From f2959b2df00bc1d91ef527a7dd2ac023fb93f2ce Mon Sep 17 00:00:00 2001 From: David Molineus Date: Wed, 5 Dec 2018 11:15:37 +0100 Subject: [PATCH] Implement permission check for icons, popups and styles. --- src/Bundle/Resources/config/layers.yml | 2 +- src/Bundle/Resources/config/listeners.yml | 15 +- .../Resources/contao/dca/tl_leaflet_icon.php | 24 ++- .../Resources/contao/dca/tl_leaflet_layer.php | 55 +++--- .../Resources/contao/dca/tl_leaflet_popup.php | 23 ++- .../Resources/contao/dca/tl_leaflet_style.php | 23 ++- src/Listener/Dca/IconDcaListener.php | 35 +++- src/Listener/Dca/OperationsListener.php | 169 ++++++++++++++++++ src/Listener/Dca/PopupDcaListener.php | 60 +++++++ src/Listener/Dca/StyleDcaListener.php | 35 +++- 10 files changed, 386 insertions(+), 55 deletions(-) create mode 100644 src/Listener/Dca/OperationsListener.php create mode 100644 src/Listener/Dca/PopupDcaListener.php diff --git a/src/Bundle/Resources/config/layers.yml b/src/Bundle/Resources/config/layers.yml index c6dcc77..5e65deb 100644 --- a/src/Bundle/Resources/config/layers.yml +++ b/src/Bundle/Resources/config/layers.yml @@ -32,7 +32,7 @@ parameters: markercluster: children: true - icon: 'bundles/netzmachtcontaoleaflet/img/markercluster.png' + icon: 'bundles/netzmachtcontaoleaflet/img/cluster.png' tile: children: false diff --git a/src/Bundle/Resources/config/listeners.yml b/src/Bundle/Resources/config/listeners.yml index 199fad5..b9432b0 100644 --- a/src/Bundle/Resources/config/listeners.yml +++ b/src/Bundle/Resources/config/listeners.yml @@ -76,14 +76,22 @@ services: class: Netzmacht\Contao\Leaflet\Listener\Dca\IconDcaListener public: true arguments: + - '@netzmacht.contao_toolkit.contao.backend_user' - '%netzmacht.contao_leaflet.icons%' netzmacht.contao_leaflet.listeners.dca.style: class: Netzmacht\Contao\Leaflet\Listener\Dca\StyleDcaListener public: true arguments: + - '@netzmacht.contao_toolkit.contao.backend_user' - '%netzmacht.contao_leaflet.styles%' - - + + netzmacht.contao_leaflet.listeners.dca.popup: + class: Netzmacht\Contao\Leaflet\Listener\Dca\PopupDcaListener + public: true + arguments: + - '@netzmacht.contao_toolkit.contao.backend_user' + netzmacht.contao_leaflet.listeners.dca.user: class: Netzmacht\Contao\Leaflet\Listener\Dca\UserDcaListener public: true @@ -102,6 +110,11 @@ services: - '@translator' - '%netzmacht.contao_leaflet.layers%' + Netzmacht\Contao\Leaflet\Listener\Dca\OperationsListener: + public: true + arguments: + - '@netzmacht.contao_toolkit.contao.backend_user' + netzmacht.contao_leaflet.listeners.geo_json_listener: class: Netzmacht\Contao\Leaflet\Listener\GeoJsonListener arguments: diff --git a/src/Bundle/Resources/contao/dca/tl_leaflet_icon.php b/src/Bundle/Resources/contao/dca/tl_leaflet_icon.php index 3e99465..b6d3cfd 100644 --- a/src/Bundle/Resources/contao/dca/tl_leaflet_icon.php +++ b/src/Bundle/Resources/contao/dca/tl_leaflet_icon.php @@ -10,6 +10,8 @@ * @filesource */ +use Netzmacht\Contao\Leaflet\Listener\Dca\OperationsListener; + $GLOBALS['TL_DCA']['tl_leaflet_icon'] = [ 'config' => [ 'dataContainer' => 'Table', @@ -20,6 +22,9 @@ $GLOBALS['TL_DCA']['tl_leaflet_icon'] = [ 'alias' => 'unique', ], ], + 'onload_callback' => [ + ['netzmacht.contao_leaflet.listeners.dca.icon', 'checkPermission'], + ], 'onsubmit_callback' => [ ['netzmacht.contao_leaflet.listeners.dca.leaflet', 'clearCache'], ], @@ -45,16 +50,19 @@ $GLOBALS['TL_DCA']['tl_leaflet_icon'] = [ 'attributes' => 'onclick="Backend.getScrollOffset();" accesskey="e"', ], 'styles' => [ - 'label' => &$GLOBALS['TL_LANG']['tl_leaflet_icon']['styles'], - 'href' => 'table=tl_leaflet_style', - 'icon' => 'bundles/netzmachtcontaoleaflet/img/style.png', - 'attributes' => 'onclick="Backend.getScrollOffset();"', + 'label' => &$GLOBALS['TL_LANG']['tl_leaflet_icon']['styles'], + 'href' => 'table=tl_leaflet_style', + 'icon' => 'bundles/netzmachtcontaoleaflet/img/style.png', + 'attributes' => 'onclick="Backend.getScrollOffset();"', + 'button_callback' => [OperationsListener::class, 'styleOperation'], + ], 'popups' => [ - 'label' => &$GLOBALS['TL_LANG']['tl_leaflet_icon']['popups'], - 'href' => 'table=tl_leaflet_popup', - 'icon' => 'bundles/netzmachtcontaoleaflet/img/popup.png', - 'attributes' => 'onclick="Backend.getScrollOffset();"', + 'label' => &$GLOBALS['TL_LANG']['tl_leaflet_icon']['popups'], + 'href' => 'table=tl_leaflet_popup', + 'icon' => 'bundles/netzmachtcontaoleaflet/img/popup.png', + 'attributes' => 'onclick="Backend.getScrollOffset();"', + 'button_callback' => [OperationsListener::class, 'popupOperation'], ], 'all' => [ 'label' => &$GLOBALS['TL_LANG']['MSC']['all'], diff --git a/src/Bundle/Resources/contao/dca/tl_leaflet_layer.php b/src/Bundle/Resources/contao/dca/tl_leaflet_layer.php index 789aa2d..ef0cef7 100644 --- a/src/Bundle/Resources/contao/dca/tl_leaflet_layer.php +++ b/src/Bundle/Resources/contao/dca/tl_leaflet_layer.php @@ -10,6 +10,8 @@ * @filesource */ +use Netzmacht\Contao\Leaflet\Listener\Dca\OperationsListener; + $GLOBALS['TL_DCA']['tl_leaflet_layer'] = [ 'config' => [ 'dataContainer' => 'Table', @@ -48,22 +50,25 @@ $GLOBALS['TL_DCA']['tl_leaflet_layer'] = [ ], 'global_operations' => [ 'styles' => [ - 'label' => &$GLOBALS['TL_LANG']['tl_leaflet_layer']['styles'], - 'href' => 'table=tl_leaflet_style', - 'icon' => 'bundles/netzmachtcontaoleaflet/img/style.png', - 'attributes' => 'onclick="Backend.getScrollOffset();"', + 'label' => &$GLOBALS['TL_LANG']['tl_leaflet_layer']['styles'], + 'href' => 'table=tl_leaflet_style', + 'icon' => 'bundles/netzmachtcontaoleaflet/img/style.png', + 'attributes' => 'onclick="Backend.getScrollOffset();"', + 'button_callback' => [OperationsListener::class, 'styleOperation'], ], 'icons' => [ - 'label' => &$GLOBALS['TL_LANG']['tl_leaflet_layer']['icons'], - 'href' => 'table=tl_leaflet_icon', - 'icon' => 'bundles/netzmachtcontaoleaflet/img/icons.png', - 'attributes' => 'onclick="Backend.getScrollOffset();"', + 'label' => &$GLOBALS['TL_LANG']['tl_leaflet_layer']['icons'], + 'href' => 'table=tl_leaflet_icon', + 'icon' => 'bundles/netzmachtcontaoleaflet/img/icons.png', + 'attributes' => 'onclick="Backend.getScrollOffset();"', + 'button_callback' => [OperationsListener::class, 'iconOperation'], ], 'popups' => [ - 'label' => &$GLOBALS['TL_LANG']['tl_leaflet_layer']['popups'], - 'href' => 'table=tl_leaflet_popup', - 'icon' => 'bundles/netzmachtcontaoleaflet/img/popup.png', - 'attributes' => 'onclick="Backend.getScrollOffset();"', + 'label' => &$GLOBALS['TL_LANG']['tl_leaflet_layer']['popups'], + 'href' => 'table=tl_leaflet_popup', + 'icon' => 'bundles/netzmachtcontaoleaflet/img/popup.png', + 'attributes' => 'onclick="Backend.getScrollOffset();"', + 'button_callback' => [OperationsListener::class, 'popupOperation'], ], 'all' => [ 'label' => &$GLOBALS['TL_LANG']['MSC']['all'], @@ -235,9 +240,9 @@ $GLOBALS['TL_DCA']['tl_leaflet_layer'] = [ 'MapBox' => ['tile_provider_key'], 'HERE' => ['tile_provider_key', 'tile_provider_code'], ], - 'fileFormat' => [ - '!' => ['file'] - ] + 'fileFormat' => [ + '!' => ['file'], + ], ], 'metasubpalettes' => [ @@ -864,7 +869,7 @@ $GLOBALS['TL_DCA']['tl_leaflet_layer'] = [ ], 'sql' => 'mediumtext NULL', ], - 'fileFormat' => [ + 'fileFormat' => [ 'label' => &$GLOBALS['TL_LANG']['tl_leaflet_layer']['fileFormat'], 'exclude' => true, 'inputType' => 'select', @@ -882,19 +887,19 @@ $GLOBALS['TL_DCA']['tl_leaflet_layer'] = [ 'sql' => "varchar(32) NOT NULL default ''", ], 'file' => [ - 'label' => &$GLOBALS['TL_LANG']['tl_leaflet_layer']['file'], - 'exclude' => true, - 'inputType' => 'fileTree', + 'label' => &$GLOBALS['TL_LANG']['tl_leaflet_layer']['file'], + 'exclude' => true, + 'inputType' => 'fileTree', 'load_callback' => [ ['netzmacht.contao_leaflet.listeners.dca.layer', 'prepareFileWidget'], ], - 'eval' => [ - 'filesOnly' => true, - 'fieldType' => 'radio', - 'mandatory' => true, - 'tl_class' => 'clr', + 'eval' => [ + 'filesOnly' => true, + 'fieldType' => 'radio', + 'mandatory' => true, + 'tl_class' => 'clr', ], - 'sql' => 'binary(16) NULL', + 'sql' => 'binary(16) NULL', ], ], ]; diff --git a/src/Bundle/Resources/contao/dca/tl_leaflet_popup.php b/src/Bundle/Resources/contao/dca/tl_leaflet_popup.php index b40f21d..e0c84d5 100644 --- a/src/Bundle/Resources/contao/dca/tl_leaflet_popup.php +++ b/src/Bundle/Resources/contao/dca/tl_leaflet_popup.php @@ -10,6 +10,8 @@ * @filesource */ +use Netzmacht\Contao\Leaflet\Listener\Dca\OperationsListener; + $GLOBALS['TL_DCA']['tl_leaflet_popup'] = [ 'config' => [ 'dataContainer' => 'Table', @@ -20,6 +22,9 @@ $GLOBALS['TL_DCA']['tl_leaflet_popup'] = [ 'alias' => 'unique', ], ], + 'onload_callback' => [ + ['netzmacht.contao_leaflet.listeners.dca.popup', 'checkPermission'], + ], 'onsubmit_callback' => [ ['netzmacht.contao_leaflet.listeners.dca.leaflet', 'clearCache'], ], @@ -45,16 +50,18 @@ $GLOBALS['TL_DCA']['tl_leaflet_popup'] = [ 'attributes' => 'onclick="Backend.getScrollOffset();" accesskey="e"', ], 'styles' => [ - 'label' => &$GLOBALS['TL_LANG']['tl_leaflet_popup']['styles'], - 'href' => 'table=tl_leaflet_style', - 'icon' => 'bundles/netzmachtcontaoleaflet/img/style.png', - 'attributes' => 'onclick="Backend.getScrollOffset();"', + 'label' => &$GLOBALS['TL_LANG']['tl_leaflet_popup']['styles'], + 'href' => 'table=tl_leaflet_style', + 'icon' => 'bundles/netzmachtcontaoleaflet/img/style.png', + 'attributes' => 'onclick="Backend.getScrollOffset();"', + 'button_callback' => [OperationsListener::class, 'styleOperation'], ], 'icons' => [ - 'label' => &$GLOBALS['TL_LANG']['tl_leaflet_popup']['icons'], - 'href' => 'table=tl_leaflet_icon', - 'icon' => 'bundles/netzmachtcontaoleaflet/img/icons.png', - 'attributes' => 'onclick="Backend.getScrollOffset();"', + 'label' => &$GLOBALS['TL_LANG']['tl_leaflet_popup']['icons'], + 'href' => 'table=tl_leaflet_icon', + 'icon' => 'bundles/netzmachtcontaoleaflet/img/icons.png', + 'attributes' => 'onclick="Backend.getScrollOffset();"', + 'button_callback' => [OperationsListener::class, 'iconOperation'], ], 'all' => [ 'label' => &$GLOBALS['TL_LANG']['MSC']['all'], diff --git a/src/Bundle/Resources/contao/dca/tl_leaflet_style.php b/src/Bundle/Resources/contao/dca/tl_leaflet_style.php index 8a10177..cfbb51b 100644 --- a/src/Bundle/Resources/contao/dca/tl_leaflet_style.php +++ b/src/Bundle/Resources/contao/dca/tl_leaflet_style.php @@ -10,6 +10,8 @@ * @filesource */ +use Netzmacht\Contao\Leaflet\Listener\Dca\OperationsListener; + $GLOBALS['TL_DCA']['tl_leaflet_style'] = [ 'config' => [ 'dataContainer' => 'Table', @@ -20,6 +22,9 @@ $GLOBALS['TL_DCA']['tl_leaflet_style'] = [ 'alias' => 'unique', ], ], + 'onload_callback' => [ + ['netzmacht.contao_leaflet.listeners.dca.style', 'checkPermission'], + ], 'onsubmit_callback' => [ ['netzmacht.contao_leaflet.listeners.dca.leaflet', 'clearCache'], ], @@ -45,16 +50,18 @@ $GLOBALS['TL_DCA']['tl_leaflet_style'] = [ 'attributes' => 'onclick="Backend.getScrollOffset();" accesskey="e"', ], 'icons' => [ - 'label' => &$GLOBALS['TL_LANG']['tl_leaflet_style']['icons'], - 'href' => 'table=tl_leaflet_icon', - 'icon' => 'bundles/netzmachtcontaoleaflet/img/icons.png', - 'attributes' => 'onclick="Backend.getScrollOffset();"', + 'label' => &$GLOBALS['TL_LANG']['tl_leaflet_style']['icons'], + 'href' => 'table=tl_leaflet_icon', + 'icon' => 'bundles/netzmachtcontaoleaflet/img/icons.png', + 'attributes' => 'onclick="Backend.getScrollOffset();"', + 'button_callback' => [OperationsListener::class, 'iconOperation'], ], 'popups' => [ - 'label' => &$GLOBALS['TL_LANG']['tl_leaflet_style']['popups'], - 'href' => 'table=tl_leaflet_popup', - 'icon' => 'bundles/netzmachtcontaoleaflet/img/popup.png', - 'attributes' => 'onclick="Backend.getScrollOffset();"', + 'label' => &$GLOBALS['TL_LANG']['tl_leaflet_style']['popups'], + 'href' => 'table=tl_leaflet_popup', + 'icon' => 'bundles/netzmachtcontaoleaflet/img/popup.png', + 'attributes' => 'onclick="Backend.getScrollOffset();"', + 'button_callback' => [OperationsListener::class, 'popupOperation'], ], 'all' => [ 'label' => &$GLOBALS['TL_LANG']['MSC']['all'], diff --git a/src/Listener/Dca/IconDcaListener.php b/src/Listener/Dca/IconDcaListener.php index ae82090..75965b2 100644 --- a/src/Listener/Dca/IconDcaListener.php +++ b/src/Listener/Dca/IconDcaListener.php @@ -14,6 +14,10 @@ declare(strict_types=1); namespace Netzmacht\Contao\Leaflet\Listener\Dca; +use Contao\BackendUser; +use Contao\CoreBundle\Exception\AccessDeniedException; +use Netzmacht\Contao\Leaflet\Model\IconModel; + /** * Class IconDcaListener. * @@ -21,6 +25,13 @@ namespace Netzmacht\Contao\Leaflet\Listener\Dca; */ class IconDcaListener { + /** + * Contao backend user. + * + * @var BackendUser + */ + private $user; + /** * Icon type options. * @@ -31,13 +42,33 @@ class IconDcaListener /** * IconDcaListener constructor. * - * @param array $icons Icon type options. + * @param BackendUser $user Backend user. + * @param array $icons Icon type options. */ - public function __construct(array $icons) + public function __construct(BackendUser $user, array $icons) { + $this->user = $user; $this->icons = $icons; } + /** + * Check the permission. + * + * @return void + * + * @throws AccessDeniedException If user has not the permission. + */ + public function checkPermission(): void + { + if ($this->user->hasAccess(IconModel::getTable(), 'leaflet_tables')) { + return; + } + + throw new AccessDeniedException( + sprintf('Access denied to "%s" for user "%s"', IconModel::getTable(), $this->user->id) + ); + } + /** * Get icon options. * diff --git a/src/Listener/Dca/OperationsListener.php b/src/Listener/Dca/OperationsListener.php new file mode 100644 index 0000000..b929eda --- /dev/null +++ b/src/Listener/Dca/OperationsListener.php @@ -0,0 +1,169 @@ + + * @copyright 2014-2018 netzmacht David Molineus. All rights reserved. + * @license LGPL-3.0 https://github.com/netzmacht/contao-leaflet-maps/blob/master/LICENSE + * @filesource + */ + +declare(strict_types=1); + +namespace Netzmacht\Contao\Leaflet\Listener\Dca; + +use Contao\Backend; +use Contao\BackendUser; +use Netzmacht\Contao\Leaflet\Model\IconModel; +use Netzmacht\Contao\Leaflet\Model\PopupModel; +use Netzmacht\Contao\Leaflet\Model\StyleModel; + +/** + * Class OperationsListener + */ +final class OperationsListener +{ + /** + * Backend user. + * + * @var BackendUser + */ + private $user; + + /** + * OperationsListener constructor. + * + * @param BackendUser $user Backend user. + */ + public function __construct(BackendUser $user) + { + $this->user = $user; + } + + /** + * Generate the style operation. + * + * @param string $href Button link. + * @param string $label Button label. + * @param string $title Button title. + * @param string $class Button icon class. + * @param string $attributes Html attributes. + * + * @return string + */ + public function styleOperation( + string $href, + string $label, + string $title, + string $class, + string $attributes + ): string { + return $this->renderIfPermissionIsGranted(StyleModel::getTable(), $href, $label, $title, $class, $attributes); + } + + /** + * Generate the icon operation. + * + * @param string $href Button link. + * @param string $label Button label. + * @param string $title Button title. + * @param string $class Button icon class. + * @param string $attributes Html attributes. + * + * @return string + */ + public function iconOperation( + string $href, + string $label, + string $title, + string $class, + string $attributes + ): string { + return $this->renderIfPermissionIsGranted(IconModel::getTable(), $href, $label, $title, $class, $attributes); + } + + /** + * Generate the popup operation. + * + * @param string $href Button link. + * @param string $label Button label. + * @param string $title Button title. + * @param string $class Button icon class. + * @param string $attributes Html attributes. + * + * @return string + */ + public function popupOperation( + string $href, + string $label, + string $title, + string $class, + string $attributes + ): string { + return $this->renderIfPermissionIsGranted(PopupModel::getTable(), $href, $label, $title, $class, $attributes); + } + + /** + * Check if user has permission to access the leaflet table. + * + * @param string $permission The table permission. + * + * @return bool + */ + private function hasPermission(string $permission): bool + { + return (bool) $this->user->hasAccess($permission, 'leaflet_tables'); + } + + /** + * Generate the style operation. + * + * @param string $permission Table permission to check. + * @param string $href Button link. + * @param string $label Button label. + * @param string $title Button title. + * @param string $class Button icon class. + * @param string $attributes Html attributes. + * + * @return string + */ + private function renderIfPermissionIsGranted( + string $permission, + string $href, + string $label, + string $title, + string $class, + string $attributes + ): string { + if ($this->hasPermission($permission)) { + return $this->render($href, $label, $title, $class, $attributes); + } + + return ''; + } + + /** + * Render a button. + * + * @param string $href Button link. + * @param string $label Button label. + * @param string $title Button title. + * @param string $class Button icon class. + * @param string $attributes Html attributes. + * + * @return string + */ + private function render(string $href, string $label, string $title, string $class, string $attributes): string + { + return sprintf( + ' %s', + Backend::addToUrl($href), + $title, + $class, + $attributes, + $label + ); + } +} diff --git a/src/Listener/Dca/PopupDcaListener.php b/src/Listener/Dca/PopupDcaListener.php new file mode 100644 index 0000000..62709bf --- /dev/null +++ b/src/Listener/Dca/PopupDcaListener.php @@ -0,0 +1,60 @@ + + * @copyright 2014-2018 netzmacht David Molineus. All rights reserved. + * @license LGPL-3.0 https://github.com/netzmacht/contao-leaflet-maps/blob/master/LICENSE + * @filesource + */ + +declare(strict_types=1); + +namespace Netzmacht\Contao\Leaflet\Listener\Dca; + +use Contao\BackendUser; +use Contao\CoreBundle\Exception\AccessDeniedException; +use Netzmacht\Contao\Leaflet\Model\PopupModel; + +/** + * Class PopupDcaListener + */ +final class PopupDcaListener +{ + /** + * Backend user. + * + * @var BackendUser + */ + private $user; + + /** + * PopupDcaListener constructor. + * + * @param BackendUser $user Backend user. + */ + public function __construct(BackendUser $user) + { + $this->user = $user; + } + + /** + * Check the permission. + * + * @return void + * + * @throws AccessDeniedException If user has not the permission. + */ + public function checkPermission(): void + { + if ($this->user->hasAccess(PopupModel::getTable(), 'leaflet_tables')) { + return; + } + + throw new AccessDeniedException( + sprintf('Access denied to "%s" for user "%s"', PopupModel::getTable(), $this->user->id) + ); + } +} diff --git a/src/Listener/Dca/StyleDcaListener.php b/src/Listener/Dca/StyleDcaListener.php index 95e276c..e889e98 100644 --- a/src/Listener/Dca/StyleDcaListener.php +++ b/src/Listener/Dca/StyleDcaListener.php @@ -14,6 +14,10 @@ declare(strict_types=1); namespace Netzmacht\Contao\Leaflet\Listener\Dca; +use Contao\BackendUser; +use Contao\CoreBundle\Exception\AccessDeniedException; +use Netzmacht\Contao\Leaflet\Model\StyleModel; + /** * Class StyleDcaListener. * @@ -21,6 +25,13 @@ namespace Netzmacht\Contao\Leaflet\Listener\Dca; */ class StyleDcaListener { + /** + * Backend user. + * + * @var BackendUser + */ + private $user; + /** * Style type options. * @@ -31,11 +42,31 @@ class StyleDcaListener /** * StyleDcaListener constructor. * - * @param array $styles Styles options. + * @param BackendUser $user Backend user. + * @param array $styles Styles options. */ - public function __construct(array $styles) + public function __construct(BackendUser $user, array $styles) { $this->icons = $styles; + $this->user = $user; + } + + /** + * Check the permission. + * + * @return void + * + * @throws AccessDeniedException If user has not the permission. + */ + public function checkPermission(): void + { + if ($this->user->hasAccess(StyleModel::getTable(), 'leaflet_tables')) { + return; + } + + throw new AccessDeniedException( + sprintf('Access denied to "%s" for user "%s"', StyleModel::getTable(), $this->user->id) + ); } /**