From 3ae744200570ec078a614b4cf2fbbd00cbdc9216 Mon Sep 17 00:00:00 2001 From: Robbie Mackay Date: Mon, 10 Jul 2017 16:16:12 +1200 Subject: [PATCH] Refactor PermissionAccess trait to allow checking for multiple permissions Refactors PermissionAccess not to be tied to getPermission fn on the current class, instead we pass permission as a parameter and use constants on the Permission entity to define possible permission values. --- .../Ushahidi/Repository/Form/Attribute.php | 5 +--- .../Ushahidi/Repository/Form/Stage.php | 10 +++----- .../classes/Ushahidi/Repository/Post.php | 9 +++---- .../Ushahidi/Validator/Post/Create.php | 6 ++--- src/Core/Entity/Permission.php | 6 +++++ src/Core/Tool/Authorizer/CSVAuthorizer.php | 11 +++----- src/Core/Tool/Authorizer/ConfigAuthorizer.php | 11 +++----- .../Authorizer/DataProviderAuthorizer.php | 13 +++------- src/Core/Tool/Authorizer/FormAuthorizer.php | 11 +++----- src/Core/Tool/Authorizer/PostAuthorizer.php | 11 +++----- src/Core/Tool/Authorizer/SetAuthorizer.php | 11 +++----- src/Core/Tool/Authorizer/TagAuthorizer.php | 11 +++----- src/Core/Tool/Authorizer/UserAuthorizer.php | 11 +++----- src/Core/Tool/Permissions/Permissionable.php | 22 ---------------- src/Core/Traits/PermissionAccess.php | 7 +++--- src/Core/Traits/Permissions/DataExport.php | 25 ------------------- src/Core/Traits/Permissions/DataImport.php | 25 ------------------- src/Core/Traits/Permissions/ManagePosts.php | 25 ------------------- .../Traits/Permissions/ManageSettings.php | 25 ------------------- src/Core/Traits/Permissions/ManageUsers.php | 25 ------------------- src/Core/Traits/PostValueRestrictions.php | 6 ++--- 21 files changed, 46 insertions(+), 240 deletions(-) delete mode 100644 src/Core/Tool/Permissions/Permissionable.php delete mode 100644 src/Core/Traits/Permissions/DataExport.php delete mode 100644 src/Core/Traits/Permissions/DataImport.php delete mode 100644 src/Core/Traits/Permissions/ManagePosts.php delete mode 100644 src/Core/Traits/Permissions/ManageSettings.php delete mode 100644 src/Core/Traits/Permissions/ManageUsers.php diff --git a/application/classes/Ushahidi/Repository/Form/Attribute.php b/application/classes/Ushahidi/Repository/Form/Attribute.php index ba15c0fa1e..17662ce0e5 100644 --- a/application/classes/Ushahidi/Repository/Form/Attribute.php +++ b/application/classes/Ushahidi/Repository/Form/Attribute.php @@ -15,7 +15,6 @@ use Ushahidi\Core\Entity\FormAttributeRepository; use Ushahidi\Core\Entity\FormStageRepository; use Ushahidi\Core\Entity\FormRepository; -use Ushahidi\Core\Traits\PostValueRestrictions; use Ushahidi\Core\Traits\UserContext; use Ramsey\Uuid\Uuid; @@ -26,8 +25,6 @@ class Ushahidi_Repository_Form_Attribute extends Ushahidi_Repository implements { use UserContext; - use PostValueRestrictions; - protected $form_stage_repo; protected $form_repo; @@ -97,7 +94,7 @@ public function create(Entity $entity) } return $this->executeInsertAttribute($this->removeNullValues($record)); } - + // Override SearchRepository public function setSearchParams(SearchData $search) { diff --git a/application/classes/Ushahidi/Repository/Form/Stage.php b/application/classes/Ushahidi/Repository/Form/Stage.php index 86c0139032..ced8918f5e 100644 --- a/application/classes/Ushahidi/Repository/Form/Stage.php +++ b/application/classes/Ushahidi/Repository/Form/Stage.php @@ -19,24 +19,20 @@ use Ushahidi\Core\Traits\AdminAccess; use Ushahidi\Core\Traits\PermissionAccess; -use Ushahidi\Core\Traits\Permissions\ManagePosts; class Ushahidi_Repository_Form_Stage extends Ushahidi_Repository implements FormStageRepository { use UserContext; + // Provides `hasPermission` + use PermissionAccess; + use PostValueRestrictions; // Checks if user is Admin use AdminAccess; - // Provides `hasPermission` - use PermissionAccess; - - // Provides `getPermission` - use ManagePosts; - protected $form_id; protected $form_repo; diff --git a/application/classes/Ushahidi/Repository/Post.php b/application/classes/Ushahidi/Repository/Post.php index 51147450e8..d7cd7b79ff 100644 --- a/application/classes/Ushahidi/Repository/Post.php +++ b/application/classes/Ushahidi/Repository/Post.php @@ -13,6 +13,7 @@ use Ushahidi\Core\Entity\FormRepository; use Ushahidi\Core\Entity\FormAttributeRepository; use Ushahidi\Core\Entity\FormStageRepository; +use Ushahidi\Core\Entity\Permission; use Ushahidi\Core\Entity\Post; use Ushahidi\Core\Entity\PostValueContainer; use Ushahidi\Core\Entity\PostRepository; @@ -37,8 +38,7 @@ class Ushahidi_Repository_Post extends Ushahidi_Repository implements PostRepository, UpdatePostRepository, - SetPostRepository, - Permissionable + SetPostRepository { use UserContext; @@ -48,9 +48,6 @@ class Ushahidi_Repository_Post extends Ushahidi_Repository implements // Use the JSON transcoder to encode properties use Ushahidi_JsonTranscodeRepository; - // Provides `getPermission` - use ManagePosts; - // Provides `hasPermission` use PermissionAccess; @@ -495,7 +492,7 @@ protected function setSearchConditions(SearchData $search) if (!$user->id) { $query->where("$table.status", '=', 'published'); } elseif (!$this->isUserAdmin($user) and - !$this->hasPermission($user, $this->getPermission())) { + !$this->hasPermission($user, Permission::MANAGE_POSTS)) { $query ->and_where_open() ->where("$table.status", '=', 'published') diff --git a/application/classes/Ushahidi/Validator/Post/Create.php b/application/classes/Ushahidi/Validator/Post/Create.php index de33b2d766..f9f22fb77a 100644 --- a/application/classes/Ushahidi/Validator/Post/Create.php +++ b/application/classes/Ushahidi/Validator/Post/Create.php @@ -14,6 +14,7 @@ use Ushahidi\Core\Entity\FormStageRepository; use Ushahidi\Core\Entity\UserRepository; use Ushahidi\Core\Entity\FormRepository; +use Ushahidi\Core\Entity\Permission; use Ushahidi\Core\Entity\PostRepository; use Ushahidi\Core\Entity\RoleRepository; use Ushahidi\Core\Entity\PostSearchData; @@ -35,9 +36,6 @@ class Ushahidi_Validator_Post_Create extends Validator // Checks if user is Admin use AdminAccess; - // Provides `getPermission` - use ManagePosts; - protected $repo; protected $attribute_repo; protected $stage_repo; @@ -191,7 +189,7 @@ public function checkApprovalRequired (Validation $validation, $status, $fullDat $user = $this->getUser(); // Do we have permission to publish this post? - $userCanChangeStatus = ($this->isUserAdmin($user) or $this->hasPermission($user)); + $userCanChangeStatus = ($this->isUserAdmin($user) or $this->hasPermission($user, Permission::MANAGE_POSTS)); // .. if yes, any status is ok. if ($userCanChangeStatus) { return; diff --git a/src/Core/Entity/Permission.php b/src/Core/Entity/Permission.php index 4e31557ade..d229a2fe28 100644 --- a/src/Core/Entity/Permission.php +++ b/src/Core/Entity/Permission.php @@ -19,6 +19,12 @@ class Permission extends StaticEntity protected $name; protected $description; + // Standard permissions names + const DATA_IMPORT = 'Bulk Data Import'; + const MANAGE_POSTS = 'Manage Posts'; + const MANAGE_SETTINGS = 'Manage Settings'; + const MANAGE_USERS = 'Manage Users'; + // DataTransformer public function getDefinition() { diff --git a/src/Core/Tool/Authorizer/CSVAuthorizer.php b/src/Core/Tool/Authorizer/CSVAuthorizer.php index 0ddbe5904b..165a80125b 100644 --- a/src/Core/Tool/Authorizer/CSVAuthorizer.php +++ b/src/Core/Tool/Authorizer/CSVAuthorizer.php @@ -13,17 +13,15 @@ use Ushahidi\Core\Entity; use Ushahidi\Core\Entity\CSV; +use Ushahidi\Core\Entity\Permission; use Ushahidi\Core\Tool\Authorizer; -use Ushahidi\Core\Tool\Permissions\Acl; -use Ushahidi\Core\Tool\Permissions\Permissionable; use Ushahidi\Core\Traits\AdminAccess; use Ushahidi\Core\Traits\UserContext; use Ushahidi\Core\Traits\PrivAccess; use Ushahidi\Core\Traits\PermissionAccess; -use Ushahidi\Core\Traits\Permissions\DataImport; use Ushahidi\Core\Traits\DataImportAccess; -class CSVAuthorizer implements Authorizer, Permissionable +class CSVAuthorizer implements Authorizer { use UserContext; @@ -37,9 +35,6 @@ class CSVAuthorizer implements Authorizer, Permissionable // if roles are available for this deployment. use PermissionAccess; - // Provides `getPermission` - use DataImport; - // Check if the user can import data use DataImportAccess; @@ -55,7 +50,7 @@ public function isAllowed(Entity $entity, $privilege) $user = $this->getUser(); // Allow role with the right permissions - if ($this->hasPermission($user)) { + if ($this->hasPermission($user, Permission::DATA_IMPORT)) { return true; } diff --git a/src/Core/Tool/Authorizer/ConfigAuthorizer.php b/src/Core/Tool/Authorizer/ConfigAuthorizer.php index 8009d0b47f..6a76fb6516 100644 --- a/src/Core/Tool/Authorizer/ConfigAuthorizer.php +++ b/src/Core/Tool/Authorizer/ConfigAuthorizer.php @@ -15,17 +15,15 @@ use Ushahidi\Core\Entity\Config; use Ushahidi\Core\Entity\User; use Ushahidi\Core\Entity\UserRepository; +use Ushahidi\Core\Entity\Permission; use Ushahidi\Core\Tool\Authorizer; -use Ushahidi\Core\Tool\Permissions\Acl; -use Ushahidi\Core\Tool\Permissions\Permissionable; use Ushahidi\Core\Traits\AdminAccess; use Ushahidi\Core\Traits\UserContext; use Ushahidi\Core\Traits\PrivAccess; use Ushahidi\Core\Traits\PermissionAccess; -use Ushahidi\Core\Traits\Permissions\ManageSettings; // The `ConfigAuthorizer` class is responsible for access checks on `Config` Entities -class ConfigAuthorizer implements Authorizer, Permissionable +class ConfigAuthorizer implements Authorizer { // The access checks are run under the context of a specific user use UserContext; @@ -40,9 +38,6 @@ class ConfigAuthorizer implements Authorizer, Permissionable // if roles are available for this deployment. use PermissionAccess; - // Provides `getPermission` - use ManageSettings; - /** * Public config groups * @var [string, ...] @@ -67,7 +62,7 @@ public function isAllowed(Entity $entity, $privilege) } // Allow role with the right permissions to do everything else - if ($this->hasPermission($user)) { + if ($this->hasPermission($user, Permission::MANAGE_SETTINGS)) { return true; } diff --git a/src/Core/Tool/Authorizer/DataProviderAuthorizer.php b/src/Core/Tool/Authorizer/DataProviderAuthorizer.php index 6d8911e5b2..9e13409367 100644 --- a/src/Core/Tool/Authorizer/DataProviderAuthorizer.php +++ b/src/Core/Tool/Authorizer/DataProviderAuthorizer.php @@ -13,16 +13,14 @@ use Ushahidi\Core\Tool\Authorizer; use Ushahidi\Core\Entity; -use Ushahidi\Core\Tool\Permissions\Acl; -use Ushahidi\Core\Tool\Permissions\Permissionable; +use Ushahidi\Core\Entity\Permission; use Ushahidi\Core\Traits\UserContext; use Ushahidi\Core\Traits\AdminAccess; use Ushahidi\Core\Traits\PrivAccess; use Ushahidi\Core\Traits\PermissionAccess; -use Ushahidi\Core\Traits\Permissions\ManageSettings; // The `DataProviderAuthorizer` class is responsible for access checks on `DataProvider` Entities -class DataProviderAuthorizer implements Authorizer, Permissionable +class DataProviderAuthorizer implements Authorizer { // The access checks are run under the context of a specific user use UserContext; @@ -37,17 +35,14 @@ class DataProviderAuthorizer implements Authorizer, Permissionable // if roles are available for this deployment. use PermissionAccess; - // Provides `getPermission` - use ManageSettings; - // Authorizer public function isAllowed(Entity $entity, $privilege) { // These checks are run within the user context. $user = $this->getUser(); - + // Allow role with the right permissions - if ($this->hasPermission($user)) { + if ($this->hasPermission($user, Permission::MANAGE_SETTINGS)) { return true; } diff --git a/src/Core/Tool/Authorizer/FormAuthorizer.php b/src/Core/Tool/Authorizer/FormAuthorizer.php index 5f02f9ecca..5b8ddb6a8e 100644 --- a/src/Core/Tool/Authorizer/FormAuthorizer.php +++ b/src/Core/Tool/Authorizer/FormAuthorizer.php @@ -14,19 +14,17 @@ use Ushahidi\Core\Entity; use Ushahidi\Core\Entity\Form; use Ushahidi\Core\Entity\FormRepository; +use Ushahidi\Core\Entity\Permission; use Ushahidi\Core\Tool\Authorizer; -use Ushahidi\Core\Tool\Permissions\Acl; -use Ushahidi\Core\Tool\Permissions\Permissionable; use Ushahidi\Core\Traits\AdminAccess; use Ushahidi\Core\Traits\UserContext; use Ushahidi\Core\Traits\ParentAccess; use Ushahidi\Core\Traits\PrivAccess; use Ushahidi\Core\Traits\PrivateDeployment; use Ushahidi\Core\Traits\PermissionAccess; -use Ushahidi\Core\Traits\Permissions\ManageSettings; // The `FormAuthorizer` class is responsible for access checks on `Forms` -class FormAuthorizer implements Authorizer, Permissionable +class FormAuthorizer implements Authorizer { // The access checks are run under the context of a specific user use UserContext; @@ -45,9 +43,6 @@ class FormAuthorizer implements Authorizer, Permissionable // Check that the user has the necessary permissions use PermissionAccess; - // Provides `getPermission` - use ManageSettings; - // It requires a `FormRepository` to load parent posts too. protected $form_repo; @@ -71,7 +66,7 @@ public function isAllowed(Entity $entity, $privilege) } // Allow role with the right permissions - if ($this->hasPermission($user)) { + if ($this->hasPermission($user, Permission::MANAGE_SETTINGS)) { return true; } diff --git a/src/Core/Tool/Authorizer/PostAuthorizer.php b/src/Core/Tool/Authorizer/PostAuthorizer.php index 2eebd504a0..88a7fcd85b 100644 --- a/src/Core/Tool/Authorizer/PostAuthorizer.php +++ b/src/Core/Tool/Authorizer/PostAuthorizer.php @@ -17,9 +17,8 @@ use Ushahidi\Core\Entity\FormRepository; use Ushahidi\Core\Entity\UserRepository; use Ushahidi\Core\Entity\PostRepository; +use Ushahidi\Core\Entity\Permission; use Ushahidi\Core\Tool\Authorizer; -use Ushahidi\Core\Tool\Permissions\Acl; -use Ushahidi\Core\Tool\Permissions\Permissionable; use Ushahidi\Core\Traits\AdminAccess; use Ushahidi\Core\Traits\OwnerAccess; use Ushahidi\Core\Traits\ParentAccess; @@ -27,10 +26,9 @@ use Ushahidi\Core\Traits\UserContext; use Ushahidi\Core\Traits\PrivateDeployment; use Ushahidi\Core\Traits\PermissionAccess; -use Ushahidi\Core\Traits\Permissions\ManagePosts; // The `PostAuthorizer` class is responsible for access checks on `Post` Entities -class PostAuthorizer implements Authorizer, Permissionable +class PostAuthorizer implements Authorizer { // The access checks are run under the context of a specific user use UserContext; @@ -51,9 +49,6 @@ class PostAuthorizer implements Authorizer, Permissionable // if roles are available for this deployment. use PermissionAccess; - // Provides `getPermission` - use ManagePosts; - /** * Get a list of all possible privilges. * By default, returns standard HTTP REST methods. @@ -92,7 +87,7 @@ public function isAllowed(Entity $entity, $privilege) } // First check whether there is a role with the right permissions - if ($this->hasPermission($user)) { + if ($this->hasPermission($user, Permission::MANAGE_POSTS)) { return true; } diff --git a/src/Core/Tool/Authorizer/SetAuthorizer.php b/src/Core/Tool/Authorizer/SetAuthorizer.php index 393413cf50..9b09b40f39 100644 --- a/src/Core/Tool/Authorizer/SetAuthorizer.php +++ b/src/Core/Tool/Authorizer/SetAuthorizer.php @@ -14,19 +14,17 @@ use Ushahidi\Core\Entity; use Ushahidi\Core\Entity\User; use Ushahidi\Core\Entity\Set; +use Ushahidi\Core\Entity\Permission; use Ushahidi\Core\Tool\Authorizer; -use Ushahidi\Core\Tool\Permissions\Acl; -use Ushahidi\Core\Tool\Permissions\Permissionable; use Ushahidi\Core\Traits\AdminAccess; use Ushahidi\Core\Traits\OwnerAccess; use Ushahidi\Core\Traits\UserContext; use Ushahidi\Core\Traits\PrivAccess; use Ushahidi\Core\Traits\PrivateDeployment; use Ushahidi\Core\Traits\PermissionAccess; -use Ushahidi\Core\Traits\Permissions\ManagePosts; // The `SetAuthorizer` class is responsible for access checks on `Sets` -class SetAuthorizer implements Authorizer, Permissionable +class SetAuthorizer implements Authorizer { // The access checks are run under the context of a specific user use UserContext; @@ -46,9 +44,6 @@ class SetAuthorizer implements Authorizer, Permissionable // if roles are available for this deployment. use PermissionAccess; - // Provides `getPermission` - use ManagePosts; - protected function isVisibleToUser(Set $entity, $user) { if ($entity->role) { @@ -71,7 +66,7 @@ public function isAllowed(Entity $entity, $privilege) } // First check whether there is a role with the right permissions - if ($this->hasPermission($user)) { + if ($this->hasPermission($user, Permission::MANAGE_POSTS)) { return true; } diff --git a/src/Core/Tool/Authorizer/TagAuthorizer.php b/src/Core/Tool/Authorizer/TagAuthorizer.php index acda431f22..884a5eb438 100644 --- a/src/Core/Tool/Authorizer/TagAuthorizer.php +++ b/src/Core/Tool/Authorizer/TagAuthorizer.php @@ -14,18 +14,16 @@ use Ushahidi\Core\Entity; use Ushahidi\Core\Entity\User; use Ushahidi\Core\Entity\Tag; +use Ushahidi\Core\Entity\Permission; use Ushahidi\Core\Tool\Authorizer; -use Ushahidi\Core\Tool\Permissions\Acl; -use Ushahidi\Core\Tool\Permissions\Permissionable; use Ushahidi\Core\Traits\AdminAccess; use Ushahidi\Core\Traits\UserContext; use Ushahidi\Core\Traits\PrivAccess; use Ushahidi\Core\Traits\PrivateDeployment; use Ushahidi\Core\Traits\PermissionAccess; -use Ushahidi\Core\Traits\Permissions\ManageSettings; // The `TagAuthorizer` class is responsible for access checks on `Tags` -class TagAuthorizer implements Authorizer, Permissionable +class TagAuthorizer implements Authorizer { // The access checks are run under the context of a specific user use UserContext; @@ -43,9 +41,6 @@ class TagAuthorizer implements Authorizer, Permissionable // if roles are available for this deployment. use PermissionAccess; - // Provides `getPermission` - use ManageSettings; - protected function isUserOfRole(Tag $entity, $user) { if ($entity->role) { @@ -68,7 +63,7 @@ public function isAllowed(Entity $entity, $privilege) } // First check whether there is a role with the right permissions - if ($this->hasPermission($user)) { + if ($this->hasPermission($user, Permission::MANAGE_SETTINGS)) { return true; } diff --git a/src/Core/Tool/Authorizer/UserAuthorizer.php b/src/Core/Tool/Authorizer/UserAuthorizer.php index d0123273fd..c751f308ee 100644 --- a/src/Core/Tool/Authorizer/UserAuthorizer.php +++ b/src/Core/Tool/Authorizer/UserAuthorizer.php @@ -13,18 +13,16 @@ use Ushahidi\Core\Entity; use Ushahidi\Core\Entity\User; +use Ushahidi\Core\Entity\Permission; use Ushahidi\Core\Tool\Authorizer; -use Ushahidi\Core\Tool\Permissions\Acl; -use Ushahidi\Core\Tool\Permissions\Permissionable; use Ushahidi\Core\Traits\AdminAccess; use Ushahidi\Core\Traits\UserContext; use Ushahidi\Core\Traits\PrivAccess; use Ushahidi\Core\Traits\PrivateDeployment; use Ushahidi\Core\Traits\PermissionAccess; -use Ushahidi\Core\Traits\Permissions\ManageUsers; // The `UserAuthorizer` class is responsible for access checks on `Users` -class UserAuthorizer implements Authorizer, Permissionable +class UserAuthorizer implements Authorizer { // The access checks are run under the context of a specific user use UserContext; @@ -41,9 +39,6 @@ class UserAuthorizer implements Authorizer, Permissionable // Check that the user has the necessary permissions use PermissionAccess; - // Provides `getPermission` - use ManageUsers; - /** * Get a list of all possible privilges. * By default, returns standard HTTP REST methods. @@ -71,7 +66,7 @@ public function isAllowed(Entity $entity, $privilege) } // Role with the Manage Users permission can manage all users - if ($this->hasPermission($user)) { + if ($this->hasPermission($user, Permission::MANAGE_USERS)) { return true; } diff --git a/src/Core/Tool/Permissions/Permissionable.php b/src/Core/Tool/Permissions/Permissionable.php deleted file mode 100644 index 540fbbf7a8..0000000000 --- a/src/Core/Tool/Permissions/Permissionable.php +++ /dev/null @@ -1,22 +0,0 @@ - - * @package Ushahidi\Platform - * @copyright 2014 Ushahidi - * @license https://www.gnu.org/licenses/agpl-3.0.html GNU Affero General Public License Version 3 (AGPL3) - */ - -namespace Ushahidi\Core\Tool\Permissions; - -interface Permissionable -{ - /** - * Get required permission - * - * @return String - */ - public function getPermission(); -} diff --git a/src/Core/Traits/PermissionAccess.php b/src/Core/Traits/PermissionAccess.php index 78f6338951..730cba2b01 100644 --- a/src/Core/Traits/PermissionAccess.php +++ b/src/Core/Traits/PermissionAccess.php @@ -14,6 +14,7 @@ namespace Ushahidi\Core\Traits; use Ushahidi\Core\Tool\Permissions\Acl; +use Ushahidi\Core\Entity\User; trait PermissionAccess { @@ -43,14 +44,14 @@ protected function hasRolesEnabled() * Check if the user has permission * @return boolean */ - protected function hasPermission($user) + protected function hasPermission(User $user, $permission) { // Don't check for permissions if we don't have the // roles feature enabled if (!$this->hasRolesEnabled()) { return false; } - - return $this->acl->hasPermission($user, $this->getPermission()); + + return $this->acl->hasPermission($user, $permission); } } diff --git a/src/Core/Traits/Permissions/DataExport.php b/src/Core/Traits/Permissions/DataExport.php deleted file mode 100644 index 437fb8e50f..0000000000 --- a/src/Core/Traits/Permissions/DataExport.php +++ /dev/null @@ -1,25 +0,0 @@ - - * @package Ushahidi\Application - * @copyright 2014 Ushahidi - * @license https://www.gnu.org/licenses/agpl-3.0.html GNU Affero General Public License Version 3 (AGPL3) - */ - -namespace Ushahidi\Core\Traits\Permissions; - -use Ushahidi\Core\Entity; - -trait DataExport -{ - // Permissionable Interface - public function getPermission() - { - return 'Bulk Data Export'; - } -} diff --git a/src/Core/Traits/Permissions/DataImport.php b/src/Core/Traits/Permissions/DataImport.php deleted file mode 100644 index fb88887d2e..0000000000 --- a/src/Core/Traits/Permissions/DataImport.php +++ /dev/null @@ -1,25 +0,0 @@ - - * @package Ushahidi\Application - * @copyright 2014 Ushahidi - * @license https://www.gnu.org/licenses/agpl-3.0.html GNU Affero General Public License Version 3 (AGPL3) - */ - -namespace Ushahidi\Core\Traits\Permissions; - -use Ushahidi\Core\Entity; - -trait DataImport -{ - // Permissionable Interface - public function getPermission() - { - return 'Bulk Data Import'; - } -} diff --git a/src/Core/Traits/Permissions/ManagePosts.php b/src/Core/Traits/Permissions/ManagePosts.php deleted file mode 100644 index 7f3231b95a..0000000000 --- a/src/Core/Traits/Permissions/ManagePosts.php +++ /dev/null @@ -1,25 +0,0 @@ - - * @package Ushahidi\Application - * @copyright 2014 Ushahidi - * @license https://www.gnu.org/licenses/agpl-3.0.html GNU Affero General Public License Version 3 (AGPL3) - */ - -namespace Ushahidi\Core\Traits\Permissions; - -use Ushahidi\Core\Entity; - -trait ManagePosts -{ - // Permissionable Interface - public function getPermission() - { - return 'Manage Posts'; - } -} diff --git a/src/Core/Traits/Permissions/ManageSettings.php b/src/Core/Traits/Permissions/ManageSettings.php deleted file mode 100644 index b1c44f1537..0000000000 --- a/src/Core/Traits/Permissions/ManageSettings.php +++ /dev/null @@ -1,25 +0,0 @@ - - * @package Ushahidi\Application - * @copyright 2014 Ushahidi - * @license https://www.gnu.org/licenses/agpl-3.0.html GNU Affero General Public License Version 3 (AGPL3) - */ - -namespace Ushahidi\Core\Traits\Permissions; - -use Ushahidi\Core\Entity; - -trait ManageSettings -{ - // Permissionable Interface - public function getPermission() - { - return 'Manage Settings'; - } -} diff --git a/src/Core/Traits/Permissions/ManageUsers.php b/src/Core/Traits/Permissions/ManageUsers.php deleted file mode 100644 index 31e4f452a5..0000000000 --- a/src/Core/Traits/Permissions/ManageUsers.php +++ /dev/null @@ -1,25 +0,0 @@ - - * @package Ushahidi\Application - * @copyright 2014 Ushahidi - * @license https://www.gnu.org/licenses/agpl-3.0.html GNU Affero General Public License Version 3 (AGPL3) - */ - -namespace Ushahidi\Core\Traits\Permissions; - -use Ushahidi\Core\Entity; - -trait ManageUsers -{ - // Acl Interface - public function getPermission() - { - return 'Manage Users'; - } -} diff --git a/src/Core/Traits/PostValueRestrictions.php b/src/Core/Traits/PostValueRestrictions.php index 8d392a466a..4a90deaad1 100644 --- a/src/Core/Traits/PostValueRestrictions.php +++ b/src/Core/Traits/PostValueRestrictions.php @@ -15,12 +15,11 @@ use Ushahidi\Core\Entity\User; use Ushahidi\Core\Entity\Post; +use Ushahidi\Core\Entity\Permission; use Ushahidi\Core\Entity\FormRepository; trait PostValueRestrictions { - - public function canUserSeeAuthor(Post $post, FormRepository $form_repo, $user) { @@ -35,7 +34,6 @@ public function canUserSeeAuthor(Post $post, FormRepository $form_repo, $user) return true; } - /** * Test whether the post instance requires value restriction * @param Post $post @@ -49,6 +47,6 @@ public function canUserReadPostsValues(Post $post, $user) /* FormRole */ protected function canUserEditForm($form_id, $user) { - return $this->isUserAdmin($user) || $this->hasPermission($user, $this->getPermission()); + return $this->isUserAdmin($user) || $this->hasPermission($user, Permission::MANAGE_POSTS); } }