Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix Role Authority Editability #16568

Merged
merged 3 commits into from
Jul 5, 2024
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
31 changes: 23 additions & 8 deletions _build/templates/default/sass/index.scss
Original file line number Diff line number Diff line change
Expand Up @@ -563,15 +563,30 @@ a.x-grid-link:focus {
}

.x-editable-column {
cursor: pointer;
&:hover,
&:focus {
color: $colorSplash;
> div::after {
@include awesome-font;
content: fa-content($fa-var-pen);
margin: 0 0.5em;
cursor: default;
&:not(.editor-disabled) {
cursor: pointer;
&:hover,
&:focus {
color: $colorSplash;
> div {
&::after {
@include awesome-font;
content: fa-content($fa-var-pen);
margin: 0 0.5em;
color: $colorSplash;
}
}
}
}
&.locked {
cursor: default;
&:hover,
&:focus {
> div::after {
content: fa-content($fa-var-lock);
color: scale-color($color: $colorSplash, $saturation: -70%, $lightness: 30%);
}
}
}
}
Expand Down
2 changes: 2 additions & 0 deletions core/lexicon/en/user.inc.php
Original file line number Diff line number Diff line change
Expand Up @@ -43,11 +43,13 @@
$_lang['role_err_nf'] = 'Role not found.';
$_lang['role_err_nfs'] = 'Role not found with id: [[+role]]';
$_lang['role_err_ns'] = 'Role not specified!';
$_lang['role_err_ns_authority'] = 'Please specify an authority level for this role.';
$_lang['role_err_ns_name'] = 'Please specify a name for the role.';
$_lang['role_err_remove'] = 'An error occurred while trying to delete the role.';
$_lang['role_err_remove_admin'] = 'The role you are trying to delete is the admin role. This role cannot be deleted!';
$_lang['role_remove'] = 'Delete Role';
$_lang['role_remove_confirm'] = 'Are you sure you want to delete this role?';
$_lang['role_warn_authority_locked'] = 'This Role’s authority can not be changed because this Role is currently assigned to one or more Access Control List entries.';
$_lang['roles'] = 'Roles';
$_lang['rrg_drag'] = 'Drag resources into resource groups here.';
$_lang['ugc_grid_title'] = 'User Group Access to Contexts';
Expand Down
27 changes: 22 additions & 5 deletions core/src/Revolution/Processors/Security/Role/GetList.php
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
<?php

/*
* This file is part of MODX Revolution.
*
Expand All @@ -10,8 +11,8 @@

namespace MODX\Revolution\Processors\Security\Role;


use MODX\Revolution\Processors\Model\GetListProcessor;
use MODX\Revolution\modUserGroupMember;
use MODX\Revolution\modUserGroupRole;
use xPDO\Om\xPDOObject;
use xPDO\Om\xPDOQuery;
Expand Down Expand Up @@ -83,6 +84,18 @@ public function beforeIteration(array $list)
return $list;
}

/**
* See if the Role is assigned to any users
* @return boolean
*/
public function isAssigned(int $id)
{
$c = $this->modx->newQuery(modUserGroupMember::class);
$c = $c->where(['role' => $id]);

return $this->modx->getCount(modUserGroupMember::class, $c) > 0;
}

/**
* {@inheritDoc}
* @param xPDOObject $object
Expand All @@ -91,17 +104,21 @@ public function beforeIteration(array $list)
public function prepareRow(xPDOObject $object)
{
$objectArray = $object->toArray();
$isCoreRole = $object->get('id') === 1
|| $object->get('id') === 2
|| $object->get('name') === 'Super User'
|| $object->get('name') === 'Member';
$objectId = $object->get('id');
$roleName = $object->get('name');
$isCoreRole = in_array($objectId, [1, 2]) || in_array($roleName, ['Super User', 'Member']);

$perm = [];
if (!$isCoreRole) {
$perm[] = 'edit';
if ($this->isAssigned($objectId)) {
$objectArray['isAssigned'] = 1;
}
if ($this->canRemove) {
$perm[] = 'remove';
}
} else {
$objectArray['isProtected'] = 1;
}
$objectArray['perm'] = implode(' ', $perm);

Expand Down
2 changes: 1 addition & 1 deletion manager/assets/modext/modx.jsgrps-min.js

Large diffs are not rendered by default.

65 changes: 65 additions & 0 deletions manager/assets/modext/widgets/core/modx.grid.js
Original file line number Diff line number Diff line change
Expand Up @@ -744,6 +744,71 @@ Ext.extend(MODx.grid.Grid,Ext.grid.EditorGridPanel,{
return el.dom.outerHTML;
}

/**
* Deprecated; renamed checkCellIsEditable. Remove in 3.1
*/
,checkEditable: function(e) {
this.checkCellIsEditable(e);
}

/**
* Disables cell editor under specified conditions
* @param {Object} e - Ext event object containing references to grid, record, field, value, row (index), column (index), and cancel (set true to cancel edit).
* @return {Boolean} Return false to cancel or true to commit the edit
*/
,checkCellIsEditable: function(e) {
const permissions = e.record.data.perm || '';
if (permissions.indexOf('edit') === -1) {
return false;
}
// Grid-specific conditions
switch (e.grid.xtype) {
case 'modx-grid-role': {
const
isAuthorityField = e.field === 'authority',
roleIsAssigned = e.record.json.isAssigned
;
if (roleIsAssigned && isAuthorityField) {
return false;
}
break;
}
default:
}
return true;
}

/**
* Add one or more classes to a specific Editor Grid cell, typically to indicate a level of restriction
*
* @param {Object} record - The row's data record
* @param {Array} lockConditions - A set of one or more Boolean values (or ones that cast correctly to the expected Boolean value) derived from the row record or other values that indicate whether or not the subject cell should be marked as locked
* @param {String} lockedClasses - One or more css class names
* @param {Boolean} conditionsRequireAll - Whether all passed lockConditions need to evaluate to true to apply the locked class(es)
*/
,setEditableCellClasses: function(record, lockConditions = [], lockedClasses = 'locked', conditionsRequireAll = true) {
const
permissions = record.data.perm.trim(),
hasEditPermission = permissions.split(' ').includes('edit')
;
let
classes = '',
shouldLock = false
;
if (lockConditions.length > 0) {
shouldLock = conditionsRequireAll
? lockConditions.every(condition => Boolean(condition) === true)
: lockConditions.some(condition => Boolean(condition) === true)
;
}
if (Ext.isEmpty(permissions)) {
classes = 'editor-disabled';
} else if (hasEditPermission && shouldLock) {
classes = lockedClasses;
}
return classes;
}

/**
* @property {Function} getLinkTemplate - Adds a link on a grid column's value based on the passed params.
* Usage of this method is necessary for grouping grids, where usage of renderers on its column model
Expand Down
Loading
Loading