Add role policies

Author: lhassanbouhou-acx

components/MenuManagerBundle/src/bundle/Controller/AdminController.php

@@ -15,7 +15,9 @@
 use Doctrine\ORM\EntityManagerInterface;
 use Ibexa\Contracts\AdminUi\Controller\Controller;
 use Ibexa\Contracts\AdminUi\Notification\NotificationHandlerInterface;
+use Ibexa\Contracts\Core\Repository\PermissionResolver;
 use Ibexa\Contracts\Core\SiteAccess\ConfigResolverInterface;
+use Ibexa\Core\Base\Exceptions\UnauthorizedException;
 use Novactive\EzMenuManager\Form\Type\MenuDeleteType;
 use Novactive\EzMenuManager\Form\Type\MenuSearchType;
 use Novactive\EzMenuManager\Form\Type\MenuType;
@@ -45,20 +47,24 @@ class AdminController extends Controller
     protected NotificationHandlerInterface $notificationHandler;
     protected EntityManagerInterface $em;
     protected ConfigResolverInterface $configResolver;
+    protected PermissionResolver $permissionResolver;
 
     /**
      * AdminController constructor.
      */
     public function __construct(
-        TranslatorInterface $translator,
+        TranslatorInterface          $translator,
         NotificationHandlerInterface $notificationHandler,
-        EntityManagerInterface $em,
-        ConfigResolverInterface $configResolver
-    ) {
+        EntityManagerInterface       $em,
+        ConfigResolverInterface      $configResolver,
+        PermissionResolver           $permissionResolver
+    )
+    {
         $this->translator = $translator;
         $this->notificationHandler = $notificationHandler;
         $this->em = $em;
         $this->configResolver = $configResolver;
+        $this->permissionResolver = $permissionResolver;
     }
 
     /**
@@ -72,6 +78,9 @@ public function __construct(
      */
     public function listAction(Request $request, $page = 1)
     {
+        if (!$this->permissionResolver->hasAccess('menu_manager', 'list')) {
+            throw new UnauthorizedException('menu_manager', 'list', []);
+        }
         $queryBuilder = $this->em->createQueryBuilder()
                            ->select('m')
                            ->from(Menu::class, 'm')
@@ -142,6 +151,9 @@ protected function getMenusIds($menus)
      */
     public function newAction(Request $request)
     {
+        if (!$this->permissionResolver->hasAccess('menu_manager', 'new')) {
+            throw new UnauthorizedException('menu_manager', 'new', []);
+        }
         $menu = new Menu();
         $menu->setRootLocationId(
             $this->configResolver->getParameter('content.tree_root.location_id')
@@ -157,6 +169,10 @@ public function newAction(Request $request)
      */
     public function editAction(Request $request, Menu $menu)
     {
+        if (!$this->permissionResolver->hasAccess('menu_manager', 'edit')) {
+            throw new UnauthorizedException('menu_manager', 'edit', []);
+        }
+
         $form = $this->createForm(MenuType::class, $menu);
         $form->handleRequest($request);
         if ($form->isSubmitted() && $form->isValid()) {
@@ -187,6 +203,9 @@ public function editAction(Request $request, Menu $menu)
      */
     public function deleteAction(Request $request)
     {
+        if (!$this->permissionResolver->hasAccess('menu_manager', 'delete')) {
+            throw new UnauthorizedException('menu_manager', 'delete', []);
+        }
         $form = $this->createForm(MenuDeleteType::class);
         $form->handleRequest($request);
 

components/MenuManagerBundle/src/bundle/Controller/ViewController.php

@@ -13,6 +13,9 @@
 namespace Novactive\EzMenuManagerBundle\Controller;
 
 use Ibexa\Contracts\AdminUi\Controller\Controller;
+use Ibexa\Contracts\Core\Repository\PermissionResolver;
+use Ibexa\Contracts\ProductCatalog\PermissionResolverInterface;
+use Ibexa\Core\Base\Exceptions\UnauthorizedException;
 use Novactive\EzMenuManager\Service\MenuBuilder;
 use Novactive\EzMenuManagerBundle\Entity\Menu;
 use Symfony\Component\HttpFoundation\Response;
@@ -27,11 +30,18 @@
  */
 class ViewController extends Controller
 {
+    public function __construct(protected PermissionResolver $permissionResolver)
+    {
+    }
+
     /**
      * @Route("/view/{menu}", name="menu_manager.menu_view")
      */
     public function viewMenuAction(Menu $menu, MenuBuilder $menuBuilder): Response
     {
+        if (!$this->permissionResolver->hasAccess('menu_manager', 'view')) {
+            throw new UnauthorizedException('menu_manager', 'view', []);
+        }
         return $this->render(
             '@ibexadesign/menu_manager/view.html.twig',
             [

components/MenuManagerBundle/src/bundle/DependencyInjection/Security/Provider/MenuPolicyProvider.php

@@ -0,0 +1,39 @@
+<?php
+
+/**
+ * NovaeZRssFeedBundle.
+ *
+ * @package   NovaeZRssFeedBundle
+ *
+ * @author    Novactive
+ * @copyright 2018 Novactive
+ * @license   https://github.com/Novactive/NovaeZRssFeedBundle/blob/master/LICENSE
+ */
+
+namespace Novactive\EzMenuManagerBundle\DependencyInjection\Security\Provider;
+
+use Ibexa\Bundle\Core\DependencyInjection\Security\PolicyProvider\YamlPolicyProvider;
+use JMS\TranslationBundle\Model\Message;
+
+class MenuPolicyProvider extends YamlPolicyProvider
+{
+    public function getFiles(): array
+    {
+        return [
+            __DIR__ . '/../../../Resources/config/policies.yml',
+        ];
+    }
+
+    public static function getTranslationMessages(): array
+    {
+        return [
+            (new Message('role.policy.menu_manager.all_functions', 'menu_manager'))
+                ->setDesc('Menu Manager / All Functions'),
+            (new Message('role.policy.menu_manager.list', 'menu_manager'))->setDesc('Menu Manager / Liste'),
+            (new Message('role.policy.menu_manager.new', 'menu_manager'))->setDesc('Menu Manager / New'),
+            (new Message('role.policy.menu_manager.edit', 'menu_manager'))->setDesc('Menu Manager / Edit'),
+            (new Message('role.policy.menu_manager.delete', 'menu_manager'))->setDesc('Menu Manager / Delete'),
+            (new Message('role.policy.menu_manager.view', 'menu_manager'))->setDesc('Menu Manager Log / View'),
+        ];
+    }
+}

components/MenuManagerBundle/src/bundle/EzMenuManagerBundle.php

@@ -13,6 +13,7 @@
 namespace Novactive\EzMenuManagerBundle;
 
 use Novactive\EzMenuManager\MenuItem\MenuItemTypeInterface;
+use Novactive\EzMenuManagerBundle\DependencyInjection\Security\Provider\MenuPolicyProvider;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\HttpKernel\Bundle\Bundle;
 
@@ -26,5 +27,6 @@ public function build(ContainerBuilder $container)
         parent::build($container);
         $container->registerForAutoconfiguration(MenuItemTypeInterface::class)
                   ->addTag('ezmenumanager.menuitemtype');
+        $container->getExtension('ibexa')->addPolicyProvider(new MenuPolicyProvider());
     }
 }

components/MenuManagerBundle/src/bundle/Resources/config/policies.yml

@@ -0,0 +1,6 @@
+menu_manager:
+  list: ~
+  new: ~
+  view: ~
+  edit: ~
+  delete: ~

components/MenuManagerBundle/src/bundle/Resources/translations/menu_manager.en.yml

@@ -52,3 +52,9 @@ menu_item:
     save_container: Save folder
     cancel: Cancel
 actions.apply_btn: Apply
+role.policy.menu_manager: Menu Manager
+role.policy.menu_manager.all_functions: Menu Manager / Toutes les fonctions
+role.policy.menu_manager.list: Menu Manager / Liste
+role.policy.menu_manager.view: Menu Manager / View
+role.policy.menu_manager.edit: Menu Manager / Edit
+role.policy.menu_manager.new: Menu Manager / New