mirror of
https://github.com/silverstripe/silverstripe-contentreview
synced 2024-09-28 20:29:04 +02:00
Content Review permission logic
With the new `canReviewContent()` permission checker we only need to check the permission is set for the user and `canBeReviewedBy()` will always check if the page object is due for review by its owner. Thus removed redundant logic in `canUseReviewContent()` and accordingly renamed the class filename for additional context.
This commit is contained in:
parent
beacd13b19
commit
04ddb6b206
@ -6,7 +6,7 @@ use SilverStripe\Admin\LeftAndMain;
|
|||||||
use SilverStripe\Admin\LeftAndMainExtension;
|
use SilverStripe\Admin\LeftAndMainExtension;
|
||||||
use SilverStripe\CMS\Model\SiteTree;
|
use SilverStripe\CMS\Model\SiteTree;
|
||||||
use SilverStripe\ContentReview\Forms\ReviewContentHandler;
|
use SilverStripe\ContentReview\Forms\ReviewContentHandler;
|
||||||
use SilverStripe\ContentReview\Traits\ReviewPermission;
|
use SilverStripe\ContentReview\Traits\PermissionChecker;
|
||||||
use SilverStripe\Control\HTTPRequest;
|
use SilverStripe\Control\HTTPRequest;
|
||||||
use SilverStripe\Control\HTTPResponse;
|
use SilverStripe\Control\HTTPResponse;
|
||||||
use SilverStripe\Control\HTTPResponse_Exception;
|
use SilverStripe\Control\HTTPResponse_Exception;
|
||||||
@ -20,7 +20,7 @@ use SilverStripe\Security\Security;
|
|||||||
*/
|
*/
|
||||||
class ContentReviewCMSExtension extends LeftAndMainExtension
|
class ContentReviewCMSExtension extends LeftAndMainExtension
|
||||||
{
|
{
|
||||||
use ReviewPermission;
|
use PermissionChecker;
|
||||||
|
|
||||||
private static $allowed_actions = [
|
private static $allowed_actions = [
|
||||||
'ReviewContentForm',
|
'ReviewContentForm',
|
||||||
@ -50,7 +50,7 @@ class ContentReviewCMSExtension extends LeftAndMainExtension
|
|||||||
{
|
{
|
||||||
$page = $this->findRecord(['ID' => $id]);
|
$page = $this->findRecord(['ID' => $id]);
|
||||||
$user = Security::getCurrentUser();
|
$user = Security::getCurrentUser();
|
||||||
if (!$this->canUseReviewContent($page, $user)) {
|
if (!$this->isContentReviewable($page, $user)) {
|
||||||
$this->owner->httpError(403, _t(
|
$this->owner->httpError(403, _t(
|
||||||
__CLASS__.'.ErrorItemPermissionDenied',
|
__CLASS__.'.ErrorItemPermissionDenied',
|
||||||
'It seems you don\'t have the necessary permissions to review this content'
|
'It seems you don\'t have the necessary permissions to review this content'
|
||||||
|
@ -512,11 +512,11 @@ class SiteTreeContentReview extends DataExtension implements PermissionProvider
|
|||||||
*/
|
*/
|
||||||
public function canBeReviewedBy(Member $member = null)
|
public function canBeReviewedBy(Member $member = null)
|
||||||
{
|
{
|
||||||
if (!$this->owner->obj("NextReviewDate")->exists()) {
|
if (!$this->owner->obj('NextReviewDate')->exists()) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($this->owner->obj("NextReviewDate")->InFuture()) {
|
if ($this->owner->obj('NextReviewDate')->InFuture()) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -542,7 +542,7 @@ class SiteTreeContentReview extends DataExtension implements PermissionProvider
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Whether or not a user is allowed to review the content of the page.
|
// Check whether this user is allowed to review the content of the page.
|
||||||
if ($this->owner->hasMethod("canReviewContent") && !$this->owner->canReviewContent($member)) {
|
if ($this->owner->hasMethod("canReviewContent") && !$this->owner->canReviewContent($member)) {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
namespace SilverStripe\ContentReview\Forms;
|
namespace SilverStripe\ContentReview\Forms;
|
||||||
|
|
||||||
use SilverStripe\ContentReview\Extensions\SiteTreeContentReview;
|
use SilverStripe\ContentReview\Extensions\SiteTreeContentReview;
|
||||||
use SilverStripe\ContentReview\Traits\ReviewPermission;
|
use SilverStripe\ContentReview\Traits\PermissionChecker;
|
||||||
use SilverStripe\Control\Controller;
|
use SilverStripe\Control\Controller;
|
||||||
use SilverStripe\Control\Director;
|
use SilverStripe\Control\Director;
|
||||||
use SilverStripe\Control\HTTPResponse;
|
use SilverStripe\Control\HTTPResponse;
|
||||||
@ -20,7 +20,7 @@ use SilverStripe\Security\Security;
|
|||||||
class ReviewContentHandler
|
class ReviewContentHandler
|
||||||
{
|
{
|
||||||
use Injectable;
|
use Injectable;
|
||||||
use ReviewPermission;
|
use PermissionChecker;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Parent controller for this form
|
* Parent controller for this form
|
||||||
@ -127,6 +127,6 @@ class ReviewContentHandler
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
return $this->canUseReviewContent($record, Security::getCurrentUser());
|
return $this->isContentReviewable($record, Security::getCurrentUser());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
22
src/Traits/PermissionChecker.php
Normal file
22
src/Traits/PermissionChecker.php
Normal file
@ -0,0 +1,22 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
namespace SilverStripe\ContentReview\Traits;
|
||||||
|
|
||||||
|
use SilverStripe\CMS\Model\SiteTree;
|
||||||
|
use SilverStripe\ORM\DataObject;
|
||||||
|
use SilverStripe\Security\Member;
|
||||||
|
use SilverStripe\Security\Security;
|
||||||
|
|
||||||
|
trait PermissionChecker
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* Checks the user has been granted special permission to review the content of the page
|
||||||
|
* if not fallback to canEdit() permission.
|
||||||
|
*/
|
||||||
|
protected function isContentReviewable(DataObject $record, ?Member $user = null): bool
|
||||||
|
{
|
||||||
|
return $record->hasMethod('canReviewContent')
|
||||||
|
? $record->canReviewContent($user)
|
||||||
|
: $record->canEdit();
|
||||||
|
}
|
||||||
|
}
|
@ -1,27 +0,0 @@
|
|||||||
<?php
|
|
||||||
|
|
||||||
namespace SilverStripe\ContentReview\Traits;
|
|
||||||
|
|
||||||
use SilverStripe\CMS\Model\SiteTree;
|
|
||||||
use SilverStripe\ORM\DataObject;
|
|
||||||
use SilverStripe\Security\Member;
|
|
||||||
use SilverStripe\Security\Security;
|
|
||||||
|
|
||||||
trait ReviewPermission
|
|
||||||
{
|
|
||||||
/**
|
|
||||||
* Whether or not a user is allowed use content review
|
|
||||||
*/
|
|
||||||
protected function canUseReviewContent(DataObject $record, ?Member $user = null): bool
|
|
||||||
{
|
|
||||||
// Whether or not the user is a reviewer. User must be allowed to view the page
|
|
||||||
$isReviewer = $record->canView($user) &&
|
|
||||||
$record->hasMethod('canBeReviewedBy') &&
|
|
||||||
$record->canBeReviewedBy($user);
|
|
||||||
// Whether or not the user is allowed to review the content of the page
|
|
||||||
// Fallback to canEdit as it the original implementation
|
|
||||||
$canEdit = $record->hasMethod('canReviewContent') ? $record->canReviewContent($user) : $record->canEdit();
|
|
||||||
|
|
||||||
return $canEdit || $isReviewer;
|
|
||||||
}
|
|
||||||
}
|
|
Loading…
Reference in New Issue
Block a user