From 0e1dceac447385f0a2624b480829ba3669bf4088 Mon Sep 17 00:00:00 2001 From: Louis Charette Date: Sat, 24 Feb 2024 17:56:23 -0500 Subject: [PATCH] Add more Missing Default permissions Ref: https://github.com/userfrosting/UserFrosting/issues/1225 --- app/src/Database/Seeds/DefaultPermissions.php | 55 ++++++++++++++++++- .../Database/Seeds/DefaultPermissionsTest.php | 4 +- 2 files changed, 55 insertions(+), 4 deletions(-) diff --git a/app/src/Database/Seeds/DefaultPermissions.php b/app/src/Database/Seeds/DefaultPermissions.php index f173c67..4e4a274 100644 --- a/app/src/Database/Seeds/DefaultPermissions.php +++ b/app/src/Database/Seeds/DefaultPermissions.php @@ -56,6 +56,12 @@ protected function getPermissions(): array 'conditions' => 'always()', 'description' => 'Create a new group.', ]), + 'create_role' => new Permission([ + 'slug' => 'create_role', + 'name' => 'Create role', + 'conditions' => 'always()', + 'description' => 'Create a new role.', + ]), 'create_user' => new Permission([ 'slug' => 'create_user', 'name' => 'Create user', @@ -80,6 +86,12 @@ protected function getPermissions(): array 'conditions' => "!has_role(user.id,{$defaultRoleIds['site-admin']}) && !is_master(user.id)", 'description' => 'Delete users who are not Site Administrators.', ]), + 'delete_role' => new Permission([ + 'slug' => 'delete_role', + 'name' => 'Delete role', + 'conditions' => 'always()', + 'description' => 'Delete a role.', + ]), 'update_account_settings' => new Permission([ 'slug' => 'update_account_settings', 'name' => 'Edit user', @@ -104,6 +116,18 @@ protected function getPermissions(): array 'conditions' => "equals_num(self.group_id,user.group_id) && !is_master(user.id) && !has_role(user.id,{$defaultRoleIds['site-admin']}) && (!has_role(user.id,{$defaultRoleIds['group-admin']}) || equals_num(self.id,user.id)) && subset(fields,['name','email','locale','flag_enabled','flag_verified','password'])", 'description' => 'Edit users in your own group who are not Site or Group Administrators, except yourself.', ]), + 'update_user_field_role' => new Permission([ + 'slug' => 'update_user_field', + 'name' => "Edit user's role", + 'conditions' => "subset(fields,['roles'])", + 'description' => "Edit user's roles.", + ]), + 'update_role_field' => new Permission([ + 'slug' => 'update_role_field', + 'name' => 'Edit role', + 'conditions' => "subset(fields,['name','slug','description','permissions'])", + 'description' => 'Edit basic properties of any role.', + ]), 'uri_account_settings' => new Permission([ 'slug' => 'uri_account_settings', 'name' => 'Account settings page', @@ -191,7 +215,7 @@ protected function getPermissions(): array 'view_role_field' => new Permission([ 'slug' => 'view_role_field', 'name' => 'View role', - 'conditions' => "in(property,['name','slug','description','permissions'])", + 'conditions' => "in(property,['name','slug','description','permissions', 'users'])", 'description' => 'View certain properties of any role.', ]), 'view_user_field' => new Permission([ @@ -200,12 +224,30 @@ protected function getPermissions(): array 'conditions' => "in(property,['user_name','name','email','locale','theme','roles','group','activities'])", 'description' => 'View certain properties of any user.', ]), + 'view_user_field_permissions' => new Permission([ + 'slug' => 'view_user_field', + 'name' => "View user's permissions", + 'conditions' => "in(property,['permissions'])", + 'description' => 'View permissions of any user.', + ]), 'view_user_field_group' => new Permission([ 'slug' => 'view_user_field', 'name' => 'View user', 'conditions' => "equals_num(self.group_id,user.group_id) && !is_master(user.id) && !has_role(user.id,{$defaultRoleIds['site-admin']}) && (!has_role(user.id,{$defaultRoleIds['group-admin']}) || equals_num(self.id,user.id)) && in(property,['user_name','name','email','locale','roles','group','activities'])", 'description' => 'View certain properties of any user in your own group, except the master user and Site and Group Administrators (except yourself).', ]), + 'view_system_info' => new Permission([ + 'slug' => 'view_system_info', + 'name' => 'View system info', + 'conditions' => 'always()', + 'description' => 'View the system information in the administrative dashboard.', + ]), + 'clear_cache' => new Permission([ + 'slug' => 'clear_cache', + 'name' => 'Clear system cache', + 'conditions' => 'always()', + 'description' => 'Clear the system cache from the administrative dashboard.', + ]), ]; } @@ -258,17 +300,26 @@ protected function syncPermissionsRole(array $permissions): void $permissions['create_group']->id, $permissions['create_user']->id, $permissions['create_user_field']->id, + $permissions['create_role']->id, $permissions['delete_group']->id, + $permissions['delete_role']->id, $permissions['delete_user']->id, - $permissions['update_user_field']->id, $permissions['update_group_field']->id, + $permissions['update_role_field']->id, + $permissions['update_user_field']->id, + $permissions['update_user_field_role']->id, $permissions['uri_activities']->id, $permissions['uri_group']->id, $permissions['uri_groups']->id, + $permissions['uri_permissions']->id, + $permissions['uri_roles']->id, + $permissions['uri_role']->id, $permissions['uri_user']->id, $permissions['uri_users']->id, $permissions['view_group_field']->id, + $permissions['view_role_field']->id, $permissions['view_user_field']->id, + $permissions['view_user_field_permissions']->id, ]); } diff --git a/app/tests/Database/Seeds/DefaultPermissionsTest.php b/app/tests/Database/Seeds/DefaultPermissionsTest.php index db38119..1779908 100644 --- a/app/tests/Database/Seeds/DefaultPermissionsTest.php +++ b/app/tests/Database/Seeds/DefaultPermissionsTest.php @@ -40,10 +40,10 @@ public function testSeed(): void $seed->run(); // Assert new table state - $this->assertCount(26, Permission::all()); + $this->assertCount(33, Permission::all()); // Test running again $seed->run(); - $this->assertCount(26, Permission::all()); + $this->assertCount(33, Permission::all()); } }