diff --git a/src/Cms/LanguagePermissions.php b/src/Cms/LanguagePermissions.php index 04167d58ec..b3aab5c926 100644 --- a/src/Cms/LanguagePermissions.php +++ b/src/Cms/LanguagePermissions.php @@ -5,21 +5,16 @@ /** * LanguagePermissions * - * Since the Language class is not a content model, - * it handles this itself instead of inheriting from the `ModelPermissions` class - * * @package Kirby Cms * @author Ahmet Bora * @link https://getkirby.com * @copyright Bastian Allgeier * @license https://getkirby.com/license */ -class LanguagePermissions +class LanguagePermissions extends NewPermissions { - protected string $category = 'languages'; - protected Language $model; - protected Permissions $permissions; - protected User $user; + protected string $category = 'languages'; + protected Language $model; public function __construct(Language $model) { @@ -28,75 +23,11 @@ public function __construct(Language $model) $this->permissions = $this->user->role()->permissions(); } - public function __call(string $method, array $arguments = []): bool - { - return $this->can($method); - } - - /** - * Improved `var_dump` output - * @codeCoverageIgnore - */ - public function __debugInfo(): array - { - return $this->toArray(); - } - - /** - * Returns whether the current user is allowed - * to do a certain action on the model - * - * @param bool $default Will be returned if $action does not exist - */ - public function can( - string $action, - bool $default = false - ): bool { - $user = $this->user->id(); - $role = $this->user->role()->id(); - - // users with the `nobody` role can do nothing - // that needs a permission check - if ($role === 'nobody') { - return false; - } - - // check for a custom `can` method - // which would take priority over any other - // role-based permission rules - if ( - method_exists($this, 'can' . $action) === true && - $this->{'can' . $action}() === false - ) { - return false; - } - - // the almighty `kirby` user can do anything - if ($user === 'kirby' && $role === 'admin') { - return true; - } - - return $this->permissions->for($this->category, $action, $default); - } - protected function canDelete(): bool { return $this->model->isDeletable() === true; } - /** - * Returns whether the current user is not allowed - * to do a certain action on the model - * - * @param bool $default Will be returned if $action does not exist - */ - public function cannot( - string $action, - bool $default = true - ): bool { - return $this->can($action, !$default) === false; - } - public function toArray(): array { return []; diff --git a/src/Cms/ModelPermissions.php b/src/Cms/ModelPermissions.php index a700b26318..ee580a7aaf 100644 --- a/src/Cms/ModelPermissions.php +++ b/src/Cms/ModelPermissions.php @@ -2,8 +2,6 @@ namespace Kirby\Cms; -use Kirby\Toolkit\A; - /** * ModelPermissions * @@ -13,13 +11,10 @@ * @copyright Bastian Allgeier * @license https://getkirby.com/license */ -abstract class ModelPermissions +abstract class ModelPermissions extends NewPermissions { - protected string $category; protected ModelWithContent $model; - protected array $options; - protected Permissions $permissions; - protected User $user; + protected array $options; public function __construct(ModelWithContent $model) { @@ -29,96 +24,6 @@ public function __construct(ModelWithContent $model) $this->permissions = $this->user->role()->permissions(); } - public function __call(string $method, array $arguments = []): bool - { - return $this->can($method); - } - - /** - * Improved `var_dump` output - * @codeCoverageIgnore - */ - public function __debugInfo(): array - { - return $this->toArray(); - } - - /** - * Returns whether the current user is allowed to do - * a certain action on the model - * - * @param bool $default Will be returned if $action does not exist - */ - public function can( - string $action, - bool $default = false - ): bool { - $user = $this->user->id(); - $role = $this->user->role()->id(); - - // users with the `nobody` role can do nothing - // that needs a permission check - if ($role === 'nobody') { - return false; - } - - // check for a custom `can` method - // which would take priority over any other - // role-based permission rules - if ( - method_exists($this, 'can' . $action) === true && - $this->{'can' . $action}() === false - ) { - return false; - } - - // the almighty `kirby` user can do anything - if ($user === 'kirby' && $role === 'admin') { - return true; - } - - // evaluate the blueprint options block - if (isset($this->options[$action]) === true) { - $options = $this->options[$action]; - - if ($options === false) { - return false; - } - - if ($options === true) { - return true; - } - - if ( - is_array($options) === true && - A::isAssociative($options) === true - ) { - if (isset($options[$role]) === true) { - return $options[$role]; - } - - if (isset($options['*']) === true) { - return $options['*']; - } - } - } - - return $this->permissions->for($this->category, $action, $default); - } - - /** - * Returns whether the current user is not allowed to do - * a certain action on the model - * - * @param bool $default Will be returned if $action does not exist - */ - public function cannot( - string $action, - bool $default = true - ): bool { - return $this->can($action, !$default) === false; - } - public function toArray(): array { $array = []; diff --git a/src/Cms/NewPermissions.php b/src/Cms/NewPermissions.php new file mode 100644 index 0000000000..48462499be --- /dev/null +++ b/src/Cms/NewPermissions.php @@ -0,0 +1,111 @@ + + * @link https://getkirby.com + * @copyright Bastian Allgeier + * @license https://getkirby.com/license + */ +abstract class NewPermissions +{ + protected string $category; + protected Permissions $permissions; + protected User $user; + + public function __call(string $method, array $arguments = []): bool + { + return $this->can($method); + } + + /** + * Improved `var_dump` output + * @codeCoverageIgnore + */ + public function __debugInfo(): array + { + return $this->toArray(); + } + + /** + * Returns whether the current user is allowed to do + * a certain action on the model + * + * @param bool $default Will be returned if $action does not exist + */ + public function can( + string $action, + bool $default = false + ): bool { + $user = $this->user->id(); + $role = $this->user->role()->id(); + + // users with the `nobody` role can do nothing + // that needs a permission check + if ($role === 'nobody') { + return false; + } + + // check for a custom `can` method + // which would take priority over any other + // role-based permission rules + if ( + method_exists($this, 'can' . $action) === true && + $this->{'can' . $action}() === false + ) { + return false; + } + + // the almighty `kirby` user can do anything + if ($user === 'kirby' && $role === 'admin') { + return true; + } + + // evaluate the blueprint options block for only content models + if (isset($this->options[$action]) === true) { + $options = $this->options[$action]; + + if ($options === false) { + return false; + } + + if ($options === true) { + return true; + } + + if ( + is_array($options) === true && + A::isAssociative($options) === true + ) { + if (isset($options[$role]) === true) { + return $options[$role]; + } + + if (isset($options['*']) === true) { + return $options['*']; + } + } + } + + return $this->permissions->for($this->category, $action, $default); + } + + /** + * Returns whether the current user is not allowed to do + * a certain action on the model + * + * @param bool $default Will be returned if $action does not exist + */ + public function cannot( + string $action, + bool $default = true + ): bool { + return $this->can($action, !$default) === false; + } +}