reasoning
Different action contexts will have a different set of roles available to display. Instead of putting that logic into the
Panel\Field::roles()
UI method, it should rather allow to pass the appropriate roles collection to this helper method.Previous PRs introduced
User::roles($action)
- that was a turn in the wrong direction as the create and change role actions have very different relations to the user object. For creating,$kirby->roles()
is actually the right base, not$user->roles()
. For these cases, one should use$kirby->roles()->canBeCrreated()
then. This allows to simplify$user->roles()
to always only return the available roles for a user to be changed to.Furthermore, our Panel UI had some problems where it only focused on the general permission, but not the actual available role count. While a user can have the general permission, blueprint options for specific roles can still lead to situations where no roles are available. The UI needs to consider that.
Changelog
Fixes
create
andchangeRole
permissions and user optionsuser permissions: support for
options
broken #5147user permissions: changeRole has no effect #5146
Enhancements
Ready?
Unit tests for fixed bug/feature