Fix: Added ManageSpaces and SystemAdmin check to UserGroupAccessValidator

2025-01-16 21:58:17 +01:00 · 2017-11-10 18:08:08 +01:00 · 2017-11-10 18:08:08 +01:00 · b0e2999eea
commit b0e2999eea
parent 83c6b7de31
6 changed files with 96 additions and 11 deletions
--- a/protected/humhub/docs/CHANGELOG.md
+++ b/protected/humhub/docs/CHANGELOG.md
@ -1,5 +1,8 @@
 HumHub Change Log
 =================
+1.2.4
+-------------------------
+- Fix: Added `ManageSpaces` and SystemAdmin check to `UserGroupAccessValidator`.

 1.2.3  (October 23, 2017)
 -------------------------
--- a/protected/humhub/modules/content/components/UserGroupAccessValidator.php
+++ b/protected/humhub/modules/content/components/UserGroupAccessValidator.php
@ -5,20 +5,15 @@
 * @license https://www.humhub.com/licences
 *
 */
-
-/**
- * Created by PhpStorm.
- * User: buddha
- * Date: 30.07.2017
- * Time: 04:04
- */
-
+ 
 namespace humhub\modules\content\components;


 use humhub\components\access\ActionAccessValidator;
 use humhub\libs\BasePermission;
+use humhub\modules\admin\permissions\ManageSpaces;
 use humhub\modules\space\models\Space;
+use humhub\modules\user\components\PermissionManager;
 use humhub\modules\user\models\User;
 use Yii;
 use yii\base\InvalidParamException;
@ -52,6 +47,10 @@ class UserGroupAccessValidator extends ActionAccessValidator

    protected function validate($rule)
    {
+        if($this->globalPermissionCheck()) {
+            return true;
+        }
+
        if (isset($rule[$this->name]) && !empty($rule[$this->name])) {
            $allowedGroups = is_string($rule[$this->name]) ? [$rule[$this->name]] : $rule[$this->name];
            $userGroup = $this->contentContainer->getUserGroup($this->access->user);
@ -72,6 +71,22 @@ class UserGroupAccessValidator extends ActionAccessValidator
        throw new InvalidParamException('Invalid userGroup rule provided for action ' . $this->action);
    }

+    /**
+     * Checks if the current user has the default permission to access contentcontainer related actions.
+     *
+     * @return bool
+     */
+    protected function globalPermissionCheck()
+    {
+        if(!$this->access->user) {
+            return false;
+        }
+
+        $userPermissionManager =  new PermissionManager(['subject' => $this->access->user]);
+        return ($this->access->user->isSystemAdmin())
+            || ($this->contentContainer instanceof Space && $userPermissionManager->can(ManageSpaces::class));
+    }
+
    public function getUserGroupLevel($userGroup)
    {
        $userGroupLevelArr = ($this->contentContainer instanceof Space) ? $this->spaceGroupLevel : $this->profileGroupLevel;
--- a/protected/humhub/modules/space/tests/codeception/_support/_generated/FunctionalTesterActions.php
+++ b/protected/humhub/modules/space/tests/codeception/_support/_generated/FunctionalTesterActions.php
@ -1,4 +1,4 @@
-<?php  //[STAMP] 41e34d3aa7c4ea3fcf95f14b02bbdcf7
+<?php  //[STAMP] 069cb24e38529f66c4e443b781666210
 namespace space\_generated;

 // This class was automatically generated by build task
--- a/protected/humhub/modules/space/tests/codeception/fixtures/data/space.php
+++ b/protected/humhub/modules/space/tests/codeception/fixtures/data/space.php
@ -21,6 +21,6 @@ return array(
    array('id' => '1', 'guid' => '5396d499-20d6-4233-800b-c6c86e5fa34a', 'name' => 'Space 1', 'contentcontainer_id' => '4', 'description' => 'Space by Admin', 'join_policy' => '1', 'visibility' => '2', 'status' => '1', 'tags' => NULL, 'created_at' => '2014-08-08 05:36:04', 'created_by' => '1', 'updated_at' => '2014-08-08 05:36:04', 'updated_by' => '1', 'ldap_dn' => NULL, 'auto_add_new_members' => '0'),
    array('id' => '2', 'guid' => '5396d499-20d6-4233-800b-c6c86e5fa34b', 'name' => 'Space 2', 'contentcontainer_id' => '5', 'description' => 'User 1 Space', 'join_policy' => '2', 'visibility' => '2', 'status' => '1', 'tags' => NULL, 'created_at' => '2014-08-08 05:36:04', 'created_by' => '2', 'updated_at' => '2014-08-08 05:36:04', 'updated_by' => '2', 'ldap_dn' => NULL, 'auto_add_new_members' => '0'),
    array('id' => '3', 'guid' => '5396d499-20d6-4233-800b-c6c86e5fa34c', 'name' => 'Space 3', 'contentcontainer_id' => '6', 'description' => 'Another User 1 Space', 'join_policy' => '2', 'visibility' => '2', 'status' => '1', 'tags' => NULL, 'created_at' => '2014-08-08 05:36:04', 'created_by' => '1', 'updated_at' => '2014-08-08 05:36:04', 'updated_by' => '2', 'ldap_dn' => NULL, 'auto_add_new_members' => '1'),
-    array('id' => '4', 'guid' => '5396d499-20d6-4233-800b-c6c86e5fa34d', 'name' => 'Space 4', 'contentcontainer_id' => '7', 'description' => 'User 1/2 Space', 'join_policy' => '2', 'visibility' => '2', 'status' => '1', 'tags' => NULL, 'created_at' => '2014-08-08 05:36:04', 'created_by' => '2', 'updated_at' => '2014-08-08 05:36:04', 'updated_by' => '2', 'ldap_dn' => NULL, 'auto_add_new_members' => '1')
+    array('id' => '4', 'guid' => '5396d499-20d6-4233-800b-c6c86e5fa34d', 'name' => 'Space 4', 'contentcontainer_id' => '7', 'description' => 'User 1/2 Space', 'join_policy' => '2', 'visibility' => '2', 'status' => '1', 'tags' => NULL, 'created_at' => '2014-08-08 05:36:04', 'created_by' => '1', 'updated_at' => '2014-08-08 05:36:04', 'updated_by' => '2', 'ldap_dn' => NULL, 'auto_add_new_members' => '1')
 );

--- a/protected/humhub/modules/space/tests/codeception/functional/DeleteSpaceCest.php
+++ b/protected/humhub/modules/space/tests/codeception/functional/DeleteSpaceCest.php
@ -0,0 +1,67 @@
+<?php
+/**
+ * @link https://www.humhub.org/
+ * @copyright Copyright (c) 2017 HumHub GmbH & Co. KG
+ * @license https://www.humhub.com/licences
+ *
+ */
+
+namespace enterprise\acceptance\modules\emailwhitelist;
+
+use Yii;
+use humhub\modules\space\models\Space;
+use FunctionalTester;
+
+class DeleteSpaceCest
+{
+    
+    public function testOwnerDeletion(FunctionalTester $I)
+    {
+        $I->wantTo('ensure the owner of the space is able to delete the space');
+        $I->amUser();
+        $space = $this->createSpace();
+        $I->amOnRoute('/space/manage/default/delete', ['sguid' => $space->guid]);
+        $I->canSeeResponseCodeIs(200);
+    }
+
+    public function testMemberDeletion(FunctionalTester $I)
+    {
+        $I->wantTo('ensure a member of the space is not able to delete the space');
+        $I->amUser1();
+        // User1 is member of Space3
+        $I->amOnRoute('/space/manage/default/delete', ['sguid' =>'5396d499-20d6-4233-800b-c6c86e5fa34c']);
+        $I->canSeeResponseCodeIs(403);
+    }
+
+    public function testSystemAdminDeletion(FunctionalTester $I)
+    {
+        $I->wantTo('ensure a system admin is able to delete the space');
+        $I->amAdmin();
+        // User1 is member of Space3
+        $I->amOnRoute('/space/manage/default/delete', ['sguid' =>'5396d499-20d6-4233-800b-c6c86e5fa34c']);
+        $I->canSeeResponseCodeIs(200);
+    }
+
+    public function testAdminDeletion(FunctionalTester $I)
+    {
+        $I->wantTo('ensure a simple space admin is not able to delete the space');
+        $I->amUser1();
+        // User1 is admin of Space4
+        $I->amOnRoute('/space/manage/default/delete', ['sguid' =>'5396d499-20d6-4233-800b-c6c86e5fa34d']);
+        $I->canSeeResponseCodeIs(403);
+    }
+    
+    private function createSpace()
+    {
+        $space = new Space([
+            'name' => 'DeleteSpaceTest'
+        ]);
+
+        $space->created_by = Yii::$app->user->getId();
+        $space->save();
+
+        return $space;
+    }
+
+
+}
--- a/protected/humhub/tests/codeception/_support/_generated/UnitTesterActions.php
+++ b/protected/humhub/tests/codeception/_support/_generated/UnitTesterActions.php
@ -1,4 +1,4 @@
-<?php  //[STAMP] f9ed9aa7fd682776d6da0937c3035ef3
+<?php  //[STAMP] b7022a07eb89fcf11fbefbc08b0b59b6
 namespace _generated;

 // This class was automatically generated by build task