Merge pull request from GHSA-g6jc-xrc3-4wwq

IBX-3821: Added new Role and MemberOf limitations
ibexa · Nov 10, 2022 · e34abb0 · e34abb0
2 parents ba3c700 + ad9fc62
commit e34abb0
Show file tree

Hide file tree

Showing 8 changed files with 194 additions and 7 deletions.
diff --git a/src/bundle/Resources/config/services.yaml b/src/bundle/Resources/config/services.yaml
@@ -36,6 +36,7 @@ imports:
     - { resource: services/user.yaml }
     - { resource: services/commands.yaml }
     - { resource: services/icons.yaml }
+    - { resource: services/role_form_mappers.yaml }
 
 services:
     _defaults:

diff --git a/src/bundle/Resources/config/services/role_form_mappers.yaml b/src/bundle/Resources/config/services/role_form_mappers.yaml
@@ -219,8 +219,26 @@ services:
             $roleService: '@ibexa.api.service.role'
             $userService: '@ibexa.api.service.user'
         calls:
-            - [setLogger, ['@?logger']]
             - [ setFormTemplate, [ '%ibexa.content_forms.limitation.multiple_selection.template%' ] ]
         tags:
             - { name: ibexa.admin_ui.limitation.mapper.form, limitationType: UserPermissions }
             - { name: ibexa.admin_ui.limitation.mapper.value, limitationType: UserPermissions }
+
+    Ibexa\AdminUi\Limitation\Mapper\MemberOfLimitationMapper:
+        parent: Ibexa\AdminUi\Limitation\Mapper\MultipleSelectionBasedMapper
+        arguments:
+            $userService: '@ibexa.api.service.user'
+            $repository: '@ibexa.api.repository'
+            $contentService: '@ibexa.api.service.content'
+            $translator: '@translator'
+        tags:
+            - { name: ibexa.admin_ui.limitation.mapper.form, limitationType: MemberOf }
+            - { name: ibexa.admin_ui.limitation.mapper.value, limitationType: MemberOf }
+
+    Ibexa\AdminUi\Limitation\Mapper\RoleLimitationMapper:
+        parent: Ibexa\AdminUi\Limitation\Mapper\MultipleSelectionBasedMapper
+        arguments:
+            $roleService: '@ibexa.api.service.role'
+        tags:
+            - { name: ibexa.admin_ui.limitation.mapper.form, limitationType: Role }
+            - { name: ibexa.admin_ui.limitation.mapper.value, limitationType: Role }
diff --git a/src/bundle/Resources/translations/ezplatform_content_forms_policies.en.xliff b/src/bundle/Resources/translations/ezplatform_content_forms_policies.en.xliff
@@ -26,6 +26,11 @@
         <target>Language</target>
         <note>key: policy.limitation.identifier.language</note>
       </trans-unit>
+      <trans-unit id="b40e3e09e55ef852a5d9e1592e9c895715b1313c" resname="policy.limitation.identifier.memberof">
+        <source>MemberOf</source>
+        <target>MemberOf</target>
+        <note>key: policy.limitation.identifier.memberof</note>
+      </trans-unit>
       <trans-unit id="ab9163a435d32610a7a1af8df07ab38eebc4c7c6" resname="policy.limitation.identifier.newsection">
         <source>New Section</source>
         <target>New Section</target>
@@ -71,6 +76,11 @@
         <target>PersonalizationAccess</target>
         <note>key: policy.limitation.identifier.personalizationaccess</note>
       </trans-unit>
+      <trans-unit id="9f2e53e094725bbc243ad777547724ab923a31d1" resname="policy.limitation.identifier.role">
+        <source>Role</source>
+        <target>Role</target>
+        <note>key: policy.limitation.identifier.role</note>
+      </trans-unit>
       <trans-unit id="af73694f5c5e5868af7948fb04f0d6bfe7ee6ad4" resname="policy.limitation.identifier.producttype">
         <source>ProductType</source>
         <target>ProductType</target>

diff --git a/src/bundle/Resources/translations/ezplatform_content_forms_role.en.xliff b/src/bundle/Resources/translations/ezplatform_content_forms_role.en.xliff
@@ -11,6 +11,11 @@
         <target state="new">Self</target>
         <note>key: policy.limitation.group.self</note>
       </trans-unit>
+      <trans-unit id="e797dbd775ecc5788f41ceeb960b70a9d7a116ca" resname="policy.limitation.member_of.self_user_group">
+        <source>Self</source>
+        <target state="new">Self</target>
+        <note>key: policy.limitation.member_of.self_user_group</note>
+      </trans-unit>
       <trans-unit id="cc7c597ffa43ef724b881b127a4124fd35c8c6f6" resname="policy.limitation.owner.self">
         <source>Self</source>
         <target state="new">Self</target>

diff --git a/src/bundle/Resources/views/themes/admin/limitation/limitation_values.html.twig b/src/bundle/Resources/views/themes/admin/limitation/limitation_values.html.twig
@@ -141,3 +141,15 @@
         {% endfor %}
     {% endapply %}
 {% endblock %}
+
+{% block ez_limitation_memberof_value %}
+    {% apply spaceless %}
+        {{ values|join(', ') }}
+    {% endapply %}
+{% endblock %}
+
+{% block ez_limitation_role_value %}
+    {% apply spaceless %}
+        {{ values|join(', ') }}
+    {% endapply %}
+{% endblock %}
diff --git a/src/lib/Limitation/Mapper/MemberOfLimitationMapper.php b/src/lib/Limitation/Mapper/MemberOfLimitationMapper.php
@@ -0,0 +1,100 @@
+<?php
+
+/**
+ * @copyright Copyright (C) Ibexa AS. All rights reserved.
+ * @license For full copyright and license information view LICENSE file distributed with this source code.
+ */
+declare(strict_types=1);
+
+namespace Ibexa\AdminUi\Limitation\Mapper;
+
+use Ibexa\AdminUi\Limitation\LimitationValueMapperInterface;
+use Ibexa\Contracts\Core\Repository\ContentService;
+use Ibexa\Contracts\Core\Repository\Repository;
+use Ibexa\Contracts\Core\Repository\UserService;
+use Ibexa\Contracts\Core\Repository\Values\Content\Query\Criterion\ContentTypeIdentifier;
+use Ibexa\Contracts\Core\Repository\Values\Content\Query\SortClause\ContentName;
+use Ibexa\Contracts\Core\Repository\Values\Filter\Filter;
+use Ibexa\Contracts\Core\Repository\Values\User\Limitation;
+use Ibexa\Core\Limitation\MemberOfLimitationType;
+use Symfony\Contracts\Translation\TranslatorInterface;
+
+final class MemberOfLimitationMapper extends MultipleSelectionBasedMapper implements LimitationValueMapperInterface
+{
+    private UserService $userService;
+
+    private Repository $repository;
+
+    private ContentService $contentService;
+
+    private TranslatorInterface $translator;
+
+    public function __construct(
+        UserService $userService,
+        Repository $repository,
+        ContentService $contentService,
+        TranslatorInterface $translator
+    ) {
+        $this->userService = $userService;
+        $this->repository = $repository;
+        $this->contentService = $contentService;
+        $this->translator = $translator;
+    }
+
+    protected function getSelectionChoices(): array
+    {
+        $userGroups = $this->loadUserGroups();
+        $choices = [];
+        $choices[MemberOfLimitationType::SELF_USER_GROUP] = $this->getSelfUserGroupLabel();
+
+        foreach ($userGroups as $userGroup) {
+            $choices[$userGroup->id] = $userGroup->getName();
+        }
+
+        return $choices;
+    }
+
+    public function mapLimitationValue(Limitation $limitation): array
+    {
+        $values = [];
+        foreach ($limitation->limitationValues as $groupId) {
+            if ((int)$groupId === MemberOfLimitationType::SELF_USER_GROUP) {
+                $values[] = $this->getSelfUserGroupLabel();
+                continue;
+            }
+            $values[] = $this->userService->loadUserGroup((int)$groupId)->getName();
+        }
+
+        return $values;
+    }
+
+    /**
+     * @return \Ibexa\Contracts\Core\Repository\Values\User\UserGroup[]
+     */
+    private function loadUserGroups(): array
+    {
+        return $this->repository->sudo(function () {
+            $filter = new Filter();
+            $filter->withCriterion(new ContentTypeIdentifier('user_group'));
+            $filter->withSortClause(new ContentName());
+            $results = $this->contentService->find($filter);
+
+            $groups = [];
+            foreach ($results as $result) {
+                $groups[] = $this->userService->loadUserGroup($result->id);
+            }
+
+            return $groups;
+        });
+    }
+
+    private function getSelfUserGroupLabel(): string
+    {
+        return $this->translator->trans(
+            /** @Desc("Self") */
+            'policy.limitation.member_of.self_user_group',
+            [],
+            'ezplatform_content_forms_role'
+        );
+    }
+}
diff --git a/src/lib/Limitation/Mapper/RoleLimitationMapper.php b/src/lib/Limitation/Mapper/RoleLimitationMapper.php
@@ -0,0 +1,45 @@
+<?php
+
+/**
+ * @copyright Copyright (C) Ibexa AS. All rights reserved.
+ * @license For full copyright and license information view LICENSE file distributed with this source code.
+ */
+declare(strict_types=1);
+
+namespace Ibexa\AdminUi\Limitation\Mapper;
+
+use Ibexa\AdminUi\Limitation\LimitationValueMapperInterface;
+use Ibexa\Contracts\Core\Repository\RoleService;
+use Ibexa\Contracts\Core\Repository\Values\User\Limitation;
+
+final class RoleLimitationMapper extends MultipleSelectionBasedMapper implements LimitationValueMapperInterface
+{
+    private RoleService $roleService;
+
+    public function __construct(
+        RoleService $roleService
+    ) {
+        $this->roleService = $roleService;
+    }
+
+    protected function getSelectionChoices(): array
+    {
+        $choices = [];
+        foreach ($this->roleService->loadRoles() as $role) {
+            $choices[$role->id] = $role->identifier;
+        }
+
+        return $choices;
+    }
+
+    public function mapLimitationValue(Limitation $limitation): array
+    {
+        $values = [];
+
+        foreach ($limitation->limitationValues as $roleId) {
+            $values[] = $this->roleService->loadRole((int)$roleId)->identifier;
+        }
+
+        return $values;
+    }
+}
diff --git a/src/lib/Limitation/Mapper/UserPermissionsLimitationMapper.php b/src/lib/Limitation/Mapper/UserPermissionsLimitationMapper.php
@@ -4,6 +4,8 @@
  * @copyright Copyright (C) Ibexa AS. All rights reserved.
  * @license For full copyright and license information view LICENSE file distributed with this source code.
  */
+declare(strict_types=1);
+
 namespace Ibexa\AdminUi\Limitation\Mapper;
 
 use Ibexa\AdminUi\Limitation\LimitationFormMapperInterface;
@@ -15,17 +17,13 @@
 use Ibexa\Contracts\Core\Repository\UserService;
 use Ibexa\Contracts\Core\Repository\Values\User\Limitation;
 use Ibexa\User\Form\ChoiceList\Loader\UserGroupsChoiceLoader;
-use Psr\Log\LoggerAwareTrait;
-use Psr\Log\NullLogger;
 use Symfony\Component\Form\ChoiceList\Loader\CallbackChoiceLoader;
 use Symfony\Component\Form\Extension\Core\Type\ChoiceType;
 use Symfony\Component\Form\Extension\Core\Type\FormType;
 use Symfony\Component\Form\FormInterface;
 
 final class UserPermissionsLimitationMapper implements LimitationValueMapperInterface, LimitationFormMapperInterface
 {
-    use LoggerAwareTrait;
-
     private RoleService $roleService;
 
     private UserService $userService;
@@ -42,7 +40,6 @@ public function __construct(
         RoleService $roleService,
         UserService $userService
     ) {
-        $this->logger = new NullLogger();
         $this->roleService = $roleService;
         $this->userService = $userService;
         $this->repository = $repository;
@@ -100,7 +97,6 @@ function () {
             'multiple' => true,
             'required' => false,
         ]);
-
         $form->add($sub);
     }