Merge pull request #6874 from getkirby/v5/feature/access-permissions-1

Access permissions 1: Refactor access to roles
getkirby · Dec 19, 2024 · ab347fa · ab347fa
2 parents 9a27714 + 44735ca
commit ab347fa
Show file tree

Hide file tree

Showing 7 changed files with 124 additions and 52 deletions.
diff --git a/config/areas/languages/views.php b/config/areas/languages/views.php
@@ -22,7 +22,7 @@
 
 			// TODO: update following line and adapt for update and
 			// delete options when `languageVariables.*` permissions available
-			$canUpdate = $kirby->user()?->role()->permissions()->for('languages', 'update') === true;
+			$canUpdate = $kirby->role()?->permissions()->for('languages', 'update') === true;
 
 			ksort($foundation);
 

diff --git a/src/Cms/App.php b/src/Cms/App.php
@@ -1331,14 +1331,6 @@ public function response(): Responder
 		return $this->response ??= new Responder();
 	}
 
-	/**
-	 * Returns all user roles
-	 */
-	public function roles(): Roles
-	{
-		return $this->roles ??= Roles::load($this->root('roles'));
-	}
-
 	/**
 	 * Returns a system root
 	 */

diff --git a/src/Cms/AppUsers.php b/src/Cms/AppUsers.php
@@ -67,6 +67,33 @@ public function impersonate(
 		}
 	}
 
+	/**
+	 * Returns all user roles
+	 */
+	public function roles(): Roles
+	{
+		return $this->roles ??= Roles::load($this->root('roles'));
+	}
+
+	/**
+	 * Returns a specific user role by id
+	 * or the role of the current user if no id is given
+	 *
+	 * @param bool $allowImpersonation If set to false, only the role of the
+	 *                                 actually logged in user will be returned
+	 *                                 (when `$id` is passed as `null`)
+	 */
+	public function role(
+		string|null $id = null,
+		bool $allowImpersonation = true
+	): Role|null {
+		if ($id !== null) {
+			return $this->roles()->find($id);
+		}
+
+		return $this->user(null, $allowImpersonation)?->role();
+	}
+
 	/**
 	 * Set the currently active user id
 	 *

diff --git a/src/Cms/File.php b/src/Cms/File.php
@@ -319,7 +319,7 @@ public function isAccessible(): bool
 		}
 
 		static $accessible   = [];
-		$role                = $this->kirby()->user()?->role()->id() ?? '__none__';
+		$role                = $this->kirby()->role()?->id() ?? '__none__';
 		$template            = $this->template() ?? '__none__';
 		$accessible[$role] ??= [];
 
@@ -343,7 +343,7 @@ public function isListable(): bool
 		}
 
 		static $listable   = [];
-		$role              = $this->kirby()->user()?->role()->id() ?? '__none__';
+		$role              = $this->kirby()->role()?->id() ?? '__none__';
 		$template          = $this->template() ?? '__none__';
 		$listable[$role] ??= [];
 
@@ -358,7 +358,7 @@ public function isListable(): bool
 	public function isReadable(): bool
 	{
 		static $readable   = [];
-		$role              = $this->kirby()->user()?->role()->id() ?? '__none__';
+		$role              = $this->kirby()->role()?->id() ?? '__none__';
 		$template          = $this->template() ?? '__none__';
 		$readable[$role] ??= [];
 

diff --git a/src/Cms/Page.php b/src/Cms/Page.php
@@ -523,7 +523,7 @@ public function isAccessible(): bool
 		}
 
 		static $accessible   = [];
-		$role                = $this->kirby()->user()?->role()->id() ?? '__none__';
+		$role                = $this->kirby()->role()?->id() ?? '__none__';
 		$template            = $this->intendedTemplate()->name();
 		$accessible[$role] ??= [];
 
@@ -695,7 +695,7 @@ public function isListable(): bool
 		}
 
 		static $listable   = [];
-		$role              = $this->kirby()->user()?->role()->id() ?? '__none__';
+		$role              = $this->kirby()->role()?->id() ?? '__none__';
 		$template          = $this->intendedTemplate()->name();
 		$listable[$role] ??= [];
 
@@ -753,7 +753,7 @@ public function isPublished(): bool
 	public function isReadable(): bool
 	{
 		static $readable   = [];
-		$role              = $this->kirby()->user()?->role()->id() ?? '__none__';
+		$role              = $this->kirby()->role()?->id() ?? '__none__';
 		$template          = $this->intendedTemplate()->name();
 		$readable[$role] ??= [];
 

diff --git a/tests/Cms/App/AppRolesTest.php b/tests/Cms/App/AppRolesTest.php
diff --git a/tests/Cms/App/AppUsersTest.php b/tests/Cms/App/AppUsersTest.php
@@ -110,7 +110,95 @@ public function testImpersonateErrorMissingUser()
 		$this->app->impersonate('[email protected]');
 	}
 
-	public function testLoad()
+	public function testRolesSet()
+	{
+		$app = new App([
+			'roles' => [
+				[
+					'name'  => 'editor',
+					'title' => 'Editor'
+				]
+			]
+		]);
+
+		$this->assertCount(2, $app->roles());
+		$this->assertSame('editor', $app->roles()->last()->name());
+	}
+
+	public function testRolesLoad()
+	{
+		$app = new App([
+			'roots' => [
+				'site' => static::FIXTURES
+			]
+		]);
+
+		$this->assertCount(2, $app->roles());
+		$this->assertSame('editor', $app->roles()->last()->name());
+	}
+
+	public function testRoleManual()
+	{
+		$app = new App([
+			'roles' => [
+				[
+					'name'  => 'editor',
+					'title' => 'Editor'
+				]
+			]
+		]);
+
+		$this->assertSame('editor', $app->role('editor')->name());
+		$this->assertNull($app->role('something'));
+	}
+
+	public function testRoleFromUser()
+	{
+		$app = new App([
+			'roles' => [
+				[
+					'name'  => 'editor',
+					'title' => 'Editor'
+				]
+			],
+			'users' => [
+				[
+					'email' => '[email protected]',
+					'role'  => 'editor'
+				]
+			]
+		]);
+
+		$app->auth()->setUser($app->user('[email protected]'));
+
+		$this->assertSame('editor', $app->role()->name());
+		$this->assertSame('editor', $app->role(null, false)->name());
+	}
+
+	public function testRoleFromImpersonatedUser()
+	{
+		$app = new App([
+			'roles' => [
+				[
+					'name'  => 'editor',
+					'title' => 'Editor'
+				]
+			],
+			'users' => [
+				[
+					'email' => '[email protected]',
+					'role'  => 'editor'
+				]
+			]
+		]);
+
+		$app->impersonate('[email protected]');
+
+		$this->assertSame('editor', $app->role()->name());
+		$this->assertNull($app->role(null, false));
+	}
+
+	public function testUsersLoad()
 	{
 		$app = $this->app->clone([
 			'roots' => [
@@ -122,7 +210,7 @@ public function testLoad()
 		$this->assertSame('[email protected]', $app->users()->first()->email());
 	}
 
-	public function testSet()
+	public function testUsersSet()
 	{
 		$app = $this->app->clone([
 			'users' => [