New access and list permissions

Co-authored-by: Ahmet Bora <[email protected]>

src/Cms/Language.php

@@ -300,6 +300,14 @@ public function exists(): bool
 		return file_exists($this->root());
 	}
 
+	/**
+	 * Checks if the language is accessible to the current user
+	 */
+	public function isAccessible(): bool
+	{
+		return $this->permissions()->access();
+	}
+
 	/**
 	 * Checks if this is the default language
 	 * for the site.
@@ -335,6 +343,19 @@ public function isLast(): bool
 		return App::instance()->languages()->count() === 1;
 	}
 
+	/**
+	 * Checks if the language is listable by the current user
+	 */
+	public function isListable(): bool
+	{
+		// not accessible also means not listable
+		if ($this->isAccessible() === false) {
+			return false;
+		}
+
+		return $this->permissions()->list();
+	}
+
 	/**
 	 * Checks if this is the single language object
 	 * @internal

src/Cms/Permissions.php

@@ -41,8 +41,10 @@ class Permissions
 			'update'         => true
 		],
 		'languages' => [
+			'access' => true,
 			'create' => true,
 			'delete' => true,
+			'list'   => true,
 			'update' => true
 		],
 		'pages' => [
@@ -62,26 +64,31 @@ class Permissions
 			'update'         => true
 		],
 		'site' => [
+			'access'      => true,
 			'changeTitle' => true,
 			'update'      => true
 		],
 		'users' => [
+			'access'         => true,
 			'changeEmail'    => true,
 			'changeLanguage' => true,
 			'changeName'     => true,
 			'changePassword' => true,
 			'changeRole'     => true,
 			'create'         => true,
 			'delete'         => true,
+			'list'           => true,
 			'update'         => true
 		],
 		'user' => [
+			'access'         => true,
 			'changeEmail'    => true,
 			'changeLanguage' => true,
 			'changeName'     => true,
 			'changePassword' => true,
 			'changeRole'     => true,
 			'delete'         => true,
+			'list'           => true,
 			'update'         => true
 		]
 	];

src/Cms/Site.php

@@ -266,6 +266,14 @@ public function is($site): bool
 		return $this === $site;
 	}
 
+	/**
+	 * Checks if the site is accessible to the current user
+	 */
+	public function isAccessible(): bool
+	{
+		return $this->permissions()->access();
+	}
+
 	/**
 	 * Returns the root to the media folder for the site
 	 * @internal

src/Cms/User.php

@@ -281,6 +281,14 @@ public function is(User|null $user = null): bool
 		return $this->id() === $user->id();
 	}
 
+	/**
+	 * Checks if the user is accessible to the current user
+	 */
+	public function isAccessible(): bool
+	{
+		return $this->permissions()->access();
+	}
+
 	/**
 	 * Checks if this user has the admin role
 	 */
@@ -298,6 +306,19 @@ public function isKirby(): bool
 		return $this->isAdmin() && $this->id() === 'kirby';
 	}
 
+	/**
+	 * Checks if the user is listable by the current user
+	 */
+	public function isListable(): bool
+	{
+		// not accessible also means not listable
+		if ($this->isAccessible() === false) {
+			return false;
+		}
+
+		return $this->permissions()->list();
+	}
+
 	/**
 	 * Checks if the current user is this user
 	 */

tests/Cms/Languages/LanguagePermissionsTest.php

@@ -112,6 +112,47 @@ public function testWithNoAdmin($action)
 		$this->assertFalse($perms->can($action));
 	}
 
+	/**
+	 * @covers \Kirby\Cms\ModelPermissions::can
+	 */
+	public function testCaching()
+	{
+		$app = new App([
+			'languages' => [
+				[
+					'code' => 'en'
+				]
+			],
+			'roles' => [
+				[
+					'name' => 'editor',
+					'permissions' => [
+						'languages' => [
+							'access' => false,
+							'list'   => false
+						],
+					]
+				]
+			],
+			'roots' => [
+				'index' => '/dev/null'
+			],
+			'users' => [
+				['id' => 'bastian', 'role' => 'editor'],
+
+			]
+		]);
+
+		$app->impersonate('bastian');
+
+		$language = $app->language('en');
+
+		$this->assertFalse($language->permissions()->can('access'));
+		$this->assertFalse($language->permissions()->can('access'));
+		$this->assertFalse($language->permissions()->can('list'));
+		$this->assertFalse($language->permissions()->can('list'));
+	}
+
 	/**
 	 * @covers ::canDelete
 	 */

tests/Cms/Languages/LanguageTest.php

@@ -393,6 +393,47 @@ public function testExists()
 		$this->assertTrue($language->exists());
 	}
 
+	/**
+	 * @covers ::isAccessible
+	 */
+	public function testIsAccessible()
+	{
+		$app = new App([
+			'languages' => [
+				[
+					'code' => 'en'
+				]
+			],
+			'roots' => [
+				'index' => '/dev/null'
+			],
+			'roles' => [
+				[
+					'name' => 'editor',
+					'permissions' => [
+						'languages' => [
+							'access' => false
+						],
+					]
+				]
+			],
+			'users' => [
+				[
+					'email' => '[email protected]',
+					'role'  => 'editor'
+				]
+			],
+		]);
+
+		$language = $app->language('en');
+
+		$app->impersonate('[email protected]');
+		$this->assertFalse($language->isAccessible());
+
+		$app->impersonate('kirby');
+		$this->assertTrue($language->isAccessible());
+	}
+
 	/**
 	 * @covers ::isDefault
 	 */
@@ -426,6 +467,62 @@ public function testIsDefault()
 		$this->assertFalse($language->isDefault());
 	}
 
+	/**
+	 * @covers ::isListable
+	 */
+	public function testIsListable()
+	{
+		$app = new App([
+			'languages' => [
+				[
+					'code' => 'en'
+				]
+			],
+			'roots' => [
+				'index' => '/dev/null'
+			],
+			'roles' => [
+				[
+					'name' => 'editor-access',
+					'permissions' => [
+						'languages' => [
+							'access' => false
+						],
+					]
+				],
+				[
+					'name' => 'editor-list',
+					'permissions' => [
+						'languages' => [
+							'list' => false
+						],
+					]
+				]
+			],
+			'users' => [
+				[
+					'email' => '[email protected]',
+					'role'  => 'editor-access'
+				],
+				[
+					'email' => '[email protected]',
+					'role'  => 'editor-list'
+				]
+			],
+		]);
+
+		$language = $app->language('en');
+
+		$app->impersonate('[email protected]');
+		$this->assertFalse($language->isListable());
+
+		$app->impersonate('[email protected]');
+		$this->assertFalse($language->isListable());
+
+		$app->impersonate('kirby');
+		$this->assertTrue($language->isListable());
+	}
+
 	/**
 	 * @covers ::isSingle
 	 */

tests/Cms/Permissions/PermissionsTest.php

@@ -27,8 +27,10 @@ public static function actionsProvider(): array
 			['files', 'replace'],
 			['files', 'update'],
 
+			['languages', 'access'],
 			['languages', 'create'],
 			['languages', 'delete'],
+			['languages', 'list'],
 			['languages', 'update'],
 
 			['pages', 'access'],
@@ -46,24 +48,29 @@ public static function actionsProvider(): array
 			['pages', 'sort'],
 			['pages', 'update'],
 
+			['site', 'access'],
 			['site', 'changeTitle'],
 			['site', 'update'],
 
+			['users', 'access'],
 			['users', 'changeEmail'],
 			['users', 'changeLanguage'],
 			['users', 'changeName'],
 			['users', 'changePassword'],
 			['users', 'changeRole'],
 			['users', 'create'],
 			['users', 'delete'],
+			['users', 'list'],
 			['users', 'update'],
 
+			['user', 'access'],
 			['user', 'changeEmail'],
 			['user', 'changeLanguage'],
 			['user', 'changeName'],
 			['user', 'changePassword'],
 			['user', 'changeRole'],
 			['user', 'delete'],
+			['user', 'list'],
 			['user', 'update'],
 		];
 	}

tests/Cms/Site/SitePermissionsTest.php

@@ -9,6 +9,7 @@ class SitePermissionsTest extends TestCase
 	public static function actionProvider(): array
 	{
 		return [
+			['access'],
 			['changeTitle'],
 			['update'],
 		];
@@ -49,4 +50,37 @@ public function testWithNobody($action)
 
 		$this->assertFalse($perms->can($action));
 	}
+
+	/**
+	 * @covers \Kirby\Cms\ModelPermissions::can
+	 */
+	public function testCaching()
+	{
+		$app = new App([
+			'roles' => [
+				[
+					'name' => 'editor',
+					'permissions' => [
+						'site' => [
+							'access' => false
+						],
+					]
+				]
+			],
+			'roots' => [
+				'index' => '/dev/null'
+			],
+			'users' => [
+				['id' => 'bastian', 'role' => 'editor'],
+
+			]
+		]);
+
+		$app->impersonate('bastian');
+
+		$site = $app->site();
+
+		$this->assertFalse($site->permissions()->can('access'));
+		$this->assertFalse($site->permissions()->can('access'));
+	}
 }