Prototyped permissions (#13)

Bertrand Dunogier · Bertrand Dunogier · commit 008290c8d975 · 2018-11-11T02:30:59.000+01:00
The `_repository` field will only show up for users with at least one of content/edit, class/update or role/view.
Can easily be extended to more granular items.
diff --git a/GraphQL/ExpressionLanguage/HasAdminAccessFunction.php b/GraphQL/ExpressionLanguage/HasAdminAccessFunction.php
@@ -0,0 +1,40 @@
+<?php
+namespace BD\EzPlatformGraphQLBundle\GraphQL\ExpressionLanguage;
+
+use Overblog\GraphQLBundle\ExpressionLanguage\ExpressionFunction;
+
+class HasAdminAccessFunction extends ExpressionFunction
+{
+    public function __construct()
+    {
+        parent::__construct(
+            'hasAdminAccess',
+            function () {
+                $accessList = [
+                    "section/view",
+                    "class/create",
+                    "role/read",
+                ];
+                $mappedArray = array_map(
+                    function($policy) {
+                        list($module, $function) = explode('/', $policy);
+                        return sprintf(
+                            '(true === ($access = $pr->hasAccess("%s", "%s")) || is_array($access))',
+                            $module,
+                            $function
+                        );
+                    },
+                    $accessList
+                );
+                $ternary = implode('||', $mappedArray);
+                $code = sprintf('(function() use ($globalVariable) {
+  $pr = $globalVariable->get("container")
+    ->get("eZ\Publish\API\Repository\PermissionResolver");
+  return %s;
+})()', $ternary);
+
+                return $code;
+            }
+        );
+    }
+}
diff --git a/Resources/config/graphql/Platform.types.yml b/Resources/config/graphql/Platform.types.yml
@@ -5,4 +5,6 @@ Platform:
             _repository:
                 type: Repository
                 resolve: { }
-                description: "eZ Platform repository API"
+                description: "eZ Platform repository API"
+                public: '@=hasAdminAccess()'
+                public: '@=hasAdminAccess()'
diff --git a/Resources/config/services.yml b/Resources/config/services.yml
@@ -22,3 +22,6 @@ services:
             - { name: "overblog_graphql.mutation", alias: "DeleteSection", method: "deleteSection" }
 
     BD\EzPlatformGraphQLBundle\GraphQL\InputMapper\SearchQueryMapper: ~
+
+    BD\EzPlatformGraphQLBundle\GraphQL\ExpressionLanguage\HasAdminAccessFunction:
+        tags: ['overblog_graphql.expression_function']
