diff --git a/protected/humhub/modules/content/components/ContentActiveRecord.php b/protected/humhub/modules/content/components/ContentActiveRecord.php index c395419e2a..27099b38f2 100644 --- a/protected/humhub/modules/content/components/ContentActiveRecord.php +++ b/protected/humhub/modules/content/components/ContentActiveRecord.php @@ -613,7 +613,7 @@ class ContentActiveRecord extends ActiveRecord implements ContentOwner, Movable { if ($user && !$user->is(Yii::$app->user->getIdentity())) { return new ContentPermissionManager([ - 'content' => $this, + 'model' => $this, 'subject' => $user ]); } @@ -623,7 +623,7 @@ class ContentActiveRecord extends ActiveRecord implements ContentOwner, Movable } return $this->permissionManager = new ContentPermissionManager([ - 'content' => $this + 'model' => $this ]); } } diff --git a/protected/humhub/modules/content/components/ContentPermissionManager.php b/protected/humhub/modules/content/components/ContentPermissionManager.php index 10c501db95..beb1b694b3 100644 --- a/protected/humhub/modules/content/components/ContentPermissionManager.php +++ b/protected/humhub/modules/content/components/ContentPermissionManager.php @@ -9,10 +9,7 @@ use yii\base\InvalidArgumentException; class ContentPermissionManager extends AbstractPermissionManager { - /** - * @var ContentActiveRecord - */ - public $content; + public ContentActiveRecord $model; protected function verify(BasePermission $permission) { @@ -21,6 +18,10 @@ class ContentPermissionManager extends AbstractPermissionManager throw new InvalidArgumentException(get_class($permission) . ' must be instance of ' . AbstractContentPermission::class); } - return $permission->verify($this->content, $this->getSubject()); + if (!isset($permission->model)) { + $permission->model = $this->model; + } + + return $permission->verify($this->getSubject()); } } diff --git a/protected/humhub/modules/content/permissions/AbstractContentPermission.php b/protected/humhub/modules/content/permissions/AbstractContentPermission.php index de402245cd..a0b2a37588 100644 --- a/protected/humhub/modules/content/permissions/AbstractContentPermission.php +++ b/protected/humhub/modules/content/permissions/AbstractContentPermission.php @@ -4,9 +4,27 @@ namespace humhub\modules\content\permissions; use humhub\components\permission\BasePermission; use humhub\modules\content\components\ContentActiveRecord; +use humhub\modules\content\components\ContentContainerActiveRecord; +use humhub\modules\content\models\Content; use humhub\modules\user\models\User; +/** + * @property-read Content $content + * @property-read ContentContainerActiveRecord $container + */ abstract class AbstractContentPermission extends BasePermission { - abstract public function verify(ContentActiveRecord $content, ?User $user): bool; + public ContentActiveRecord $model; + + abstract public function verify(?User $user = null): bool; + + public function getContent(): ?Content + { + return $this->model instanceof ContentActiveRecord ? $this->model->content : null; + } + + public function getContainer(): ?ContentContainerActiveRecord + { + return $this->content instanceof Content ? $this->content->container : null; + } } diff --git a/protected/humhub/modules/content/permissions/CanEditContent.php b/protected/humhub/modules/content/permissions/CanEditContent.php index 048169ed9d..0e03fedf06 100644 --- a/protected/humhub/modules/content/permissions/CanEditContent.php +++ b/protected/humhub/modules/content/permissions/CanEditContent.php @@ -21,14 +21,14 @@ use Yii; class CanEditContent extends AbstractContentPermission { - public function verify(ContentActiveRecord $content, ?User $user): bool + public function verify(?User $user = null): bool { if ($user === null) { return false; } // Only owner can edit his content - if ($content->content->created_by == $user->id) { + if ($this->content->created_by == $user->id) { return true; } @@ -38,18 +38,18 @@ class CanEditContent extends AbstractContentPermission } // Check additional manage permission for the given container - if ($content->content->container) { - if ($content->isNewRecord && $content->hasCreatePermission() && $content->content->container->getPermissionManager($user)->can($content->getCreatePermission())) { + if ($this->container) { + if ($this->model->isNewRecord && $this->model->hasCreatePermission() && $this->container->getPermissionManager($user)->can($this->model->getCreatePermission())) { return true; } - if (!$content->isNewRecord && $content->hasManagePermission() && $content->content->container->getPermissionManager($user)->can($content->getManagePermission())) { + if (!$this->model->isNewRecord && $this->model->hasManagePermission() && $this->container->getPermissionManager($user)->can($this->model->getManagePermission())) { return true; } } // Check if underlying models canEdit implementation // ToDo: Implement this as interface - if (method_exists($content, 'canEdit') && $content->canEdit($user)) { + if (method_exists($this->model, 'canEdit') && $this->model->canEdit($user)) { return true; } diff --git a/protected/humhub/modules/content/permissions/CanViewContent.php b/protected/humhub/modules/content/permissions/CanViewContent.php index 30fd017f86..a6f0f060aa 100644 --- a/protected/humhub/modules/content/permissions/CanViewContent.php +++ b/protected/humhub/modules/content/permissions/CanViewContent.php @@ -13,26 +13,26 @@ use humhub\modules\user\models\User; class CanViewContent extends AbstractContentPermission { - public function verify(ContentActiveRecord $content, ?User $user): bool + public function verify(?User $user = null): bool { // Check global content visibility, private global content is visible for all users - if (empty($content->content->contentcontainer_id) && $user !== null) { + if (empty($this->content->contentcontainer_id) && $user !== null) { return true; } // Check Guest Visibility if (!$user) { - return $this->checkGuestAccess($content); + return $this->checkGuestAccess(); } // User can access own content - if ($content->content->created_by == $user->id) { + if ($this->content->created_by == $user->id) { return true; } // Public visible content - if ($content->content->isPublic()) { + if ($this->content->isPublic()) { return true; } @@ -41,9 +41,9 @@ class CanViewContent extends AbstractContentPermission return true; } - return $content->content->isPrivate() && - $content->content->container !== null && - $content->content->container->canAccessPrivateContent($user); + return $this->content->isPrivate() && + $this->container !== null && + $this->container->canAccessPrivateContent($user); } /** @@ -56,23 +56,23 @@ class CanViewContent extends AbstractContentPermission * * @return bool */ - private function checkGuestAccess(ContentActiveRecord $content): bool + private function checkGuestAccess(): bool { - if (!$content->content->isPublic() || !AuthHelper::isGuestAccessEnabled()) { + if (!$this->content->isPublic() || !AuthHelper::isGuestAccessEnabled()) { return false; } // Global content - if (!$content->content->container) { - return $content->content->isPublic(); + if (!$this->container) { + return true; } - if ($content->content->container instanceof Space) { - return $content->content->isPublic() && $content->content->container->visibility == Space::VISIBILITY_ALL; + if ($this->container instanceof Space) { + return $this->container->visibility == Space::VISIBILITY_ALL; } - if ($content->content->container instanceof User) { - return $content->content->isPublic() && $content->content->container->visibility == User::VISIBILITY_ALL; + if ($this->container instanceof User) { + return $this->container->visibility == User::VISIBILITY_ALL; } return false;