mirror_php/humhub
1
0
Fork 0
mirror of https://github.com/humhub/humhub.git synced 2025-01-17 06:08:21 +01:00
Code Issues Projects Releases Wiki Activity

Fix: Added ManageSpaces and SystemAdmin check to UserGroupAccessValidator

Browse Source
This commit is contained in:
buddh4 2017-11-10 18:08:08 +01:00
parent 83c6b7de31
commit b0e2999eea
6 changed files with 96 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
protected/humhub/docs/CHANGELOG.md
View File

@ -1,5 +1,8 @@
HumHub Change Log HumHub Change Log
================= =================
1.2.4
-------------------------
- Fix: Added `ManageSpaces` and SystemAdmin check to `UserGroupAccessValidator`.
1.2.3 (October 23, 2017) 1.2.3 (October 23, 2017)
------------------------- -------------------------

31
protected/humhub/modules/content/components/UserGroupAccessValidator.php
View File

@ -5,20 +5,15 @@
* @license https://www.humhub.com/licences * @license https://www.humhub.com/licences
* *
*/ */
/**
* Created by PhpStorm.
* User: buddha
* Date: 30.07.2017
* Time: 04:04
*/
namespace humhub\modules\content\components; namespace humhub\modules\content\components;
use humhub\components\access\ActionAccessValidator; use humhub\components\access\ActionAccessValidator;
use humhub\libs\BasePermission; use humhub\libs\BasePermission;
use humhub\modules\admin\permissions\ManageSpaces;
use humhub\modules\space\models\Space; use humhub\modules\space\models\Space;
use humhub\modules\user\components\PermissionManager;
use humhub\modules\user\models\User; use humhub\modules\user\models\User;
use Yii; use Yii;
use yii\base\InvalidParamException; use yii\base\InvalidParamException;
@ -52,6 +47,10 @@ class UserGroupAccessValidator extends ActionAccessValidator
protected function validate($rule) protected function validate($rule)
{ {
if($this->globalPermissionCheck()) {
return true;
}
if (isset($rule[$this->name]) && !empty($rule[$this->name])) { if (isset($rule[$this->name]) && !empty($rule[$this->name])) {
$allowedGroups = is_string($rule[$this->name]) ? [$rule[$this->name]] : $rule[$this->name]; $allowedGroups = is_string($rule[$this->name]) ? [$rule[$this->name]] : $rule[$this->name];
$userGroup = $this->contentContainer->getUserGroup($this->access->user); $userGroup = $this->contentContainer->getUserGroup($this->access->user);
@ -72,6 +71,22 @@ class UserGroupAccessValidator extends ActionAccessValidator
throw new InvalidParamException('Invalid userGroup rule provided for action ' . $this->action); throw new InvalidParamException('Invalid userGroup rule provided for action ' . $this->action);
} }
/**
* Checks if the current user has the default permission to access contentcontainer related actions.
*
* @return bool
*/
protected function globalPermissionCheck()
{
if(!$this->access->user) {
return false;
}
$userPermissionManager = new PermissionManager(['subject' => $this->access->user]);
return ($this->access->user->isSystemAdmin())
|| ($this->contentContainer instanceof Space && $userPermissionManager->can(ManageSpaces::class));
}
public function getUserGroupLevel($userGroup) public function getUserGroupLevel($userGroup)
{ {
$userGroupLevelArr = ($this->contentContainer instanceof Space) ? $this->spaceGroupLevel : $this->profileGroupLevel; $userGroupLevelArr = ($this->contentContainer instanceof Space) ? $this->spaceGroupLevel : $this->profileGroupLevel;

2
protected/humhub/modules/space/tests/codeception/_support/_generated/FunctionalTesterActions.php
View File

@ -1,4 +1,4 @@
<?php //[STAMP] 41e34d3aa7c4ea3fcf95f14b02bbdcf7 <?php //[STAMP] 069cb24e38529f66c4e443b781666210
namespace space\_generated; namespace space\_generated;
// This class was automatically generated by build task // This class was automatically generated by build task

2
protected/humhub/modules/space/tests/codeception/fixtures/data/space.php
View File

@ -21,6 +21,6 @@ return array(
array('id' => '1', 'guid' => '5396d499-20d6-4233-800b-c6c86e5fa34a', 'name' => 'Space 1', 'contentcontainer_id' => '4', 'description' => 'Space by Admin', 'join_policy' => '1', 'visibility' => '2', 'status' => '1', 'tags' => NULL, 'created_at' => '2014-08-08 05:36:04', 'created_by' => '1', 'updated_at' => '2014-08-08 05:36:04', 'updated_by' => '1', 'ldap_dn' => NULL, 'auto_add_new_members' => '0'), array('id' => '1', 'guid' => '5396d499-20d6-4233-800b-c6c86e5fa34a', 'name' => 'Space 1', 'contentcontainer_id' => '4', 'description' => 'Space by Admin', 'join_policy' => '1', 'visibility' => '2', 'status' => '1', 'tags' => NULL, 'created_at' => '2014-08-08 05:36:04', 'created_by' => '1', 'updated_at' => '2014-08-08 05:36:04', 'updated_by' => '1', 'ldap_dn' => NULL, 'auto_add_new_members' => '0'),
array('id' => '2', 'guid' => '5396d499-20d6-4233-800b-c6c86e5fa34b', 'name' => 'Space 2', 'contentcontainer_id' => '5', 'description' => 'User 1 Space', 'join_policy' => '2', 'visibility' => '2', 'status' => '1', 'tags' => NULL, 'created_at' => '2014-08-08 05:36:04', 'created_by' => '2', 'updated_at' => '2014-08-08 05:36:04', 'updated_by' => '2', 'ldap_dn' => NULL, 'auto_add_new_members' => '0'), array('id' => '2', 'guid' => '5396d499-20d6-4233-800b-c6c86e5fa34b', 'name' => 'Space 2', 'contentcontainer_id' => '5', 'description' => 'User 1 Space', 'join_policy' => '2', 'visibility' => '2', 'status' => '1', 'tags' => NULL, 'created_at' => '2014-08-08 05:36:04', 'created_by' => '2', 'updated_at' => '2014-08-08 05:36:04', 'updated_by' => '2', 'ldap_dn' => NULL, 'auto_add_new_members' => '0'),
array('id' => '3', 'guid' => '5396d499-20d6-4233-800b-c6c86e5fa34c', 'name' => 'Space 3', 'contentcontainer_id' => '6', 'description' => 'Another User 1 Space', 'join_policy' => '2', 'visibility' => '2', 'status' => '1', 'tags' => NULL, 'created_at' => '2014-08-08 05:36:04', 'created_by' => '1', 'updated_at' => '2014-08-08 05:36:04', 'updated_by' => '2', 'ldap_dn' => NULL, 'auto_add_new_members' => '1'), array('id' => '3', 'guid' => '5396d499-20d6-4233-800b-c6c86e5fa34c', 'name' => 'Space 3', 'contentcontainer_id' => '6', 'description' => 'Another User 1 Space', 'join_policy' => '2', 'visibility' => '2', 'status' => '1', 'tags' => NULL, 'created_at' => '2014-08-08 05:36:04', 'created_by' => '1', 'updated_at' => '2014-08-08 05:36:04', 'updated_by' => '2', 'ldap_dn' => NULL, 'auto_add_new_members' => '1'),
array('id' => '4', 'guid' => '5396d499-20d6-4233-800b-c6c86e5fa34d', 'name' => 'Space 4', 'contentcontainer_id' => '7', 'description' => 'User 1/2 Space', 'join_policy' => '2', 'visibility' => '2', 'status' => '1', 'tags' => NULL, 'created_at' => '2014-08-08 05:36:04', 'created_by' => '2', 'updated_at' => '2014-08-08 05:36:04', 'updated_by' => '2', 'ldap_dn' => NULL, 'auto_add_new_members' => '1') array('id' => '4', 'guid' => '5396d499-20d6-4233-800b-c6c86e5fa34d', 'name' => 'Space 4', 'contentcontainer_id' => '7', 'description' => 'User 1/2 Space', 'join_policy' => '2', 'visibility' => '2', 'status' => '1', 'tags' => NULL, 'created_at' => '2014-08-08 05:36:04', 'created_by' => '1', 'updated_at' => '2014-08-08 05:36:04', 'updated_by' => '2', 'ldap_dn' => NULL, 'auto_add_new_members' => '1')
); );

67
protected/humhub/modules/space/tests/codeception/functional/DeleteSpaceCest.php Normal file
View File

@ -0,0 +1,67 @@
<?php
/**
* @link https://www.humhub.org/
* @copyright Copyright (c) 2017 HumHub GmbH & Co. KG
* @license https://www.humhub.com/licences
*
*/
namespace enterprise\acceptance\modules\emailwhitelist;
use Yii;
use humhub\modules\space\models\Space;
use FunctionalTester;
class DeleteSpaceCest
{
public function testOwnerDeletion(FunctionalTester $I)
{
$I->wantTo('ensure the owner of the space is able to delete the space');
$I->amUser();
$space = $this->createSpace();
$I->amOnRoute('/space/manage/default/delete', ['sguid' => $space->guid]);
$I->canSeeResponseCodeIs(200);
}
public function testMemberDeletion(FunctionalTester $I)
{
$I->wantTo('ensure a member of the space is not able to delete the space');
$I->amUser1();
// User1 is member of Space3
$I->amOnRoute('/space/manage/default/delete', ['sguid' =>'5396d499-20d6-4233-800b-c6c86e5fa34c']);
$I->canSeeResponseCodeIs(403);
}
public function testSystemAdminDeletion(FunctionalTester $I)
{
$I->wantTo('ensure a system admin is able to delete the space');
$I->amAdmin();
// User1 is member of Space3
$I->amOnRoute('/space/manage/default/delete', ['sguid' =>'5396d499-20d6-4233-800b-c6c86e5fa34c']);
$I->canSeeResponseCodeIs(200);
}
public function testAdminDeletion(FunctionalTester $I)
{
$I->wantTo('ensure a simple space admin is not able to delete the space');
$I->amUser1();
// User1 is admin of Space4
$I->amOnRoute('/space/manage/default/delete', ['sguid' =>'5396d499-20d6-4233-800b-c6c86e5fa34d']);
$I->canSeeResponseCodeIs(403);
}
private function createSpace()
{
$space = new Space([
'name' => 'DeleteSpaceTest'
]);
$space->created_by = Yii::$app->user->getId();
$space->save();
return $space;
}
}

2
protected/humhub/tests/codeception/_support/_generated/UnitTesterActions.php
View File

@ -1,4 +1,4 @@
<?php //[STAMP] f9ed9aa7fd682776d6da0937c3035ef3 <?php //[STAMP] b7022a07eb89fcf11fbefbc08b0b59b6
namespace _generated; namespace _generated;
// This class was automatically generated by build task // This class was automatically generated by build task