RoleForm: Don't hide permissions/restrictions in admin roles
resolves #4068
This commit is contained in:
Johannes Meyer
parent
53388a3940
commit
c2efbbdafc
|
|
@ -178,7 +178,7 @@ class RoleForm extends RepositoryForm
|
|||
]
|
||||
);
|
||||
|
||||
if (! isset($formData[self::WILDCARD_NAME]) || ! $formData[self::WILDCARD_NAME]) {
|
||||
$hasAdminPerm = isset($formData[self::WILDCARD_NAME]) && $formData[self::WILDCARD_NAME];
|
||||
foreach ($this->providedPermissions as $moduleName => $permissionList) {
|
||||
$this->sortPermissions($permissionList);
|
||||
|
||||
|
|
@ -202,15 +202,20 @@ class RoleForm extends RepositoryForm
|
|||
|
||||
$hasFullPerm = false;
|
||||
foreach ($permissionList as $name => $spec) {
|
||||
$elements[] = $name;
|
||||
$elementName = $name;
|
||||
if ($hasFullPerm || $hasAdminPerm) {
|
||||
$elementName .= '_fake';
|
||||
}
|
||||
|
||||
$elements[] = $elementName;
|
||||
$this->addElement(
|
||||
'checkbox',
|
||||
$name,
|
||||
$elementName,
|
||||
[
|
||||
'ignore' => isset($spec['isUsagePerm']) ? false : $hasFullPerm,
|
||||
'ignore' => $hasFullPerm || $hasAdminPerm,
|
||||
'autosubmit' => isset($spec['isFullPerm']),
|
||||
'disabled' => $hasFullPerm ?: null,
|
||||
'value' => $hasFullPerm,
|
||||
'disabled' => $hasFullPerm || $hasAdminPerm ?: null,
|
||||
'value' => $hasFullPerm || $hasAdminPerm,
|
||||
'label' => preg_replace(
|
||||
// Adds a zero-width char after each slash to help browsers break onto newlines
|
||||
'~(?<!<)/~',
|
||||
|
|
@ -220,9 +225,15 @@ class RoleForm extends RepositoryForm
|
|||
'description' => isset($spec['description']) ? $spec['description'] : $spec['name']
|
||||
]
|
||||
)
|
||||
->getElement($name)
|
||||
->getElement($elementName)
|
||||
->getDecorator('Label')
|
||||
->setOption('escape', false);
|
||||
|
||||
if ($hasFullPerm || $hasAdminPerm) {
|
||||
// Add a hidden element to preserve the configured permission value
|
||||
$this->addElement('hidden', $name);
|
||||
}
|
||||
|
||||
if (isset($spec['isFullPerm'])) {
|
||||
$hasFullPerm = isset($formData[$name]) && $formData[$name];
|
||||
}
|
||||
|
|
@ -267,15 +278,6 @@ class RoleForm extends RepositoryForm
|
|||
]
|
||||
]);
|
||||
}
|
||||
} else {
|
||||
// Previously it was possible to define restrictions for super users, so make sure
|
||||
// to not remove any restrictions which were set before the enforced separation
|
||||
foreach ($this->providedRestrictions as $restrictionList) {
|
||||
foreach ($restrictionList as $name => $_) {
|
||||
$this->addElement('hidden', $name);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
protected function createDeleteElements(array $formData)
|
||||
|
|
@ -293,7 +295,7 @@ class RoleForm extends RepositoryForm
|
|||
'name' => $role->name,
|
||||
'users' => $role->users,
|
||||
'groups' => $role->groups,
|
||||
self::WILDCARD_NAME => $role->permissions === '*'
|
||||
self::WILDCARD_NAME => (bool) preg_match('~(?<!/)\*~', $role->permissions)
|
||||
];
|
||||
|
||||
if (! empty($role->permissions) && $role->permissions !== '*') {
|
||||
|
|
@ -334,7 +336,8 @@ class RoleForm extends RepositoryForm
|
|||
$permissions = [];
|
||||
if (isset($values[self::WILDCARD_NAME]) && $values[self::WILDCARD_NAME]) {
|
||||
$permissions[] = '*';
|
||||
} else {
|
||||
}
|
||||
|
||||
foreach ($this->providedPermissions as $moduleName => $permissionList) {
|
||||
foreach ($permissionList as $name => $spec) {
|
||||
if (isset($values[$name]) && $values[$name]) {
|
||||
|
|
@ -344,7 +347,6 @@ class RoleForm extends RepositoryForm
|
|||
unset($values[$name]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
unset($values[self::WILDCARD_NAME]);
|
||||
$values['permissions'] = join(',', $permissions);
|
||||
|
|
|
|||
Loading…
Reference in New Issue