Merge branch 'feature-group-permissions' into develop

hughbris · Nov 11, 2022 · 72807ec · 72807ec
2 parents ebf0bf0 + 9b18854
commit 72807ec
Show file tree

Hide file tree

Showing 5 changed files with 42 additions and 19 deletions.
diff --git a/README.md b/README.md
@@ -108,7 +108,7 @@ There are lots of moving parts in this pipeline and it pays to set them up and t
 ✔ Test this by checking the Git repository status with your Git client (`git status` or using a front end).
 
 #### You are logged into Admin with sufficient permissions
-🦆 A group permission to allow publishing access is high on the TODO list. For now, log in as a super user.
+🦆 You must be logged in as a user in the group 'publishers'.
 
 ✔ Refresh any Admin page and see if "Publishing" or "Publish" comes up in the side menu.
 

diff --git a/admin/templates/publish.html.twig b/admin/templates/publish.html.twig
@@ -5,19 +5,23 @@
 {% endif %}
 
 {% block titlebar %}
-	<div class="button-bar">
-		<a class="button" id="publish">
-			<i class="fa fa-fw fa-upload"></i>Publish</a>
-	</div>
+	{% if isAuthorised %}
+		<div class="button-bar">
+			<a class="button" id="publish">
+				<i class="fa fa-fw fa-upload"></i>Publish</a>
+		</div>
+	{% endif %}
+
 	<h1>
 		<i class="fa fa-fw fa-upload"></i>
 		Publishing
 	</h1>
 {% endblock %}
 
 {% block content %}
-	<div class="pushy">
-		<h1>List of changed items</h1>
+	{% if isAuthorised %}
+		<div class="pushy">
+			<h1>List of changed items</h1>
 
 		<table>
 			<thead>
@@ -32,11 +36,10 @@
 			<input id="summary" type="text">
 			<div id="summary-alert" class="">Summary should be provided</div>
 		</div>
-		<div class="message-description">
-			<label for="description">Optional description:</label>
-			<textarea id="description" rows="3"></textarea>
+	{% else %}
+		<div id="messages" class="top-notifications-container default-box-shadow">
+			<div class="single-notification info alert hidden" data-gpm-grav=""></div>
+			<div class="error alert">You have insufficient permissions for Publishing.</div>
 		</div>
-		</div>
-
-	</div>
+	{% endif %}
 {% endblock %}
diff --git a/permissions.yaml b/permissions.yaml
@@ -0,0 +1,3 @@
+actions:
+  admin.publisher:
+    label: Publish pages
diff --git a/pushy.php b/pushy.php
@@ -8,6 +8,8 @@
 use Grav\Common\Plugin;
 use Grav\Common\Page\Page;
 use Grav\Common\Uri;
+use Grav\Events\PermissionsRegisterEvent;
+use Grav\Framework\Acl\PermissionsReader;
 use Grav\Framework\DI\Container;
 use Grav\Plugin\Pushy\RequestHandler;
 use RocketTheme\Toolbox\Event\Event;
@@ -61,9 +63,9 @@ public function init(): void
 	 */
 	public function onPluginsInitialized(): void
 	{
-		$this->init();
-
 		if ($this->isAdmin()) {
+			$this->init();
+
 			if ($this->isOnRoute()) {
 				/** @var RequestHandler */
 				$requestHandler = new RequestHandler();
@@ -80,6 +82,7 @@ public function onPluginsInitialized(): void
 				'onAdminMenu' => ['showPublishingMenu', 0],
 				'onTwigSiteVariables' => ['setTwigSiteVariables', 0],
 				'onAssetsInitialized' => ['onAssetsInitialized', 0],
+				PermissionsRegisterEvent::class => ['onRegisterPermissions', 0],
 			]);
 		} else {
 			$this->enable([
@@ -98,6 +101,17 @@ public function setAdminTwigTemplatePaths(Event $event): void
 		$event['paths'] = $paths;
 	}
 
+	/**
+	 * Register new permission to list of permissions for Account and Group
+	 */
+	public function onRegisterPermissions(PermissionsRegisterEvent $event): void
+    {
+        $actions = PermissionsReader::fromYaml("plugin://{$this->name}/permissions.yaml");
+
+        $permissions = $event->permissions;
+        $permissions->addActions($actions);
+    }
+
 	/**
 	 * Show the publishing menu item(s) in Admin
 	 */
@@ -115,10 +129,10 @@ public function showPublishingMenu(): void
 
 		$options = [
 			'hint' => $isInitialized ? 'Publish' : 'Publication settings',
-			'location' => 'pages',
 			'route' => $isInitialized ? $this->admin_route : "plugins/{$this->name}",
 			'icon' => 'fa-' . ($isInitialized ? $this->grav['plugins']->get($this->name)->blueprints()->get('icon') : 'cog'),
 			'badge' => $count,
+			'authorize' => ['admin.publisher'],
 
 			// 'class' => '',
 			// 'data' => [],
@@ -138,10 +152,13 @@ public function setTwigSiteVariables(): void
 		$isInitialized = GitUtils::isGitInitialized();
 		// TODO: test for GitUtils::isGitInstalled() - make a wrapper for these two funcs since we're checking them twice now
 
+		$twig = $this->grav['twig'];
+
 		if ($isInitialized && $route == $publish_path) {
-			$twig = $this->grav['twig'];
 			$twig->twig_vars['git_index'] = $this->repo->statusSelect(); # TRUE, $env='index', $select='MTDRCA');
 		}
+
+		$twig->twig_vars['isAuthorised'] = $this->grav['user']->authorize('admin.publisher');
 	}
 
 	public function serveHooks(): void {
@@ -393,7 +410,7 @@ private function parsePayload($payload, $component)
 	 */
 	public function onAssetsInitialized(): void
 	{
-		if (!$this->isOnRoute()) {
+		if (!$this->isOnRoute() || !$this->grav['user']->authorize('admin.publisher')) {
 			return;
 		}
 

diff --git a/pushy.yaml b/pushy.yaml
@@ -13,4 +13,4 @@ webhooks:
       # run: # run this custom job when valid requests are received
       # conditions: # optionally add some conditions on when to trigger the custom job
         # branch: # only on this branch of the commit
-        # committer: # email of the git committer
+        # committer: # email of the git committer