Skip to content

Commit

Permalink
Add more Missing Default permissions
Browse files Browse the repository at this point in the history 
Ref: userfrosting/UserFrosting#1225
  • Loading branch information
@lcharette
lcharette committed Feb 24, 2024
1 parent d9e51c3 commit 0e1dcea
Show file tree
Hide file tree
Showing 2 changed files with 55 additions and 4 deletions.
55 changes: 53 additions & 2 deletions app/src/Database/Seeds/DefaultPermissions.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,12 @@ protected function getPermissions(): array
'conditions' => 'always()',
'description' => 'Create a new group.',
]),
'create_role' => new Permission([
'slug' => 'create_role',
'name' => 'Create role',
'conditions' => 'always()',
'description' => 'Create a new role.',
]),
'create_user' => new Permission([
'slug' => 'create_user',
'name' => 'Create user',
Expand All @@ -80,6 +86,12 @@ protected function getPermissions(): array
'conditions' => "!has_role(user.id,{$defaultRoleIds['site-admin']}) && !is_master(user.id)",
'description' => 'Delete users who are not Site Administrators.',
]),
'delete_role' => new Permission([
'slug' => 'delete_role',
'name' => 'Delete role',
'conditions' => 'always()',
'description' => 'Delete a role.',
]),
'update_account_settings' => new Permission([
'slug' => 'update_account_settings',
'name' => 'Edit user',
Expand All @@ -104,6 +116,18 @@ protected function getPermissions(): array
'conditions' => "equals_num(self.group_id,user.group_id) && !is_master(user.id) && !has_role(user.id,{$defaultRoleIds['site-admin']}) && (!has_role(user.id,{$defaultRoleIds['group-admin']}) || equals_num(self.id,user.id)) && subset(fields,['name','email','locale','flag_enabled','flag_verified','password'])",
'description' => 'Edit users in your own group who are not Site or Group Administrators, except yourself.',
]),
'update_user_field_role' => new Permission([
'slug' => 'update_user_field',
'name' => "Edit user's role",
'conditions' => "subset(fields,['roles'])",
'description' => "Edit user's roles.",
]),
'update_role_field' => new Permission([
'slug' => 'update_role_field',
'name' => 'Edit role',
'conditions' => "subset(fields,['name','slug','description','permissions'])",
'description' => 'Edit basic properties of any role.',
]),
'uri_account_settings' => new Permission([
'slug' => 'uri_account_settings',
'name' => 'Account settings page',
Expand Down Expand Up @@ -191,7 +215,7 @@ protected function getPermissions(): array
'view_role_field' => new Permission([
'slug' => 'view_role_field',
'name' => 'View role',
'conditions' => "in(property,['name','slug','description','permissions'])",
'conditions' => "in(property,['name','slug','description','permissions', 'users'])",
'description' => 'View certain properties of any role.',
]),
'view_user_field' => new Permission([
Expand All @@ -200,12 +224,30 @@ protected function getPermissions(): array
'conditions' => "in(property,['user_name','name','email','locale','theme','roles','group','activities'])",
'description' => 'View certain properties of any user.',
]),
'view_user_field_permissions' => new Permission([
'slug' => 'view_user_field',
'name' => "View user's permissions",
'conditions' => "in(property,['permissions'])",
'description' => 'View permissions of any user.',
]),
'view_user_field_group' => new Permission([
'slug' => 'view_user_field',
'name' => 'View user',
'conditions' => "equals_num(self.group_id,user.group_id) && !is_master(user.id) && !has_role(user.id,{$defaultRoleIds['site-admin']}) && (!has_role(user.id,{$defaultRoleIds['group-admin']}) || equals_num(self.id,user.id)) && in(property,['user_name','name','email','locale','roles','group','activities'])",
'description' => 'View certain properties of any user in your own group, except the master user and Site and Group Administrators (except yourself).',
]),
'view_system_info' => new Permission([
'slug' => 'view_system_info',
'name' => 'View system info',
'conditions' => 'always()',
'description' => 'View the system information in the administrative dashboard.',
]),
'clear_cache' => new Permission([
'slug' => 'clear_cache',
'name' => 'Clear system cache',
'conditions' => 'always()',
'description' => 'Clear the system cache from the administrative dashboard.',
]),
];
}

Expand Down Expand Up @@ -258,17 +300,26 @@ protected function syncPermissionsRole(array $permissions): void
$permissions['create_group']->id,
$permissions['create_user']->id,
$permissions['create_user_field']->id,
$permissions['create_role']->id,
$permissions['delete_group']->id,
$permissions['delete_role']->id,
$permissions['delete_user']->id,
$permissions['update_user_field']->id,
$permissions['update_group_field']->id,
$permissions['update_role_field']->id,
$permissions['update_user_field']->id,
$permissions['update_user_field_role']->id,
$permissions['uri_activities']->id,
$permissions['uri_group']->id,
$permissions['uri_groups']->id,
$permissions['uri_permissions']->id,
$permissions['uri_roles']->id,
$permissions['uri_role']->id,
$permissions['uri_user']->id,
$permissions['uri_users']->id,
$permissions['view_group_field']->id,
$permissions['view_role_field']->id,
$permissions['view_user_field']->id,
$permissions['view_user_field_permissions']->id,
]);
}

Expand Down
4 changes: 2 additions & 2 deletions app/tests/Database/Seeds/DefaultPermissionsTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,10 +40,10 @@ public function testSeed(): void
$seed->run();

// Assert new table state
$this->assertCount(26, Permission::all());
$this->assertCount(33, Permission::all());

// Test running again
$seed->run();
$this->assertCount(26, Permission::all());
$this->assertCount(33, Permission::all());
}
}

0 comments on commit 0e1dcea

Please sign in to comment.