Implement hidden permission groups (#2129)

Only users that have the new `viewHiddenGroups` permissions will be able to see these groups.

You might want this when you want to give certain users special permissions, but don't want to make your authorization scheme public to regular users.

Co-authored-by: luceos <daniel+github@klabbers.email>
This commit is contained in:
Alexander Skvortsov 2020-04-21 11:49:53 -04:00 committed by GitHub
parent df8f73bd3d
commit 6e8884f190
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
13 changed files with 130 additions and 7 deletions

View File

@ -3,6 +3,7 @@ import Button from '../../common/components/Button';
import Badge from '../../common/components/Badge';
import Group from '../../common/models/Group';
import ItemList from '../../common/utils/ItemList';
import Switch from '../../common/components/Switch';
/**
* The `EditGroupModal` component shows a modal dialog which allows the user
@ -16,6 +17,7 @@ export default class EditGroupModal extends Modal {
this.namePlural = m.prop(this.group.namePlural() || '');
this.icon = m.prop(this.group.icon() || '');
this.color = m.prop(this.group.color() || '');
this.isHidden = m.prop(this.group.isHidden() || false);
}
className() {
@ -89,6 +91,18 @@ export default class EditGroupModal extends Modal {
10
);
items.add(
'hidden',
<div className="Form-group">
{Switch.component({
state: !!Number(this.isHidden()),
children: app.translator.trans('core.admin.edit_group.hide_label'),
onchange: this.isHidden,
})}
</div>,
10
);
items.add(
'submit',
<div className="Form-group">
@ -118,6 +132,7 @@ export default class EditGroupModal extends Modal {
namePlural: this.namePlural(),
color: this.color(),
icon: this.icon(),
isHidden: this.isHidden(),
};
}

View File

@ -112,6 +112,16 @@ export default class PermissionGrid extends Component {
100
);
items.add(
'viewHiddenGroups',
{
icon: 'fas fa-users',
label: app.translator.trans('core.admin.permissions.view_hidden_groups_label'),
permission: 'viewHiddenGroups',
},
100
);
items.add(
'viewUserList',
{

View File

@ -7,6 +7,7 @@ Object.assign(Group.prototype, {
namePlural: Model.attribute('namePlural'),
color: Model.attribute('color'),
icon: Model.attribute('icon'),
isHidden: Model.attribute('isHidden'),
});
Group.ADMINISTRATOR_ID = '1';

View File

@ -0,0 +1,14 @@
<?php
/*
* This file is part of Flarum.
*
* For detailed copyright and license information, please view the
* LICENSE file that was distributed with this source code.
*/
use Flarum\Database\Migration;
return Migration::addColumns('groups', [
'is_hidden' => ['boolean', 'default' => false]
]);

View File

@ -26,6 +26,8 @@ class ListGroupsController extends AbstractListController
*/
protected function data(ServerRequestInterface $request, Document $document)
{
return Group::all();
$actor = $request->getAttribute('actor');
return Group::whereVisibleTo($actor)->get();
}
}

View File

@ -45,6 +45,10 @@ class BasicUserSerializer extends AbstractSerializer
*/
protected function groups($user)
{
if ($this->getActor()->can('viewHiddenGroups')) {
return $this->hasMany($user, GroupSerializer::class);
}
return $this->hasMany($user, GroupSerializer::class, 'visibleGroups');
}
}

View File

@ -52,6 +52,7 @@ class GroupSerializer extends AbstractSerializer
'namePlural' => $this->translateGroupName($group->name_plural),
'color' => $group->color,
'icon' => $group->icon,
'isHidden' => $group->is_hidden
];
}

View File

@ -54,7 +54,8 @@ class CreateGroupHandler
Arr::get($data, 'attributes.nameSingular'),
Arr::get($data, 'attributes.namePlural'),
Arr::get($data, 'attributes.color'),
Arr::get($data, 'attributes.icon')
Arr::get($data, 'attributes.icon'),
Arr::get($data, 'attributes.isHidden', false)
);
$this->events->dispatch(

View File

@ -74,6 +74,10 @@ class EditGroupHandler
$group->icon = $attributes['icon'];
}
if (isset($attributes['isHidden'])) {
$group->is_hidden = $attributes['isHidden'];
}
$this->events->dispatch(
new Saving($group, $actor, $data)
);

View File

@ -23,6 +23,7 @@ use Flarum\User\User;
* @property string $name_plural
* @property string|null $color
* @property string|null $icon
* @property bool $is_hidden
* @property \Illuminate\Database\Eloquent\Collection $users
* @property \Illuminate\Database\Eloquent\Collection $permissions
*/
@ -72,9 +73,10 @@ class Group extends AbstractModel
* @param string $namePlural
* @param string $color
* @param string $icon
* @param bool $isHidden
* @return static
*/
public static function build($nameSingular, $namePlural, $color, $icon)
public static function build($nameSingular, $namePlural, $color = null, $icon = null, bool $isHidden = false): self
{
$group = new static;
@ -82,6 +84,7 @@ class Group extends AbstractModel
$group->name_plural = $namePlural;
$group->color = $color;
$group->icon = $icon;
$group->is_hidden = $isHidden;
$group->raise(new Created($group));

View File

@ -11,6 +11,7 @@ namespace Flarum\Group;
use Flarum\User\AbstractPolicy;
use Flarum\User\User;
use Illuminate\Database\Eloquent\Builder;
class GroupPolicy extends AbstractPolicy
{
@ -30,4 +31,15 @@ class GroupPolicy extends AbstractPolicy
return true;
}
}
/**
* @param User $actor
* @param Builder $query
*/
public function find(User $actor, Builder $query)
{
if ($actor->cannot('viewHiddenGroups')) {
$query->where('is_hidden', false);
}
}
}

View File

@ -606,6 +606,11 @@ class User extends AbstractModel
return $this->belongsToMany(Group::class);
}
public function visibleGroups()
{
return $this->belongsToMany(Group::class)->where('is_hidden', false);
}
/**
* Define the relationship with the user's notifications.
*

View File

@ -9,15 +9,37 @@
namespace Flarum\Tests\integration\api\groups;
use Flarum\Group\Group;
use Flarum\Tests\integration\RetrievesAuthorizedUsers;
use Flarum\Tests\integration\TestCase;
use Illuminate\Support\Arr;
class ListTest extends TestCase
{
use RetrievesAuthorizedUsers;
public function setUp()
{
parent::setUp();
$this->prepareDatabase([
'users' => [
$this->adminUser(),
$this->normalUser(),
],
'groups' => [
$this->adminGroup(),
$this->hiddenGroup()
],
'group_user' => [
['user_id' => 1, 'group_id' => 1],
],
]);
}
/**
* @test
*/
public function shows_index_for_guest()
public function shows_limited_index_for_guest()
{
$response = $this->send(
$this->request('GET', '/api/groups')
@ -26,6 +48,35 @@ class ListTest extends TestCase
$this->assertEquals(200, $response->getStatusCode());
$data = json_decode($response->getBody()->getContents(), true);
$this->assertEquals(Group::count(), count($data['data']));
$this->assertEquals(['1'], Arr::pluck($data['data'], 'id'));
}
/**
* @test
*/
public function shows_index_for_admin()
{
$response = $this->send(
$this->request('GET', '/api/groups', [
'authenticatedAs' => 1,
])
);
$this->assertEquals(200, $response->getStatusCode());
$data = json_decode($response->getBody()->getContents(), true);
$this->assertEquals(['1', '10'], Arr::pluck($data['data'], 'id'));
}
protected function hiddenGroup(): array
{
return [
'id' => 10,
'name_singular' => 'Hidden',
'name_plural' => 'Ninjas',
'color' => null,
'icon' => 'fas fa-wrench',
'is_hidden' => 1
];
}
}